Hackers, probing Clinton server, cite security lapses

American · Mar 13, 2015

Hackers, probing Clinton server, cite security lapses | Fox News

Stirred by the controversy surrounding Hillary Clinton’s use of a private email server when she was secretary of state, a determined band of hackers, IT bloggers, and systems analysts have trained their specialized talents and state-of-the-art software on clintonemail.com, the domain under which Clinton established multiple private email accounts, and uncovered serious lapses in security, according to data shared with Fox News.

The findings call into question Clinton’s confident declaration, at a hastily arranged news conference in New York on Tuesday, that “there were no security breaches” in her use of a private server. One prominent figure in the hacker community, bolstered by long experience in the U.S. intelligence community, has undertaken to build a virtual “replica” of Clinton’s server configuration in a cyberlab, and has begun testing it with tools designed to probe security defenses. This individual has shared details of the Clinton system not disclosed publicly but legally obtainable.

There's a second reason beyond accountability for why this was wrong, SECURITY.

Simon W. Moon · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News
There's a second reason beyond accountability for why this was wrong, SECURITY.

What would be useful info would be lapses in SOP in her server vs the lapses in the server she would have been using otherwise.

A list of lapses of one or the other [clinton's vs the State] by itself isn't particularly informative as what level of risk was increased or avoided.
We actually need an analysis of both of them.

It's not a foregone conclusion that the govt run server is totally up to w/e standard.

:shrug:

American · Mar 13, 2015

Simon W. Moon said:
What would be useful info would be lapses in SOP in her server vs the lapses in the server she would have been using otherwise.

A list of lapses of one or the other [clinton's vs the State] by itself isn't particularly informative as what level of risk was increased or avoided.
We actually need an analysis of both of them.

It's not a foregone conclusion that the govt run server is totally up to w/e standard.

:shrug:

It's a matter of policy that the govt control govt email. No way am I going to getting into an argument comparing security. Apparently her sever has already been shown to be a PoS anyway, so I don't think that bodes well for her having her own server.

Simon W. Moon · Mar 13, 2015

American said:
It's a matter of policy that the govt control govt email. No way am I going to getting into an argument comparing security. Apparently her sever has already been shown to be a PoS anyway, so I don't think that bodes well for her having her own server.

It's possible that the clinton server was more secure than the gov alternative.
If that was the case it would seem that there's not really a case to be made that the clinton server represents a decrease in security.
We cannot compare the security status of the two possible servers with information only on one server.
At least I cannot.
ymmv.

What has been shown is current status of a server which the article indicates has probably been deprecated.

This too is different than the relative security status of the server when it was in use.

The article is breathless but doesn't actually provide us the info needed to reach the conclusions you and the article seem to want us to reach.

tres borrachos · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News

There's a second reason beyond accountability for why this was wrong, SECURITY.

So Hillary did a complete investigation, and declared her server was breach free. Damn, places like Target, Sony and Yahoo might want to hire Hillary to be in charge of their Security groups. That woman is amazing, what she can do.

American · Mar 13, 2015

Simon W. Moon said:
It's possible that the clinton server was more secure than the gov alternative.
If that was the case it would seem that there's not really a case to be made that the clinton server represents a decrease in security.
We cannot compare the security status of the two possible servers with information only on one server.
At least I cannot.
ymmv.

What has been shown is current status of a server which the article indicates has probably been deprecated.

This too is different than the relative security status of the server when it was in use.

The article is breathless but doesn't actually provide us the info needed to reach the conclusions you and the article seem to want us to reach.

Are you serious hunting for excuses to get them off the hook? Really? If you can't see the falacy in what she did for all kinds of reasons, there's nothing for us to talk about. You can plainly see the wrong in it from an ethics perspective alone, then security, then breaking govt policy.

Simon W. Moon · Mar 13, 2015

American said:
Are you serious hunting for excuses to get them off the hook? Really?

Pointing out that the argument which has been presented is flawed is not the same thing as approving of what Clinton did.
Nor is it the same thing as trying to excuse what Clinton has done.
It merely is what it is--pointing out that the argument presented is incomplete at best.

:shrug:

American · Mar 13, 2015

Simon W. Moon said:
Pointing out that the argument which has been presented is flawed is not the same thing as approving of what Clinton did.
Nor is it the same thing as trying to excuse what Clinton has done.
It merely is what it is--pointing out that the argument presented is incomplete at best.

:shrug:

How is it flawed?

Perhaps most concerning, private analysts determined that clintonemail.com has been running an older model of Microsoft Internet Information Services, or IIS – specifically version 7.5, which has been documented to leave users exposed on multiple fronts. The website CVEDetails.com, which bills itself as “the ultimate security vulnerability datasource,” is awash with descriptions of serious security vulnerabilities associated with version 7.5, including “memory corruption,” “password disclosure vulnerability,” and the enabling of “remote attackers to execute arbitrary code or cause a denial of service.”

The cyberlab technician who discovered the Clintons’ use of version 7.5 marveled at “the vulnerabilities the Clintons are ignoring” in an email to Fox News. “This is a big deal and just the thing real-world hackers look for in a target and will exploit to the max,” the source said.

What we have here is amateur hour at the Clinton email server complex. So you're serious going to question whether the government's servers at State are just as or more vulnerable than this?

Lovebug · Mar 13, 2015

tres borrachos said:
So Hillary did a complete investigation, and declared her server was breach free. Damn, places like Target, Sony and Yahoo might want to hire Hillary to be in charge of their Security groups. That woman is amazing, what she can do.

If elected Prez, she will also take on ISIS personally, fly her own plane into the conflict zones.
I don't know if the woman is just too conceded and narcissistic, or just too darn gullible. And is she really the best we, as a nation and regardless of party, can come up with?

jmotivator · Mar 13, 2015

Simon W. Moon said:
What would be useful info would be lapses in SOP in her server vs the lapses in the server she would have been using otherwise.

A list of lapses of one or the other [clinton's vs the State] by itself isn't particularly informative as what level of risk was increased or avoided.
We actually need an analysis of both of them.

It's not a foregone conclusion that the govt run server is totally up to w/e standard.

:shrug:

Good Idea, let's do a full probe of the State Email and if it is as lacking as Clinton's server then the manager of that system shouldn't be allowed to work for the government either.

Simon W. Moon · Mar 13, 2015

American said:
How is it flawed?

Simon W. Moon said:
What would be useful info would be lapses in SOP in her server vs the lapses in the server she would have been using otherwise.

A list of lapses of one or the other [clinton's vs the State] by itself isn't particularly informative as what level of risk was increased or avoided.
We actually need an analysis of both of them.

It's not a foregone conclusion that the govt run server is totally up to w/e standard.

:shrug:

Simon W. Moon said:
It's possible that the clinton server was more secure than the gov alternative.
If that was the case it would seem that there's not really a case to be made that the clinton server represents a decrease in security.
We cannot compare the security status of the two possible servers with information only on one server.
At least I cannot.
ymmv.

What has been shown is current status of a server which the article indicates has probably been deprecated.

This too is different than the relative security status of the server when it was in use.

The article is breathless but doesn't actually provide us the info needed to reach the conclusions you and the article seem to want us to reach.

American said:
What we have here is amateur hour at the Clinton email server complex. So you're serious going to question whether the government's servers at State are just as or more vulnerable than this?

It seems that you and the article are asking us to compare the current state of what your article indicates is a deprecated server with nothing and reaching the conclusion that years ago it was less secure than something for which we have no data provided.

imho, that seems to be an obvious case of an incomplete argument.
You're free to find that as compelling as you like.

What I would find a compelling case would be something more along the lines of

the relative security status of the clinton server during the time period in question
compared to the
relative security status of the gov server during the time period in question

imho that info would be necessary to reach the conclusion that the gov server was more secure at the time

:shrug:

Simon W. Moon · Mar 13, 2015

jmotivator said:
Good Idea, let's do a full probe of the State Email and if it is as lacking as Clinton's server then the manager of that system shouldn't be allowed to work for the government either.

Why not?
Network security's a big deal even though it does not seem to be fully appreciated by the people who make the funding decisions.

The info we need to help along the argument presented in the OP would be the info from both sets of servers for the time period under discussion.

jmotivator · Mar 13, 2015

Simon W. Moon said:
Why not?
Network security's a big deal even though it does not seem to be fully appreciated by the people who make the funding decisions.

The info we need to help along the argument presented in the OP would be the info from both sets of servers for the time period under discussion.

No, we really don't need both. If we establish that the punishment for managing an insecure server is being drummed out of government service then you can apply that to either Clinton or whoever runs State email servers independently. Copying a system that is out of compliance doesn't make your system compliant.

Simon W. Moon · Mar 13, 2015

jmotivator said:
No, we really don't need both.

The allegation is that the Clinton reduced security of her e-mail by using the clinton server rather than the gov server.

How are we to compare the relative security of one system with that of another when we only have data for one system [and that data is years out of date]?

jmotivator said:
If we establish that the punishment for managing an insecure server is being drummed out of government service then you can apply that to either Clinton or whoever runs State email servers independently.

The relative security status of the ostensibly deprecated clinton server today is not identical as the status of that server years ago.
If the clinton server is not up to date at the moment it's kind of irrelevant because she is not the SoS at the moment.

That's why the information about the server set up at the time when she was SoS is relevant.
At least it's the relevant info imho.
:shrug:

Montecresto · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News

There's a second reason beyond accountability for why this was wrong, SECURITY.

Which could be the most important. And not just for her. All diplomats need to be required to use a .gov address for official business, no exemptions.

MMC · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News

There's a second reason beyond accountability for why this was wrong, SECURITY.

Mornin American they also had this. Which was out on March 4th. So tie this in with what other Security experts and White Hat Hackers are saying.

Which we now know....the Romanian hacker got other email accounts from Clinton. She cannot say there was no security breaches. She wouldn't know and didn't with the Romanian hacker. Until they locked him up in prison.

However, when [digital security consultant Alex] McGeorge examined [Clinton's e-mail] set-up this week he found it used a default encryption “certificate,” instead of one purchased specifically for Clinton’s service. Encryption certificates are like digital security badges, which websites use to signal to incoming browsers that they are legitimate.

Using a scanning tool called Fierce that he developed, Robert Hansen, a web-application security specialist, found what he said were the addresses for Microsoft Outlook Web access server used by Clinton’s e-mail service, and the virtual private network used to download e-mail over an encrypted connection. If hackers located those links, they could search for weaknesses and intercept traffic, according to security experts. Those defaults would normally be replaced by a unique certificate purchased for a few hundred dollars. By not taking that step, the system was vulnerable to hacking.

As our friends at Judicial Watch will no doubt remind everyone, there were plenty of Freedom of Information Act requests that would have implicated her e-mails. But they were never searched, even though a reasonable search of all responsive federal records must be made in response to FOIA requests. And the records would have been relevant to congressional inquiries as well, including continuing investigations of the Benghazi attacks. Why does that matter? Well, a federal criminal law makes it a felony when any custodian of official government records “willfully and unlawfully conceals, removes, mutilates, obliterates, falsifies, or destroys the same.” The crime is punishable by up to three years in prison. And interestingly, Congress felt strongly enough about the crime that it included the unusual provision that the perpetrator shall “forfeit his office and be disqualified from holding any office under the United States.”....snip~

Great news: Hillary’s e-mail server had a “misconfigured encryption system” « Hot Air

American · Mar 13, 2015

Simon W. Moon said:
The allegation is that the Clinton reduced security of her e-mail by using the clinton server rather than the gov server.

How are we to compare the relative security of one system with that of another when we only have data for one system [and that data is years out of date]?

The relative security status of the ostensibly deprecated clinton server today is not identical as the status of that server years ago.
If the clinton server is not up to date at the moment it's kind of irrelevant because she is not the SoS at the moment.

That's why the information about the server set up at the time when she was SoS is relevant.
At least it's the relevant info imho.
:shrug:

Bull****, because her official emails are probably still on there. Stop making excuses, you don't have a leg to stand on and you know it. I'm surprised at you.

MMC · Mar 13, 2015

jmotivator said:
No, we really don't need both. If we establish that the punishment for managing an insecure server is being drummed out of government service then you can apply that to either Clinton or whoever runs State email servers independently. Copying a system that is out of compliance doesn't make your system compliant.

Mornin JM. :2wave: First they need to determine where Hillary actually kept the server. She said her home. Now what if she lied there too?

Which it appears she did.....with her press conference. Do you think such info would not be missed when looking for some technicality to talk Hillary down from that Abyss?

Among other things, outside experts have managed to trace the most recent location of Clinton’s server – something she did not specify during her news conference and a subject of much speculation, as the server’s physical placement would provide early clues about whether the data stored on it was adequately secured against compromise by private-sector hackers and foreign intelligence services.

Now, working with publicly available tools that map network connectivity, experts have established that the last “hop” before the mail server’s Internet Protocol, or IP, address (listed as 64.94.172.146) is Internap’s aggregator in Manhattan (listed as 216.52.95.10). “This is a very strong indication that the clintonemail.com server is in Manhattan,” the source told Fox News. By entering the IP address for the Internap aggregator into existing databases, the experts obtained the exact geolocation coordinates for the aggregator – revealed to be on lower Broadway, at the intersection with Chambers Street, some two blocks north of City Hall. This in turn suggests that the Clinton server itself lies within close proximity – most likely former President Clinton’s Harlem office, and not as far away as the Clintons’ home in Chappaqua, N.Y.

That outside experts could so swiftly unearth such information left them convinced that the server remains, as presently configured, highly “vulnerable” to unauthorized intrusion – even if, as most observers suspect, the server, with so much publicity now attendant on it, is no longer in active use. The hackers further concluded that Clinton’s email operation was likely not much better secured when she was secretary of state.....snip~

Hackers probing Clinton email server uncover serious security lapses | Trending Topic

Simon W. Moon · Mar 13, 2015

American said:
Bull****, because her official emails are probably still on there. Stop making excuses, you don't have a leg to stand on and you know it. I'm surprised at you.

w/e
gl

Mycroft · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News

There's a second reason beyond accountability for why this was wrong, SECURITY.

This is mind-boggling.

The State Department needs to seize her computer immediately...heck, they should have done that the moment they became aware that she kept State Department information on it.

MMC · Mar 13, 2015

Mycroft said:
This is mind-boggling.

The State Department needs to seize her computer immediately...heck, they should have done that the moment they became aware that she kept State Department information on it.

The Press should have someone outside Bilbo's office in Harlem sitting there all day and night. Keep watch so she don't try to move it again. Then they should go and show up wherever Hillary is. To ask her that question.....Where is the Server now Ms. Clinton. Right now this very moment. You have some explaining to do, again.

And no.....no one is just going to take your word for it, any longer.

maxparrish · Mar 13, 2015

Mycroft said:
This is mind-boggling.

The State Department needs to seize her computer immediately...heck, they should have done that the moment they became aware that she kept State Department information on it.

One can envision a number of slogans and placard demands by an "Occupy Hillary's Hideout" movement...

"Hey Hey Hey, how many emails will you hide today"....

"Seize the Server".

"Missing Data Wanted, Reward for Return, No questions asked"

"Fess up Hillary, where did you hide it?"

"The only commonality between Clinton and Candor is they begin with the letter C"

CanadaJohn · Mar 13, 2015

American said:
Hackers, probing Clinton server, cite security lapses | Fox News

There's a second reason beyond accountability for why this was wrong, SECURITY.

This may sound facetious, but why can't the NSA probe its bazzillions of email records, using the Hillary email address as the search key, and voila, problem solved - all records are suddenly available.

MMC · Mar 13, 2015

CanadaJohn said:
This may sound facetious, but why can't the NSA probe its bazzillions of email records, using the Hillary email address as the search key, and voila, problem solved - all records are suddenly available.

Heya CJ. :2wave: Either that or work a deal with Snowden. He is bound to have a couple. :lol:

Simon W. Moon · Mar 13, 2015

MMC said:
The Press should have someone outside Bilbo's office in Harlem sitting there all day and night. Keep watch so she don't try to move it again.

It could be moved via the interwebz.

Hackers, probing Clinton server, cite security lapses

American

Trump Grump Whisperer

Simon W. Moon

American

Trump Grump Whisperer

Simon W. Moon

tres borrachos

HoHoHo

American

Trump Grump Whisperer

Simon W. Moon

American

Trump Grump Whisperer

Lovebug

Be humble and kind

jmotivator

Computer Gaming Nerd

Simon W. Moon

Simon W. Moon

jmotivator

Computer Gaming Nerd

Simon W. Moon

Montecresto

MMC

American

Trump Grump Whisperer

MMC

Simon W. Moon

Mycroft

Genius is where you find it.

MMC

maxparrish

Conservatarian

CanadaJohn

Canadian Conservative

MMC

Simon W. Moon