RE: clintonemails.com: Who is Eric Hoteham?

Status
Not open for further replies.
16.5 said:
Oh dear, I don't think he gets it...

Do you have evidence that she a a self signed cert in January and February of 2009?

Answer: No.

Then please stop making the utterly specious claim that she "might" have had one.
Click to expand...

I'm not going to stop making any claim because it's not specious. They take a max of 5 minutes to do, and there is absolutely NOTHING to say she didn't make one at all. Is there anything to say she did? No, but that means absolutely nothing. I can't provide evidence of something when I would have no way to even get that information. It would be impossible.
 
16.5 said:
Self Signed Cert Truthers!

Your Fallacy is: Proving Non-Existence
Click to expand...

TheL8Elvis said:
I'm sure everyone notices how you have to keep dishonestly cherrypicking my posts

As soon as you provide evidence the server was not using encryption between jan and mar18, you will have made your point.
Until then... *YAWN*
Click to expand...

No one is asking that you prove or disprove the existence of the certificate. He's asking you to provide evidence that the server was not using encryption.

I've asked you this a bunch of times when you brought this up last, and I'll ask you again.

  • In your own words, what is a certificate and what does it do?
  • What does it prove with regards to Hillary's server?
  • Do you or do you not believe it has anything to do with sending\receiving emails on the server?

Those are 3 really easy questions that you should have no reason to snark your way out of. If you do, I think the rest will speak for itself.
 
16.5 said:
Self Signed Cert Truthers!

Your Fallacy is: Proving Non-Existence
Click to expand...

And around and around we go....

You were wrong when you said it here, and you are still wrong:

16.5 said:
:eye-poppi

1. You want Venifi to prove a negative.
2. You don't think that Clinton should have to provide evidence to support their claim that the server was secure.
3. You have no evidence that they were using self signed certs, but are just going to go ahead and claim it anyway.

wowsers.
!
Click to expand...

You don't care to understand that the opposite of encrypted is not non-existence.

The opposite of encrypted communications is clear text communications

If you want to claim that information sent jan-mar18 was not encrypted, that means it was sent in clear text,and you must provide evidence that it was sent in clear text.

Can you do that ??
 
What are goalposts?
Where are the goalposts?
Why did you move them way over there?

I enjoy how we were talking about the WaPo article, which wuz DEBUNKED
 
16.5 said:
What are goalposts?
Where are the goalposts?
Why did you move them way over there?

I enjoy how we were talking about the WaPo article, which wuz DEBUNKED
Click to expand...

And now you have dug yourself in such a hole can't even quote any posts...

This is downright amusing :D:D:D:thumbsup:
 
TheL8Elvis said:
Oh dear, I don't think he gets it...

Do you have evidence that she did not use a a self signed cert in January and February of 2009?

Answer: No.

Then please stop making the utterly specious claim that her server didn't use encryption.
Click to expand...

I know this has been moving fast, but if you would just care to add your evidence here , 16.5 ...
 
Here you go (see comments to blog post) (my emphasis added):

TrustNet performs a full Internet scan from various locations. Scan is non-invasive handshaking to retrieve certificates Because of this, TrustNet can collect CA issued and self-signed certificates.

So you ran a scan during the first three months of Clinton's term and were able to determine a self signed certificate and encryption or are you claiming this could be determined after the fact?
Click to expand...

Yes, collection of the first clintonemail.com certificate was performed in 2013. This certificate was issued by Network Solutions. Venafi TrustNet maintains a database of digital certificates going back over 10 years, including both self-signed and CA-issued certificates. During this time, open source projects scanned the Internet and collected public data such as certificates. The first certificate for clintonemail.com in the TrustNet database was issued 29 March 2009 from Network Solutions. The TrustNet database also contains the certificate renewed for clintonemail.com in 2013 and issued by GoDaddy.
Click to expand...

So assuming this Venafi employee is correct, this is strong evidence that Clinton's server was not using an X.509 certificate for proving identity nor doing encryption of communications. It's certainly possible that Clinton was sending and receiving encrypted emails, using, say PGP, but that it is rather onerous.

I think at this point it's extremely likely that Clinton had a very unsecure server for a couple of months. Worse, it's possible that when the certificate was finally installed, the private key could have been obtained by somebody who had already compromised the server. Thereafter, access to server communications would have remained open to whomever got a hold of that private key.
 
Last edited:
sunmaster14 said:
I think at this point it's extremely likely that Clinton had a very unsecure server for a couple of months. Worse, it's possible that when the certificate was finally installed, the private key could have been obtained by somebody who had already compromised the server. Thereafter, access to server communications would have remained open to whomever got a hold of that private key.
Click to expand...

We know more than that, we know that Hillary and her team have not released any evidence that the server was secure during that period.

Notwithstanding her fans desperate attempts to shift the burden and prove a negative.

Of course, it is the same old nonsense we saw before. The real news today is that the State IT people told Hillary that her homebrew cowboy server set up was not secure and the fact that there was evidence that her BB was compromised in Asia.

Yet she kept on using it.

Game over
 
"On March 11, at a staff meeting, Clinton seemed to throw in the towel on her Blackberry, telling Boswell that she had read the memo and “gets it.” We know this from correspondence among Boswell’s staff."

Now we know why she dropped her efforts to get NSA to gerry rig a blackberry set up despite the fact she was "addicted" to it.

But what’s fascinating and troubling is something else in the correspondence. One staff message says that during Clinton’s conversation with Boswell, “her attention was drawn to a sentence that indicates we [the diplomatic security office] have intelligence concerning this vulnerability during her recent trip to Asia.”
Click to expand...

Intelligence about this vulnerability.... Pretty clear, huh fellas?
 
sunmaster14 said:
Here you go (see comments to blog post) (my emphasis added):
Click to expand...

Hey, they updated their blog post since september, great !

Let's start here:

Yes, collection of the first clintonemail.com certificate was performed in 2013. This certificate was issued by Network Solutions.

So they admit they didn't actually scan the server in 2009.

And, as surmised by me earlier, they don't actually have a time machine, and so didn't pull the cert until 2013, when they started this service they are pimping selling in this blog post

So there "evidence" of what happened in 2009 is already pretty suspect.

Venafi TrustNet maintains a database of digital certificates going back over 10 years, including both self-signed and CA-issued certificates.

Good for them, except they didn't start scanning for themselves until 2013 ... so about this database ...

During this time, open source projects scanned the Internet and collected public data such as certificates. The first certificate for clintonemail.com in the TrustNet database was issued 29 March 2009 from Network Solutions.

OK, now we get to the nitty-gritty. They may be relying on the "2012 Internet Census", or they may not. Who the **** knows, because they didn't say !!!

They just say the first certificate for clintonemail.com in the TrustNet database was issued 29 March

Which tells us nothing about what was actually running on the server pre march 2009.

sunmaster14 said:
So assuming this Venafi employee is correct, this is strong evidence that Clinton's server was not using an X.509 certificate for proving identity nor doing encryption of communications. It's certainly possible that Clinton was sending and receiving encrypted emails, using, say PGP, but that it is rather onerous.
Click to expand...

No, it's not evidence at all. Where is the evidence?
To paraphrase, his "evidence" is:

We used open source project scans to build our database, prior to 2013 , and that cert is the first one we have

Where is the actual port scan data ? the methodology ? Nope, nothing. That's not evidence.

sunmaster14 said:
I think at this point it's extremely likely that Clinton had a very unsecure server for a couple of months. Worse, it's possible that when the certificate was finally installed, the private key could have been obtained by somebody who had already compromised the server. Thereafter, access to server communications would have remained open to whomever got a hold of that private key.
Click to expand...

Of course you do. Especially since it's so difficult to use a self signed cert that exchange 2007 does it OOTB for you, right ?

BTW, I wish people would use italics instead of quotes for things we are discussing, since quotes don't appear when replying, and i have to tediously cut and paste so we can see what we are discussing.
 
A couple of pertinent articles -

http://thehill.com/blogs/ballot-box/presidential-races/275167-fbi-head-no-rush-to-wrap-clinton-email-probe-pre

"In no hurry" meaning in the same sense as a glacier. In that article they mention the State Department's investigation of a staggering 22 emails, they've been at it for months. I caught in another article that the investigation itself hadn't actually started, just at the "administrative level". Well, that means they didn't investigate.

This article goes into detail on why:

http://www.usatoday.com/story/opinion/2016/04/04/hillary-clinton-email-scandal-legal-definition-national-defense-information-classification-column/82446130/


What a DA will indict in a week, and a U.S. Attorney in a month, will take Justice more than a year if they ever pull the trigger at all. They tend to be hamstrung by endless memos, briefs, meetings and approvals from multiple levels and divisions. There sometimes appears to be an institutional fear of losing, however minimal the chance. This is an endemic characteristic of many bureaucracies. Unfortunately, it is likely that, at this very moment, many good lawyers at DOJ may be using all sorts of sophistry and rationalization to try to avoid applying the plain language of the law to Hilary Clinton,
Click to expand...


It would take about one minute for an experienced investigator to look at an email to decide if it contained information protected by law. So a whole 22 minutes for the 22 emails the State Department was looking at. For the thousands in question being investigated by the FBI - a lot more, but not a year for Christ's sake.

That second article actually quotes the law in question


The applicable statute, 18 USC 793, however, does not even once mention the word “classified.” The focus is on “information respecting the national defense” that potentially “could be used to the injury of the United States or to the advantage of any foreign nation.” 793 (f) specifically makes it a crime for anyone “entrusted with … any document ... or information relating to the national defense … through gross negligence (to permit) the same to be removed from its proper place of custody.” A jury (not a Democrat or Republican political administration) is, of course, the best body to determine gross negligence on the facts of this case.
Click to expand...

I believe we have already covered this, that Hillary's "Not Marked Classified" dodge is irrelevant.

But the fact it is the prosecutor, not FBI agents about to interview Hillary and the aides tells us that this case is coming to closure one way or the other.

The rule as I understand it is that a good prosecutor doesn't ask questions unless he already knows the answers. The FBI must already have finished or nearly finished its work and the prosecutor is giving them the opportunity to lie, trip themselves up, turn state's evidence - not to gain information.
 
16.5 said:
"On March 11, at a staff meeting, Clinton seemed to throw in the towel on her Blackberry, telling Boswell that she had read the memo and “gets it.” We know this from correspondence among Boswell’s staff."

Now we know why she dropped her efforts to get NSA to gerry rig a blackberry set up despite the fact she was "addicted" to it.

Intelligence about this vulnerability.... Pretty clear, huh fellas?
Click to expand...

No. Elaborate.

What specific vulnerability was this email referring to, and how do you know ?
 
16.5 said:
We know more than that, we know that Hillary and her team have not released any evidence that the server was secure during that period.

Notwithstanding her fans desperate attempts to shift the burden and [HILITEprove a negative.[/HILITE]
Click to expand...

It's silly to keep repeating that.

No one asked anyone to prove a negative.
 
TheL8Elvis said:
snip.
Click to expand...

Say, that was a lot of words for someone who admitted that you don't know if they had a cert between January and March.

I don't know
 if they had a self signed cert, says ThL8, but he'll be damned if he is going to stop shoveling bull **** over it.

Italics! Easy to quote
 
16.5 said:
We know more than that, we know that Hillary and her team have not released any evidence that the server was secure during that period.

Notwithstanding her fans desperate attempts to shift the burden and prove a negative.
Click to expand...

Your claim, you support it, 16.5

Not that TheL8Elvis and plague311 aren't doing a good job of dismantling your claim, but the burden of proof falls on you. Making a claim, and pretending it is true until falsified to your extremely biased satisfaction isn't how this stuff works.
 
16.5 said:
Say, that was a lot of words for someone who admitted that you don't know if they had a cert between January and March.

I don't know
 if they had a self signed cert, says ThL8, but he'll be damned if he is going to stop shoveling bull **** over it.

Italics! Easy to quote
Click to expand...

I'm sorry if all that actual logic was too confusing for you :(

Just call it ******** and move on, that's how to prove your point :thumbsup::thumbsup::D

(Also, ignore posts asking for your evidence)
 
Status
Not open for further replies.

Back
Top Bottom