How Team Clinton screwed up the security on her server (Reply #1)

In the discussion thread: NSA Chief: Hillary Clinton Emails Were 'Opportunity' for Foreign Spy Agencies [View all]

Response to magical thyme (Original post)

Thu Sep 24, 2015, 09:16 PM

jeff47 (26,549 posts)

1. How Team Clinton screwed up the security on her server

What we know so far:

1) Communications with her server were not encrypted for the first 3 months.
https://www.venafi.com/blog/post/what-venafi-trustnet-tells-us-about-the-clinton-email-server/

2) They left the default VPN keys installed on her server
http://www.bloomberg.com/news/articles/2015-03-04/clinton-s-e-mail-system-built-for-privacy-though-not-security

Using those addresses, McGeorge discovered that the certificate appearing on the site Tuesday appeared to be the factory default for the security appliance, made by Fortinet Inc., running the service.

3) They were using, and continue to use, self-signed SSL certificates
http://gawker.com/how-unsafe-was-hillary-clintons-secret-staff-email-syst-1689393042

4) They set up a .com domain, enabling the typosquater who has registered clintonmail.com (no "e" before "mail"

. Whoever registered that domain is in a perfect position to steal login information or perform spear phishing attacks.

5) Her ISP was repeatedly hacked by China
http://www.democraticunderground.com/?com=view_post&forum=1251&pid=615632

Reply to this post

Back to OP Alert abuse Link to post in-thread

Always highlight: 10 newest replies | Replies posted after I mark a forum

Replies to this discussion thread

44 replies	Author	Time	Post
NSA Chief: Hillary Clinton Emails Were 'Opportunity' for Foreign Spy Agencies [View all]	magical thyme	Sep 2015	OP
How Team Clinton screwed up the security on her server	jeff47	Sep 2015	#1
Also, they didn't pay the extra $10 for private domain registration. ALWAYS the mark of an amateur.	DisgustipatedinCA	Sep 2015	#6
Amateurish, but not that bad in this case	jeff47	Sep 2015	#17
I just meant that to the right people with bad intent, non-private registration could be like a...	DisgustipatedinCA	Sep 2015	#20
Yeah, but she also traveled to China and Russia.	jeff47	Sep 2015	#21
one other thing this email stuff presents an opportunity for	bigtree	Sep 2015	#2
it's an article in Newsweek, which a lot of people outside of DU read and trust	magical thyme	Sep 2015	#4
I decided to click in the link to check your claim...the article is from Reuters, reprinted.	Fred Sanders	Sep 2015	#7
a lot of people read Newsweek and a lot of people read Reuters.	magical thyme	Sep 2015	#10
Lot of people read Fox and NY Post.	Fred Sanders	Sep 2015	#11
holy crap. 5 replies -- almost 50% -- on a topic you are "bored" with.	magical thyme	Sep 2015	#15
a lot of people can't deal. they are always the same three people.	roguevalley	Sep 2015	#24
the issue remains the same	bigtree	Sep 2015	#8
The question, no quote, was about foreign officials who use private servers for "official business".	Fred Sanders	Sep 2015	#9
you're so bored with it you had to reply 3 times? make that 4 times!	magical thyme	Sep 2015	#12
My work here is done.	Fred Sanders	Sep 2015	#13
as far as Clinton is concerned	bigtree	Sep 2015	#18
take out clinton, put in bush. You would be gathering firewood as i write this	roguevalley	Sep 2015	#25
that's sophistry	bigtree	Sep 2015	#27
So NSA who knows a bit or two about breaking in to everything electronic,	jeff47	Sep 2015	#16
they have their agenda	bigtree	Sep 2015	#22
And now you're beating the dead messenger's corpse.	jeff47	Sep 2015	#23
'hate' has nothing to do with it	bigtree	Sep 2015	#28
And how does that close the security holes in her server? (nt)	jeff47	Sep 2015	#44
Oh, please.	840high	Sep 2015	#31
Eyes on the Prize: Get Bernie the Nomination, don't kiss the NSA's ass	emulatorloo	Sep 2015	#3
Yeah! What's the NSA know about breaking into servers anyway!!!	jeff47	Sep 2015	#19
One can't distrust the NSA one day and become a fanboy the next	emulatorloo	Sep 2015	#36
What fanboy?	jeff47	Sep 2015	#38
Simple concept: The enemy of my enemy is not my friend	emulatorloo	Sep 2015	#39
Simple concept: killing the messenger does not change the message.	jeff47	Sep 2015	#42
I read the OP twice and still have no idea what the fuss is about. And since there is not a	Fred Sanders	Sep 2015	#5
That's correct Admiral	hootinholler	Sep 2015	#14
Funny how they were never hacked but NSA was. nt	kelliekat44	Sep 2015	#26
Who was never hacked?	Fawke Em	Sep 2015	#30
You don't know.	840high	Sep 2015	#32
Believe me, had it been hacked it would have been 24/7 over the news and FOX. nt	kelliekat44	Sep 2015	#33
that's one of the things the FBI is looking into and they aren't talking to anybody	magical thyme	Sep 2015	#34
Because China and Russia announce their hacks.	jeff47	Sep 2015	#43
And THAT is the issue with the private server.	Fawke Em	Sep 2015	#29
Which RW site is that speculation from?	Fred Sanders	Sep 2015	#35
I must point out...	ljm2002	Sep 2015	#37
New hero of the Bernistas: the NSA chief!	DanTex	Sep 2015	#40
Who could ever possibly believe him? Rumor has it that	Zorra	Sep 2015	#41

Edit History

Please login to view edit histories.