Hillary's sysadmin left VNC, RDP exposed to the internet - report
Presidential candidate's email server wasn't very private after all ...
Not only did Democratic Party presidential hopeful Hillary Clinton run her own email server while at the State Department: someone, presumably her friendly local sysadmin, decided it needed remote desktop protocol (RDP) and desktop sharing code virtual network computing (VNC) exposed to the Internet.
The folks at Associated Press were alerted to the situation by a Serbian geek the newswire hasn't named, but who ran bulk port-scans that happened to include Hillary's email server.
The scans came from the anonymous researcher who in 2013 published the white-botnet-driven “Internet census”, AP says.
Scans of a server that identified itself as clintonemail.com in August and December 2012 showed open ports for RDP and VNC. In March 2012, Microsoft warned that RDP was likely to be attacked, and in October of the same year Verizon warned that RDP's default Port 3389 was among the most-scanned on the Internet.
The researcher told AP the server also presented VNC to the Internet at large.
The State Department at the time required a waiver for any of its own techs to use remote access tools for systems administration, all the way down to unclassified servers, the AP notes.
There's also a suggestion that a Web server – probably bundled with whichever operating system distribution clintonemail.com ran – was running, although not in use.
The Internet Census port-scan showed two other devices that had open ports, but those aren't identified by the newswire. Presumably one of them was a broadband modem – still leaving one mystery device to be identified. ®
Sponsored: Becoming a Pragmatic Security Leader