Lebowski Enlightenment #1

Such an interesting article to consider the meaning of.

First of all, the email server of the secretary of State of the United States of America, tho greatly fallen in glory, is important enough to be intimately known by all intelligence services, including ours.  They would easily know the version of the mail handling application, and thus the likely host OSs, from details of mail headers and things I don’t know much more about.  In fact, I had read that the server was Windows NT*, can’t find it now.  An old version of Windows, if so, and I bet the kind of people who use such outdated software are not keeping the OS and applications patched, even if such old versions of the software are still supported.  Surely the system has been taken in hand by forensic experts to check for possible penetrations?

But even if it was the very latest OS and application, it was a Windows system attached to the Internet.  Can you say ‘hacked’?  Ask your favorite search engine “How hard is it to hack a Windows NT server?”.  Firewalls and other security mechanisms slow that down, but don’t prevent it, all those were certainly in place in all of the large hacks of recent vintage.  If it is attached to the net, it will be taken over.  That must be assumed, detected by careful and continuous monitoring and corrected immediately when an intrusion is detected.  Which would be often, such an old OS and application.

Our Secretary of State’s emails were read by every foreign intelligence service in the world, and NSA also.  Easily, there are hacks for those available on the web. NSA is supposed to be paying attention to things like that, right?  The FBI also.  On circuits that the NSA read every bit of 24×7.  By people whose expertise was penetration of foreign systems, no doubt with many tools to access that very same OS and version of the mail handler.

Professionals surely must understand this.  NSA can’t keep foreign intelligence services out of the OMB, tho we can’t judge which security target was hardest, OMB or Clinton’s old system. We have no reason to believe anyone could have kept anyone out of Hilary’s system, that would have been a heroic effort, people would be bragging about their great efforts and great job.  Haven’t heard those brags, have you?

As a Lebowski Enlightenment*, consider that all security professionals take that point completely for granted. Everyone read Hilary’s email.

Why have they not told us?  Is it yet another example of how attack is stronger than defense in the digital security game, so nobody talks about the losses?  Maybe it is much better not to have secrets?  So much better we would be well shed of our many security agencies, gatherers of secrets in one convenient place for the anti-Snowdens of the world to access at will?

Remember that Snowden established one fact of great importance : NSA can’t keep America’s secrets secret.

You don’t see much discussion of that central fact and its implications, do you?  Why do you suppose not, such a very strategic issue as that?  What Bayesian prior would strongly illuminate that fact?

There is no ‘conspiracy theory’ in this.  It is logical assessment of things surrounding facts derived from other facts.  Who knew what when, and why.  Every investigator does it in every case, one would think the media would have caught on sometime since Sherlock Holmes made the idea popular.

*Lebowski Enlightenment is explained here.  Such a useful concept for our opaque modern times.

——-

Later I find this link that comes to the same conclusion.

Yet later I find this link that adds the same conjecture and some evidence.

Yet later, Snowdon concludes the same.

Yet later, this seems to excuse Clinton and makes the case much more complex.  One of the possible servers was a “Windows Server 2008 R2 with a valid SSL certificate”.  She used different servers at different times, is part of the complexity.

This is the analysis that says “vulnerable”. Also, this.  No question, everyone read Clinton’s email.

*I was wrong about the server software.  But it doesn’t matter, Windows is a security nightmare, which is why Linux dominates the server room.  OpenBSD is far better than even Linux.

Later, Brenan’s email on AOL was hacked, social engineering by teenagers.  Note that I am using this at each end of the argument to support the other, completely illegimate in any hard-thinking analysis.  This level is light entertainment, please do not take it seriously.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s