X-NO-IDIOTS
On Fri, 22 Jul 2016 00:31:31 -0500, in talk.politics.guns PaxPerPoten
<P...@USA.org> wrote:
>What makes you think there were not many many more? Also hack attacks
>usually remove their tracks.
The issue wasn't an off-site server given that it was physically
secure... and nobody ever said it wasn't. Assumably, somebody at
state knew of the server; their DHCP had to keep issuing it an IP
address and the techies tend to watch that sort of thing; somebody had
to have put that server on the network via a VPN.
Did the government *prosecute* the techs who set that up? (It was
probably a resume-generating event, I'd wager.) The techs were not
charged with any crime even though *they* were the ones who were
supposed to have known!
Now, here's the issue: a secure network will reject inbound
connections from any initial device that does not meet a certain level
of security and a Blackberry does not. Now, *my understanding* of
this vulnerability goes to what's called the "seed space" for the
random number generation on the Blackberry, allowing "Eve" possibly to
crack the encryption on the email. *My understanding* of what
happened is that someone installed a second network interface card
into that machine and connected to a commercial ISP.
Thus, Hillary & friends were able to connect to the commercial
interface with their Blackberries and send & receive email without
having to fool with that bothersome little security restriction. If
you want to see a bunch of techies get nervous quickly, just bridge
their secure network onto the great unwashed internet like that.
Dunno why state's vulnerability scanners didn't catch that second
interface more quickly than they did; they'd actually have to remote
into the server to see it, but so what? I'm going to guess that
Hillary's server was probably uploading its logs... I'm *way* out on a
limb here... and, in a security audit, someone noticed that the
numbers in her logs didn't agree with the numbers from the bastion
servers... just a WAG.
So, the issue was that their emails could have been intercepted and
read somewhere between the device and the server. It's essentially
why HIPAA forbids doctors to have email... period. (Well, they can
*have* it; however, they cannot use it in their practice.)
Have I answered your question, sir?
Jones