RSS
Twitter
Homeland Security Can't Even Configure Its Mailing List Software Correctly?
from the that-makes-me-comfortable dept
Just after the federal gov't screwed up and shut off ca.gov, we find out that the Department of Homeland Security misconfigured its email list software causing a deluge of annoying emails to over seven thousand government employees. The list, normally used to broadcast news summaries of security news, apparently was set up so that any reply messages automatically were broadcast to all members. What happened next is familiar to lots of folks on mailing lists, where the "reply all" button is misused. The one difference, though, was that this wasn't a misuse of the reply all button, but on the mailing list automatically sending out anyone's message to everyone on the list. Many security experts on the list are apparently wondering what that says about Homeland Security's ability to deal with cybersecurity issues. Perhaps it was just a little configuration error, but you would think that the folks at the DHS would be a bit more careful about those things.
Reader Comments (rss)
(Flattened / Threaded)
Don't they know how to test things before implemen
Oh wait, this is the government. No they don't.
Sorry - I should have never asked a stupid question.
(reply to this comment) (link to this comment)
HOW DARE YOU INSULT THE MOST MAGNIFICENT GOVERNMENT OF ALL TIME?
TRAITOR!
(reply to this comment) (link to this comment)
the government? perfect?
what are you, stupid?
(reply to this comment) (link to this comment)
I thought the Iranian Ministry of Defense employee
I thought the Iranian Ministry of Defense employee chatting on the list was the most amusing part
(reply to this comment) (link to this comment)
It's not just worrying...
...but terifying that the DHS could let something like this slip. It could (and possibly did) spread some very personal information to alot of people.
If they can't keep personal info away from people who shouldn't know it.....?
(reply to this comment) (link to this comment)
Government Intelligence
Any good American knows the two words that never go together, Government and Intelligence. I am in a wonderful country, one of the best on this little blue marble we call home. But, some of the decisions made by our government, governmental policy makers and agents/agencies there, are less than admirable.
The best part of all this though... Elections!!!
(reply to this comment) (link to this comment)
They can't maintain a no-fly list either!
Should this really surprise anyone?
The no-fly list is a constant joke that never gets fixed.
(reply to this comment) (link to this comment)
Out of office
I wonder how many people on the list had out of office autoreply on. Every message would be replied to with an out of office message, which would be forwarded to everyone on the list, many of whom would generate an out of office reply again which would be fowraded to eveyon on the list, repeat ad infinatum.
(reply to this comment) (link to this comment)
The most terrifying words in the English language are: I'm from the government and I'm here to help.
Ronald Reagan
(reply to this comment) (link to this comment)
It's a goverment agency, you were expecting less?
(reply to this comment) (link to this comment)
Re: You never know
I wouldn't expect anything from the government. That would be too irresponsible of me to expect something, especially something positive.
(reply to this comment) (link to this comment)
out of office replies, i have NEVER seen an out of office reply-all. i am not even sure if you can set it up that way and if someone set up their out of office to reply all they should be fired from their job
(reply to this comment) (link to this comment)
Re: OUt of Office
If you had read the story NipseyRussell, you would realise that the problem with the system was the an 'reply' was being forwarded to everyone on the global address list. The Out of Office needn't be configured to some 'reply all' status for everyone to get spammed by it. The out of office 'reply' (singular) could be duplicated and sent to everyone. That being said, out of office replies to not generate out of office replies. So the initial statement was just as stupid.
(reply to this comment) (link to this comment)
Re: Re: OUt of Office
But you have to admit, it was funny.
(reply to this comment) (link to this comment)
Two words - Lotus Notes
According to Ars Technica's article this was a Lotus Notes issue.
http://arstechnica.com/news.ars/post/20071005-dhs-flunks-e-mail-administration-101-causes- mini-ddos.html
Why in the hell are they using Lotus Notes, IBM doesn't even use that piece of garbage. Great security BTW, grab a user.id file and your in. I know some Lotus fanboy will probably flap that tired diatribe "Notes is Groupware" which sounds good but it doesn't excuse the EXTREMELY POOR DESIGN of the Notes platform.
The most damning design flaw in Notes is the Address book. "All your eggs in one basket", hardly conveys the ignorance. More like "All your eggs, chickens, livestock, cash, children, hopes, dreams and then kitchen sick in one basket"
Beside the idiots at DHS should have a static reply to.
(reply to this comment) (link to this comment)
Add Your Comment