The sarcastic horseshit doesn’t work in this case. The ‘security through obscurity’ bit doesn’t work and according to Qualsys the SSL (secure socket layer) on Clinton’s server got an F. This has apparently been updated recently but it was outdated before this became public.
Additionally, when it comes to private company security vs government, the government does have standards and auditing. Is it perfect and in place at all agencies? I have no idea. However, having been through a security audit to get a government contract, I know what they expect and I seriously doubt Clinton’s private server met the standards. Hell, I know the server was running Ssl 2 which is insecure.
To prove Clinton’s server was more secure than a government server Clinton would have to show that the server was audited regularly, patched on a consistent basis and have appropriate security measures in place. I am willing to bet it was an install it, stick it in the closet and forget about thing.
Also, we know Blumenthals AOL account was hacked. He emailed Clinton regularly so therefore we know that attackers knew Clinton had her own server. There goes the obscurity.
Every single security person I know are absolutely shocked that anyone in Clinton’s (or the other idiots who used private email for government business) position would think this is a good idea.
It was insanely stupid.
Clinton running her own server just puts another layer of stupidity on top. At least AOL and Yahoo have dedicated security teams.
And the only reason I can think of for smart people to do such dumb shit is to sidestep scrutiny. Add in the Clinton’s and the rest of the politicians history of trying to evade scrutiny and it doesn’t take a giant leap to come to the conclusion that Clinton did this not for convenience but to control what records investigators would see if an investigation happened. And, lo and behold, that is exactly what she is doing.
I don’t have a dog in this fight, but I’d say that sleestak was hitting the high points wrt security best practices. You don’t have to know much about cybersecurity to understand the difference between the billions the government spends on it and the 100’s of millions that large corporations spend on it…or the fact that THEY STILL GET HACKED.
But, what the hell, a quick Google search shows a lot about Clinton’s security, so this was the first on the list (for whatever good it will do):
Without seeing the details of her providers security or a real assessment and PEN test of their cybersecurity internal and external it’s hard to say, but I’ve seen enough to have doubts it was very good. Certainly not up to the high standards of either a large corporation OR the State Department. Whether that’s important or not depends on whether her email was important or not, whether it’s security was important or not, whether her being hacked and potentially false emails sent by ‘her’ would be important or not or whether her system going down for long periods of time would have been important or not. But from a best practices perspective what she did was pretty stupid. From a political one? I don’t really care, to be honest…I’ll let you guys fight over that.
And you are confident that no other experts with roughly equally substantiated boney fidos…no other experts would offer a different opinion? Beyond that, is there something inherently suspicious about choosing the wrong vendor, or accepting the wrong advice on choosing a vendor? Ms Clinton has been quite the busy lady, I doubt she has had the time to immerse herself in cybersecurity engineering.
This is actually an interesting question. I wonder if after she announces she will address the security issue. I don’t mean from a political stance (well, it’s all political) but strictly the nuts and bolts “How secure was the server” thing.
Sure, they would prefer to avoid it, but i have no doubt her team has a few computer security experts ready to talk about it, if they must.
Feel free to show me an expert with a different opinion. There were plenty of hits when I Googled this, and I’m sure one of them has a different opinion or another take on all of this so knock yourself out. Personally I doubt she did more than hire a consultant who did a cursory security evaluation and setup and relied on her ISP or hosting vendor to have done whatever they did, because like most people she probably has no idea what the risks are…and also because doing REAL cybersecurity takes experts and lots and lots of money, as well as a willingness to conform to policy, which is often a pain in the ass, especially to elected official types who often can’t be bothered.
None of this is a knock on Clinton herself…I’ve seen this over and over again from various elected officials or county or state high level staff, as well as at large private companies. No one takes this stuff as serious as it should be until it bites them on the ass…then they blame the IT guys. If, as seems to be indicated by multiple posters up thread, there were no requirements, statutes or policies in place stopping Clinton from doing what she did as Secretary of State, then I blame the folks who formulate those policies for the State Department more than Clinton. Oh, what she did was stupid and reckless, but she probably didn’t know that or really understand the risks and without a policy or statute telling her she couldn’t just do her own thing there was nothing precluding her doing it.
It’s not a foregone conclusion that Clinton’s security was worse. State Department Toughens Up Computer Network Against Cyber Threats : PERSONAL TECH : Tech TimesThe latest Federal Information Security Management report reveals the State Department has one of the lowest cybersecurity assessment scores among all federal agencies, sharing the dishonor with the Department of Health and Human Services and the Department of Housing and Urban Development.
Because we don’t have enough information to take either position.
That is, I can confidently answer “No,” to Do we know Clinton’s security was worse than the State Department computers? AND Do we know that Clinton’s security was better than the State Department’s? We don’t, for either.
This. She shouldn’t have done it, but what she did wasn’t against policy and was in line with what her predecessors did. So put me in the “a little problem” camp.
I recognize that some folks are determined to attribute malice and skulduggery to this in the hopes that this will be the thing that finally sinks Clinton but frankly I see little more than your average personal and institutional inertia of the type I’ve seen in lots of other, lower-profile cases. Hanlon’s Razor applies as always.
Yes, it is. When did State stop using it? (And also stop using SSLv3, which is also insecure, and mandate TLS?) After Clinton took office as SoS for SSLv2.
You keep applying 2015 standards to this discussion. SSLv2 was deprecated in the mid-1990s but remained in wide use through 2010. In fact,part of the SSLv3 standard is a fallback to SSLv2 if the client doesn’t support SSLv3.
I thought this thread was about Ol’ Hillary refusing to fully cooperate with Congressional investigators?
The investigations will continue until the State Dept., and the former head of the State Dept., provides complete answers, and full documentation to the Congressional investigators.
The trail of evidence led to Ol’ Hillary’s server. That’s her problem. She can be fully cooperative, and transparent, or she can continue to prove that she doesn’t owe the public any explanations.
If she uncooperative now, just wait until she can hide everything behind Executive Privilege. She’ll make Nixon seem like a chatterbox.
This was about the private e-mail server, originally, and how it violated the law.
The initial accusations were strongly inferential that Secretary Clinton violated the law, held herself above the law, and other was contemptious of the law. These served to get the firestorm ignoted. Now, the accusations have shifted slightly. No longer do we heard accusations about the law, since the narrative has already been crafted. Now it’s more subtly about “transparency,” and “political consequences.”
In other words, false and misleading accusations were used to stir up public opinion. It’s absolutely disgraceful.
OK. I think this thread is about Hillary refusing to fully cooperate with Congressional investigators. Other’s opinions may differ.
Disgraceful? Yes. SNAFU? Yes. OTOH, if it wasn’t for false, true, misleading, misunderstood statements, and simple questions being asked, We the Voters would never know what our elected representatives, and their appointees, are doing with our tax dollars.
Especially if they’re the least bit informed about the issue.
No, it really isn’t.
No, it really isn’t.
If you told me that a GOP SoS had had a private email, I’d reflexively want to castigate them for that. But when I found out, that the previous two did the same thing, and that there was no rule against it, I’d eat crow and admit that it’s a non-issue.
That’s the part you’re having trouble getting to.
You know what the Dems are doing with your tax dollars. They’re trying to run the country. The GOP is trying to keep that from happening.
I’m in favor of asking questions, and letting investigations run their course.
I didn’t say that Ol’ Hillary had done anything illegal. You must be confused. You can eat all of the crow you wish to. I’m not going to stop you.
A question of whether a Sec. of State was required to sign a OF-109 was raised earlier, both in public, and in this thread. That question was answered. Do you believe the question should have been asked? Is Ol’ Hillary already operating under Executive Privilege, or do you just wish that she was?
If people do not ask questions, it’s unlikely that they will receive answers. If you chose not to ask questions, that’s your call. If you expect others not to ask questions about their government officials, well… good luck with that.
There are still unanswered questions concerning who knew what when, and there are still un-provided documents from the State Dept., and Ol’ Hillary’s server. Congressional investigators, and the AP, are still trying to get answers. If that’s OK with you. Congressional investigators have summoned Hillary to, once again, answer their questions. If you hurry, you might be able to convince them not to ask Hillary any more questions.
There are still questions to which the answers are not what you wish them to be. But none of any importance that haven’t been answered. Time to deal with it.
The Congressional investigation is, in fact, dealing with it. I can wait for the final results to become public, and I expect those final results to include Hillary’s, and the State Dept’s, full cooperation.
It seems that Congressional investigators place more importance on receiving documents and cooperation than you do. Unfortunately for Hillary, her fanboys are not in charge of the investigation.
