Homeland Security Can't Even Configure Its Mailing List Software Correctly?

from the that-makes-me-comfortable dept

Just after the federal gov't screwed up and shut off ca.gov, we find out that the Department of Homeland Security misconfigured its email list software causing a deluge of annoying emails to over seven thousand government employees. The list, normally used to broadcast news summaries of security news, apparently was set up so that any reply messages automatically were broadcast to all members. What happened next is familiar to lots of folks on mailing lists, where the "reply all" button is misused. The one difference, though, was that this wasn't a misuse of the reply all button, but on the mailing list automatically sending out anyone's message to everyone on the list. Many security experts on the list are apparently wondering what that says about Homeland Security's ability to deal with cybersecurity issues. Perhaps it was just a little configuration error, but you would think that the folks at the DHS would be a bit more careful about those things.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: email, homeland security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    The Swiss Cheese Monster, 4 Oct 2007 @ 9:14pm

    Don't they know how to test things before implemen

    Oh wait, this is the government. No they don't.

    Sorry - I should have never asked a stupid question.

    link to this | view in chronology ]

  • identicon
    HERATICK!, 4 Oct 2007 @ 10:12pm

    HOW DARE YOU INSULT THE MOST MAGNIFICENT GOVERNMENT OF ALL TIME?

    TRAITOR!

    link to this | view in chronology ]

  • identicon
    ???, 4 Oct 2007 @ 10:14pm

    the government? perfect?
    what are you, stupid?

    link to this | view in chronology ]

  • identicon
    rattran, 4 Oct 2007 @ 10:29pm

    I thought the Iranian Ministry of Defense employee

    I thought the Iranian Ministry of Defense employee chatting on the list was the most amusing part

    link to this | view in chronology ]

  • identicon
    Mike F.M, 5 Oct 2007 @ 12:21am

    It's not just worrying...

    ...but terifying that the DHS could let something like this slip. It could (and possibly did) spread some very personal information to alot of people.

    If they can't keep personal info away from people who shouldn't know it.....?

    link to this | view in chronology ]

  • identicon
    Forest Johnson, 5 Oct 2007 @ 2:20am

    Government Intelligence

    Any good American knows the two words that never go together, Government and Intelligence. I am in a wonderful country, one of the best on this little blue marble we call home. But, some of the decisions made by our government, governmental policy makers and agents/agencies there, are less than admirable.

    The best part of all this though... Elections!!!

    link to this | view in chronology ]

  • identicon
    Paul Reid, 5 Oct 2007 @ 4:20am

    They can't maintain a no-fly list either!

    Should this really surprise anyone?

    The no-fly list is a constant joke that never gets fixed.

    link to this | view in chronology ]

  • identicon
    Ben Robinson, 5 Oct 2007 @ 5:03am

    Out of office

    I wonder how many people on the list had out of office autoreply on. Every message would be replied to with an out of office message, which would be forwarded to everyone on the list, many of whom would generate an out of office reply again which would be fowraded to eveyon on the list, repeat ad infinatum.

    link to this | view in chronology ]

  • identicon
    Overcast, 5 Oct 2007 @ 6:28am

    The most terrifying words in the English language are: I'm from the government and I'm here to help.
    Ronald Reagan

    link to this | view in chronology ]

  • identicon
    You never know, 5 Oct 2007 @ 7:11am

    It's a goverment agency, you were expecting less?

    link to this | view in chronology ]

    • identicon
      CW, 5 Oct 2007 @ 8:12am

      Re: You never know

      I wouldn't expect anything from the government. That would be too irresponsible of me to expect something, especially something positive.

      link to this | view in chronology ]

  • identicon
    nipseyrussell, 5 Oct 2007 @ 8:54am

    out of office replies, i have NEVER seen an out of office reply-all. i am not even sure if you can set it up that way and if someone set up their out of office to reply all they should be fired from their job

    link to this | view in chronology ]

    • identicon
      Jiminy, 5 Oct 2007 @ 9:34am

      Re: OUt of Office

      If you had read the story NipseyRussell, you would realise that the problem with the system was the an 'reply' was being forwarded to everyone on the global address list. The Out of Office needn't be configured to some 'reply all' status for everyone to get spammed by it. The out of office 'reply' (singular) could be duplicated and sent to everyone. That being said, out of office replies to not generate out of office replies. So the initial statement was just as stupid.

      link to this | view in chronology ]

  • identicon
    Clueby4, 5 Oct 2007 @ 9:41pm

    Two words - Lotus Notes

    According to Ars Technica's article this was a Lotus Notes issue.

    http://arstechnica.com/news.ars/post/20071005-dhs-flunks-e-mail-administration-101-causes- mini-ddos.html

    Why in the hell are they using Lotus Notes, IBM doesn't even use that piece of garbage. Great security BTW, grab a user.id file and your in. I know some Lotus fanboy will probably flap that tired diatribe "Notes is Groupware" which sounds good but it doesn't excuse the EXTREMELY POOR DESIGN of the Notes platform.

    The most damning design flaw in Notes is the Address book. "All your eggs in one basket", hardly conveys the ignorance. More like "All your eggs, chickens, livestock, cash, children, hopes, dreams and then kitchen sick in one basket"

    Beside the idiots at DHS should have a static reply to.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.