A week before becoming secretary of state, Hillary Clinton set up a private e-mail system that gave her a high level of control over communications, including the ability to erase messages completely, according to security experts who have examined Internet records.
It took less than a day for researchers to find potential problems with the Clinton’s system.
Using a scanning tool called Fierce that he developed, Robert Hansen, a web-application security specialist, found what he said were the addresses for Microsoft Outlook Web access server used by Clinton’s e-mail service, and the virtual private network used to download e-mail over an encrypted connection. If hackers located those links, they could search for weaknesses and intercept traffic, according to security experts.
Using those addresses, McGeorge discovered that the certificate appearing on the site Tuesday appeared to be the factory default for the security appliance, made by Fortinet Inc., running the service.
Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.