HackDig : Dig high-quality web security articles for hacker

Clinton’s e-mail is hosted on Exchange 2010 server, not in Chappaqua

2015-03-19 21:45

There's been a lot of controversy over how Hillary Clinton apparently used a mail server running in her Chappaqua, New York, home when she started her tenure as secretary of state. But if you want to know what she's using now, all you have to do is point your browser at it—you'll get a login page for Outlook Web access from a Microsoft Exchange 2010 server. And so will anyone who wants to brute-force guess her e-mail password or simply take the server down with a denial-of-service attack. (This is not a suggestion that you should.)

Clinton has probably changed her e-mail address since the scandal began—particularly since the hdr22 account she used has been widely published and has likely become a magnet for all sorts of unwanted messages. And the hosted Exchange server is certainly an upgrade from her original server configuration—Until October of 2010, based on historic DNS records viewed by Ars, Clinton's e-mail server was in fact at a static IP address provided by Optimum, a Cablevision subsidiary, that corresponded to the Clintons' Chappaqua address. The domain was registered on January 13, 2009, just days before Clinton's confirmation as secretary of state—but it did not gain a certificate for secure client connections until March. The current certificate for clintonemail.com was issued by GoDaddy in 2013 just as the original certificate was about to expire.

At some point shortly after the home server was dropped in 2010, the mail exchange record for clintonemail.com was moved to a hosted Exchange server running out of a data center in Huntsville, Alabama. The server uses McAfee's MXLogic e-mail filtering service to screen for malware and spam (though it's not certain when the service was added).

There are a couple of potential hazards posed by the Clintons' hosted mail server. First, Outlook Web App is enabled, and that offers an avenue for attackers to attempt to brute-force their way into mail accounts by guessing passwords. Exchange server offers some policies to block these sorts of password attacks, but using them runs the risk of denying users access at all—all someone has to do to basically shut down a user's e-mail is enter bad passwords a few times to activate the lockout.

The other problem is that it's not certain just how well patched this Exchange 2010 server running on a Microsoft Windows Server instance really is. Based on server data, mail.clintonemail.com is running on an instance of Microsoft Windows Server 2008 with Internet Information Server 7.5, both of which have had numerous security vulnerabilities uncovered since this particular server was configured. On the bright side, since it's Windows, it wasn't vulnerable to Heartbleed or Shellshock.


Source: -revres-0102-egnahcxe-no-detsoh-liame-snotnilc/30/5102/ygolonhcet-noitamrofni/moc.acinhcetsra

Read:996 | Comments:0 | Tags:Risk Assessment Technology Lab

“Clinton’s e-mail is hosted on Exchange 2010 server, not in Chappaqua”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud