Friday, October 05, 2007

Department of Homeland Spam

A couple of days ago the DHS (Dept. of Homeland Security) turned out to be ironically running an insecure listserv to send email that resulted not only in a mini-DDoS of all it's list subscribers but culminated with a complete breach of all the email addresses on that list when they tried to fix it.

Flip wrote a hysterical play-by-play account of the DHS spam which is worth reading to the bitter end because it just gets worse and worse.

Makes me a little concerned about who's securing the Homeland Security!

Then I found a quote from one of the email's in his blog post that fingers the company responsible:

Please note that NICC is aware of the situation and has notified Computer Science Corp to disable the open server...
Also turns out not that it's not even a simple list server:
...Lotus Domino Release 7.0.2FP1 server hosted by a government contractor that reflects email to a list of thousands of subscribers
Can you imagine if this weakness was exposed during an actual crisis and people didn't get the information they needed in a timely manner?

I feel more secure now, don't you?

No comments: