Very interesting post at that famous nest of rightwingers, Boing-Boing:
Hilary Clinton used Mxlogic — now a division of Intel — to filter her clintonemail.com mail. The service would have received all of her email before it was forwarded on to her. Sensitive and confidential matters of state were exposed to untrustworthy insiders and spies/crooks who penetrated their network.
They link to Dvorak Uncensored which broke the story.
I’m Marc Perkel – I’m an email expert and I run a competing spam filtering service Junk Email Filter. (yes – I’m jealous) So I know how email system work. Email from the Internet is routed by DNS records called MX records what are used to look up where to deliver email destined for a recipient. When someone uses a Spam Filtering service they point their MX records to that service and all email for that domain goes to the spam filtering service first – they clean it – and forward the good email on to the recipient server which is secret to the world.
Internet —–> MxLogic ——> Hillary’s Server
What this means is that when Obama or anyone in the State Department emailed Hillary, the email went to MxLogic. It was then decrypted, checked for spam and viruses, and then reencrypted and sent over the open internet to Hillary’s server. While it was at MxLogic it could be read, tapped, archived, or forwarded to anyone in the world without anyone knowing.
This system has serious security implications. Email to McAfee’s servers might be encrypted and email out of McAfee might be encrypted, but while it’s at McAfee any employee who has access to the filtering system can tap and read any email going to that domain. So – for example – if I’m a Russian spy, ISIS, North Korea, or Fox News, or a 14 year old hacker, all I have to do is bribe someone at McAfee or hack their work login, and they get to read all the email of the Secretary of State. WooHoo!
And – this is one of many reasons they have a rule at the State Department that you have to use their servers.
For what it’s worth I was imagining that I was the email security tech at the State Department and I’m aware that Hillary isn’t playing by the rules. What do I do? If I confront her about it do I get fired? Or does the State Department even have email security? How does this get past the tech guys.
Read the whole thing.
And here’s Bloomberg’s Rogin and Lake on another vulnerability.