Some of the sharpest criticism of what HRC did have been things written in tech related media. On DU, some of the clearest explanations of why it was wrong have been written by self identified tech people.

It may well be that the inner Clinton team - HRC, Abedin, Mills, etc - are NOT that tech savvy and the tech guy may have been too junior to have been in on the decision to do this - he might have just been given the job to set up what they asked for. It may be their lack of tech savvy that meant they did not see the technical problems.

However, it is not JUST these issues - that you can put in a box saying they are "technical" - but the issue that the SD emails should have been kept by the SD. At minimum, this would have meant having a weekly, monthly OR even one dump at the end of her service to the SD. (In fact, had it been say weekly - I would bet that it would not have been long before HRC created two accounts on the machine just so they didn't have to carefully separate personal and private.

And I'd pit the network security experts I work with against Peter Fidler any day. WCA Technologies is a, well, technology company, but they are NOT experts in network and data security. In fact, that's not even offered by their firm. I checked.

I'm not concerned with the amateurs using phishing attempts or Port 80 exploits. I'm more concerned about the professional state actors that are far more sophisticated than a script kiddie.

bots actually, that just go around looking for vulnerabilities everywhere.

But I'm not all that concerned with that stuff.

On many subjects, I need to defer to experts. With respect to data security and network engineering, I don't take a back seat.

And it's true that public IP's on the internet are constantly port-scanned, and that in the vast majority of cases, nothing comes of it (largely because the "script kiddies" running those scripts have no idea what to do after the recon phase). But ALL successful and dangerous hacks do start out the same way. So at that level, the harmless vs the harmful cannot be determined--the ingress is the same in either case. And that's why you have to protect against anyone and everyone.

for some things and it has pretty good built in security, but not critical as it's all sitting in RFC1918 space-


Working on new product/project and we will have a mail server (probably SurgeMail as well) sitting on the public intertubes but damn sure will have a firewall. Actually, just gave myself an idea, wonder if you can use an SBC to protect a mail server? What is better than dynamic blacklisting

No one tries to brute-force a firewall, but if it's not in place, there's going to be trouble.

Our email is outsourced now, so that they can look incompetent with Exchange instead of us looking competent with Exchange.

And not related to anything else, but since we're here...how does IT hiring look in the DFW area? In the Bay Area, it's extremely active right now.

One of them I'm trying to recruit internally then what he is doing can be backfilled, and probably have to look to the street for an SBC guru since I'm pretty close to vendor selection- we can look for specific skill set-


We actually just got a new CIO recently, everybody including him are talking woo hoo NVF is the next biggest greatest thing!

For me being on the telecom side I'm like, blah, not ready for prime time until the chipsets improve. Couple vendors have tried to do transcoding for example in a virtual environment with very poor results

Fortunately for me, the industry doesn't seem to have solidified on much yet, so I may have some time to catch up while standards are coming into focus.

Good luck with your secret project. My secret project has been finding a way to get out of the hellscape that is my current employer. The big reveal comes Tuesday morning.

Have a good weekend, snooper2.

So have the world's best firewall, and anyone can just waltz right past it.

Seems to me stuff was safer on Hillay's server than at the State Department.

Dot gov got hacked, yes.

But, dot gov also employees IT security professionals who add layers of security onto their network to protect various parts of their networks. They use a variety of security products and professional techniques to protect the "inner sanctum," as it were. Maybe some personnel records were hacked because they're on a less secure and less monitored part of the network, but they're going to have a much more difficult time getting into the national security "room."

Clinton's server was also hacked and her server didn't have layers of security to protect it. The problem is we don't know what information she was sharing via email to determine if someone might have gotten some sensitive information.

Attempted hacks are not hacks.

I would be remiss in exiting this thread without giving my friends and foes , alike, on this board a and just warn you the most dangerous place to be in the midst of a hanging is between the posse and the intended victim.

Her server was vulnerable. But you have to understand some details of network security to understand that.

So while a port scan by itself is not scary, a port scan that hit a vulnerable server is.