Homeland Security Can't Even Configure Its Mailing List Software Correctly?

from the that-makes-me-comfortable dept

Just after the federal gov't screwed up and shut off ca.gov, we find out that the Department of Homeland Security misconfigured its email list software causing a deluge of annoying emails to over seven thousand government employees. The list, normally used to broadcast news summaries of security news, apparently was set up so that any reply messages automatically were broadcast to all members. What happened next is familiar to lots of folks on mailing lists, where the "reply all" button is misused. The one difference, though, was that this wasn't a misuse of the reply all button, but on the mailing list automatically sending out anyone's message to everyone on the list. Many security experts on the list are apparently wondering what that says about Homeland Security's ability to deal with cybersecurity issues. Perhaps it was just a little configuration error, but you would think that the folks at the DHS would be a bit more careful about those things.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    The Swiss Cheese Monster, Oct 4th, 2007 @ 9:14pm

    Don't they know how to test things before implemen

    Oh wait, this is the government. No they don't.

    Sorry - I should have never asked a stupid question.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    HERATICK!, Oct 4th, 2007 @ 10:12pm

    HOW DARE YOU INSULT THE MOST MAGNIFICENT GOVERNMENT OF ALL TIME?

    TRAITOR!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    ???, Oct 4th, 2007 @ 10:14pm

    the government? perfect?
    what are you, stupid?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    rattran, Oct 4th, 2007 @ 10:29pm

    I thought the Iranian Ministry of Defense employee

    I thought the Iranian Ministry of Defense employee chatting on the list was the most amusing part

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Mike F.M, Oct 5th, 2007 @ 12:21am

    It's not just worrying...

    ...but terifying that the DHS could let something like this slip. It could (and possibly did) spread some very personal information to alot of people.

    If they can't keep personal info away from people who shouldn't know it.....?

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Forest Johnson, Oct 5th, 2007 @ 2:20am

    Government Intelligence

    Any good American knows the two words that never go together, Government and Intelligence. I am in a wonderful country, one of the best on this little blue marble we call home. But, some of the decisions made by our government, governmental policy makers and agents/agencies there, are less than admirable.

    The best part of all this though... Elections!!!

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Paul Reid, Oct 5th, 2007 @ 4:20am

    They can't maintain a no-fly list either!

    Should this really surprise anyone?

    The no-fly list is a constant joke that never gets fixed.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Ben Robinson, Oct 5th, 2007 @ 5:03am

    Out of office

    I wonder how many people on the list had out of office autoreply on. Every message would be replied to with an out of office message, which would be forwarded to everyone on the list, many of whom would generate an out of office reply again which would be fowraded to eveyon on the list, repeat ad infinatum.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Overcast, Oct 5th, 2007 @ 6:28am

    The most terrifying words in the English language are: I'm from the government and I'm here to help.
    Ronald Reagan

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    You never know, Oct 5th, 2007 @ 7:11am

    It's a goverment agency, you were expecting less?

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    CW, Oct 5th, 2007 @ 8:12am

    Re: You never know

    I wouldn't expect anything from the government. That would be too irresponsible of me to expect something, especially something positive.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    nipseyrussell, Oct 5th, 2007 @ 8:54am

    out of office replies, i have NEVER seen an out of office reply-all. i am not even sure if you can set it up that way and if someone set up their out of office to reply all they should be fired from their job

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Jiminy, Oct 5th, 2007 @ 9:34am

    Re: OUt of Office

    If you had read the story NipseyRussell, you would realise that the problem with the system was the an 'reply' was being forwarded to everyone on the global address list. The Out of Office needn't be configured to some 'reply all' status for everyone to get spammed by it. The out of office 'reply' (singular) could be duplicated and sent to everyone. That being said, out of office replies to not generate out of office replies. So the initial statement was just as stupid.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Mischa, Oct 5th, 2007 @ 10:34am

    Re: Re: OUt of Office

    But you have to admit, it was funny.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Clueby4, Oct 5th, 2007 @ 9:41pm

    Two words - Lotus Notes

    According to Ars Technica's article this was a Lotus Notes issue.

    http://arstechnica.com/news.ars/post/20071005-dhs-flunks-e-mail-administration-101-causes- mini-ddos.html

    Why in the hell are they using Lotus Notes, IBM doesn't even use that piece of garbage. Great security BTW, grab a user.id file and your in. I know some Lotus fanboy will probably flap that tired diatribe "Notes is Groupware" which sounds good but it doesn't excuse the EXTREMELY POOR DESIGN of the Notes platform.

    The most damning design flaw in Notes is the Address book. "All your eggs in one basket", hardly conveys the ignorance. More like "All your eggs, chickens, livestock, cash, children, hopes, dreams and then kitchen sick in one basket"

    Beside the idiots at DHS should have a static reply to.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This