A couple of days ago the DHS (Dept. of Homeland Security) turned out to be ironically running an insecure listserv to send email that resulted not only in a mini-DDoS of all it's list subscribers but culminated with a complete breach of all the email addresses on that list when they tried to fix it.
Flip wrote a hysterical play-by-play account of the DHS spam which is worth reading to the bitter end because it just gets worse and worse.
Makes me a little concerned about who's securing the Homeland Security!
Then I found a quote from one of the email's in his blog post that fingers the company responsible:
Please note that NICC is aware of the situation and has notified Computer Science Corp to disable the open server...Also turns out not that it's not even a simple list server:
...Lotus Domino Release 7.0.2FP1 server hosted by a government contractor that reflects email to a list of thousands of subscribersCan you imagine if this weakness was exposed during an actual crisis and people didn't get the information they needed in a timely manner?
I feel more secure now, don't you?
No comments:
Post a Comment