http://www.wired.com/2015/03/clintons-email-server-vulnerable/
By ANDY GREENBERG
SECURITY
Wired.com
03.04.15
FOR A SECRETARY of state, running your own email server might be a
clever—if controversial—way to keep your conversations hidden from
journalists and their pesky Freedom of Information Act requests. But ask a
few security experts, and the consensus is that it’s not a very smart way
to keep those conversations hidden from hackers.
On Monday, the New York Times revealed that former secretary of state and
future presidential candidate Hillary Clinton used a private email account
rather than her official State.gov email address while serving in the
State Department. And this was no Gmail or Yahoo! Mail account: On
Wednesday the AP reported that Clinton actually ran a private mail server
in her home during her entire tenure leading the State Department, hosting
her email at the domain Clintonemail.com.
Much of the criticism of that in-house email strategy has centered on its
violation of the federal government’s record-keeping and transparency
rules. But as the controversy continues to swirl, the security community
is focused on a different issue: the possibility that an unofficial,
unprotected server held the communications of America’s top foreign
affairs official for four years, leaving all of it potentially vulnerable
to state-sponsored hackers.
“Although the American people didn’t know about this, it’s almost certain
that foreign intelligence agencies did, just as the NSA knows which Indian
and Spanish officials use Gmail and Yahoo accounts,” says Chris Soghoian,
the lead technologist for the American Civil Liberties Union. “She’s not
the first official to use private email and not the last. But there are
serious security issue associated with these kinds of services…When you
build your house outside the security fence, you’re on your own, and
that’s what seems to have happened here.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
