to be beating this dead horse aren't you?

but what we dont know"

or something stupid like that

there's no horse to beat.

I work in IT security. Trust me, this is a BIG deal.

But, proceed Hillary fans: vote for someone who doesn't give a rat's ass about national security.

who is throwing everything they can against the wall desperately hoping something sticks.
I'll bet you the Benghazi committee will be serving tea and cookies at Hillary's testimony next week.

ntds.dit file from a edb.log file.

It's not about throwing anything against the wall.

This server was probably compromised and that's far scarier to me than Gowdy and his silly Benghazi committee.

It just came out a couple of weeks ago.

Benghazi is a dead issue.

This isn't.

The FBI is investigating whether sensitive information could have been compromised on a private server, the security of which is in question.

The main questions I have:

Why in the world would Hillary want to use a private server for official State Department emails? Why wouldn't she want to just use the official State Department server, which without question is probably one of the most secure servers in the world? This is very risky and stupid and makes me question her judgement.

In addition, why would she want to use a private server knowing that if this were found out (she has many enemies), that it would be used against her in her future political aspirations? At the very least it looks like a stupid and petty move, at worst it looks like she was trying to hide something and may have been illegal on top of the obvious security issues.

beat the dead horse with a cane now. It was never about beating it with a whip.

New meme -- "It is not the whip, it is all about the cane"

I've never cared about Benghazi or the emails.

You can read my posts if you like. It's always been about the server's security with me.

Did you support Snowden when he compromised national security and stole classified information before fleeing to Russia?

Was Snowden Secretary of State of the United States of America?

If so, what dates did he hold that office?

Thanks

If we had decent whistleblower laws in this country, he wouldn't have had to do that.

But we see what happens to whistleblowers.

http://www.politico.com/story/2013/06/what-happens-to-whistleblowers-092744

and want to do what they want to do. And sometimes it brings down whole companies to give they what they want instead of the way it needs to be done. Where I used to work, IT made it where everyone's corporate notebook could only access the corp lan and wifi. However we installed DSL wifi access points everywhere for all the iPhones and tablets. The iPhones and tablets could not access the Corp wifi. We operated with the principle of never shall the two meet. It worked pretty well for several years until a VP hacked his corp pc setting around so he could access the internet without the proxy server. He got hit with a virus at home and brought it to work the next day and IT had to turn off the exchange servers to clean it up. CEO took the expenses for the cleanup and downtime out of his departments budget.

Nobody in government state,local or national should be allowed to run their own private systems. Period.

I don't know how many times I can post that I don't care about Benghazi or what was in her emails: I care who else had access to that information.

Sometimes things are inconvenient, but when you're someone who has clearance to view national security secrets, maybe, just maybe convenience should take a back seat to security.

convenience of the family, I have no problem with that. But he knows he did not set up up for security and was probably in the dark as to what it was being used for. I don't know of a single person that would set something like what it was being use for without plenty of firewalls and security. I would almost bet he even had logging turned off being a personal family device.

There's basically three ways you can be charged with leaking classified information:
1) Intentionally give it to a foreign government
2) Sell it
3) Negligence

Clinton and company didn't commit a crime - they didn't do any of those three. But the IT guy was extremely negligent.

I've only been concerned with the security of the server.

and data extrusion events. Moving confidential information from inside the company network to an outside server that lacks proper security gets people fired - and that's just for relatively harmless data loss, such as customer account numbers or SSNs.

Why should we have lower standards of data security for classified State Department communications, which have the potential to be incredibly damaging if compromised?

I love how Hillary fans conflate the very obvious political-point-scoring Benghazi committee with cyber security.

The two issues are completely different.

I agree the Benghazi crap is Republican grand standing, but the server issue is a whole 'nother kettle of fish.

than just "Bernie v. Hillary." They represent that faction of Democrats that will excuse and rationalize any bad behavior by a Democrat simply because their political understanding starts and ends with "Blue Team v. Red Team." They have such incredibly low expectations of Democratic candidates that "voting for the lesser of two evils" becomes a self-fulfilling prophecy.

In this sense, Hillary is a fantastic bellwether - just look at all the absolute crap (IWR vote, private prison industry coziness, warmongering, Wall Street ties, sleazy campaign behavior, etc.) that they are willing to overlook in service of identity politics. That kind of behavior has nearly killed the Party.

Hillary is worse than Nixon?

Reagan?

George W. Bush?

Any Republican candidate?

Isn't this "Blue Team v. Red Team"?

... I used to carry their water until about 8 years ago when I got an education here at DU.

And one of the reasons the left doesn't really have a party any longer.

to protect his privacy is less secure than a slow, cumbersome, broken system that is not only accessed by many, many people every day and not private but also is routinely bypassed by many who are supposed to use it because of its problems. The ones I've read or heard were more inclined to believe both systems could be hacked.

That alone makes it less secure.

As it happens it is pretty normal for government business to be conducted "outside administrative control" because of an antiquated, inadequate and leaky system. Don't forget the many people with access. E-mails sent through it all too often turn into D.C. gossip, and who knows what else.

You know, every person who saw or used Clinton's e-mail address knew she, like many others, was not using the official system (this includes security experts of course), but, even though she was Secretary of State, none of the security experts raised any significant objection (you know, like putting it in a memo and sending appropriate ass-covering copies), and it never became an issue -- until the GOP decided it was time to use it to try to derail her campaign for president.

more than a failure by Hillary. She did something stupid, but the Administration knew about it and failed to take action to correct it.

At the same time, the Obama Administration has been prosecuting everyone they possibly can for even minor incidents of data leakage, improper storage or whistle blowing. They can't do that and, at the same time, allow the White House network to be so poorly managed and secured. How can they expect us to take the prosecutions seriously, when significant security failures are identified yet left unaddressed?

as part of their jobs, pass information to valid receivers by phone (breaking a rule) instead of official but slow and cumbersome e-mail.

yet their inadvertent transgression is just as much as security risk as any other breach.

If Obama wants to get "tough on leakers" because he's concerned about security, then he should be concerned about security.

but well-meaning and honest employees is not correct.

Obama has used the Espionage Act to prosecute journalists, leakers and whistle blowers more than all previous presidents combined. The ostensible explanation for this is to prevent classified information from falling into the wrong hands. I find it utter hypocrisy to prosecute people like NSA whistle blower Tom Drake, yet allow Hillary to expose her communications to a potential security breach.

https://theintercept.com/2015/08/12/hillary-clinton-sanctity-protecting-classified-information/

a lunch date by phone? If the latter were prosecuted by the Justice Department, I would regard that as "vindictive."

My suggestion is you find more important and effective arguments against HRC. There are plenty. I myself have extremely strong objections to her support of using federal taxpayer dollars to pay for private religious education. The moment I decide another candidate has a better chance of winning the presidency, I'll drop her for that reason alone. Assuming the other guy hasn't done the same egregious thing.

I'm talking about classified State Department communications being conducted from a rogue server, and how such conduct creates a security risk. Further, the pattern of prosecutions by the Obama Administration against whistle blowers seems disingenuous when the same Administration's demonstrated lax attitude toward it's own network security.

You seem to be drifting from the topic.

But as a security professional, I bristle when I see claims that it's "nothing."

So let's move on...

you're constantly confronted with ignorance. I bless my stars I can either turn your stuff over to my son or my employer's tech support, depending.

It's not "nothing."

Granted, it probably would not have been discovered if not for the bogus Benghazi investigation, but it's still not "nothing.

I don't actually do the assessments at my company, but, by virtue of marketing the company, I have to write extensively about what our IT security professionals do, so I know the score.

RIGHT. FUCKING. NOW.

There are layers of security in the federal government's server system.

You might be able to break into the "lobby" of the server and gather the names and personal data of some low-level staffers, but you can bet the national security secrets have additional "locks, guard dogs and protections" that the "lobby" doesn't have.

Think of it like your house. You accidentally leave a window unlocked and a thief gets into your house. He may help himself to your chachkies, television and computer, but your really valuable stuff - your money, your jewels, your diary, whatever you consider valuable - is in a locked room that uses fingerprint scanner to open and in that room is a Rottweiler guarding the locked safe. Chances are, the thief isn't going to get in there.

Hillary's server, from all reports, didn't even have the security one has after changing the locks on the front door of a home you just purchased. They didn't even encrypt the VPN. Any Joe Blow could command her computer directly from the Internet.

For the 50th time on this thread, it's not about Benghazi or the emails: it's about cyber security.

The lack of the security on her server was only just discovered a few weeks ago.

time and resources.

In an era when Obama is prosecuting as many people as he possibly can for any incident of whistle blowing or data leakage, he should have been frantically shoring up White House network security and not letting the Secretary of State flout it.

It shows us that Obama is not concerned about security, but with hiding what his Administration is doing from the American people.

overrides my support for Bernie. He's being gracious and, in the bigger context, the email issue distracts from Bernie's message, so I understand why he wants to move on.

Politics aside, it's crystal clear that Hillary's use of a private server to manage official State Department communications comprises a serious security shortcoming and exposes some significant ignorance on behalf of Secretary Clinton and her IT staff, as well as on behalf of the Obama Administration.

But, obviously, identity politics trumps cyber security.

Content is irrelevant to me.

The rest can not be trusted.
The server was not on her basement.

I haven't given one shit about Benghazi or the contents of her emails.

let alone know a damn thing about hardening a server, or network security.

in the refrigerator to stiffen.

Even though Bernie himself say to lay off.

These republician talking points should not be allowed on the democratic underground IMO

years, I am willing to bet her servers were actually much, much safer than the feds. I mean they've hacked State Department, DOD, DHS, IRS, etc..... Also, given the number of Shrub loyalists at both State and the CIA, I think she would have been crazy to trust her communications to the State Department system.

It really isn't about national security for the GOP, it's about trying to take down the Clintons. The FBI is currently looking at just how secure her servers were. How much you wanna bet they discover they were safer than their own.

See my post at No. 62 for an explanation about the difference between someone hacking into one portion of the federal government and being able to get into the depths of the servers where key information is kept.

Just because someone got into dot gov's HR server doesn't mean, with the layers of security, that they're going to be able to get into the inner sanctum.

It's not the same thing at all.

You being so concerned and all.

I wouldn't be the one doing it, however.

BENGHAZI!!!!!!

This isn't about her emails.

It's about who accessed her server and got information, if any.

No need to focus much on this.

Have a great weekend.

PEACE
DSB

about "national security" or anything remotely related. At least be sufficiently honest with yourself to admit that the right-wing media has handed you a convenient two-by-four that you can use to bang on the Clinton campaign for a few more weeks.

It's basic political opportunism; no more, no less.

So, you know, your premise goes awry right there.

I do happen to give a shit about cyber security since it pays me.



P.S. I actually found that article doing research for something I was writing for work. I wasn't looking for it, but it came up in the Google searches I do for cyber security news for our blog.

Servers, emails, weak security. I don't care. What we need to see immediately is action. Either she did something criminal if she didn't. The fbi needs to stop dicking around. How long does it fucking take to investigate. It's a wonder there are any federal prosecutions with this kind of dithering.

Not to mention perhaps the fake worry is misplaced. Has that Republican Congress investigated any of the earlier attacks?

http://www.ibtimes.com/government-hacked-24000-files-stolen-worst-pentagon-cyber-attack-298771


http://mashable.com/2013/01/26/anonymous-hack-government-website-declares-war/#9YlbA1XNqEq1


http://www.defenseone.com/technology/2014/09/every-part-us-government-has-probably-already-been-hacked/93761/


http://www.cnn.com/2015/06/04/politics/federal-agency-hacked-personnel-management/index.html


http://www.nbcnews.com/news/us-news/state-department-joins-growing-list-hacked-federal-agencies-n249711