Re: WTF? DHS Mail List Meltdown Becomes Internet Party for Exposed Gov Workers

[Robert Slade <rmslade () shaw ca>]

From: Paul Ferguson <fergdawg () netzero net>
Date: Wednesday, October 3, 2007 9:20 pm

> A Department of Homeland Security mailing list that provides
> unclassifieddaily news reports on critical infrastructure
> information experienced a
> meltdown today when the list apparently got misconfigured and
> began routing
> any reply that someone sent to another person on the list to every
> subscriber on the list.


It was pretty interesting.  I'm on the road teaching in Calgary, so I have to rely on Webmail and those clunky 
interfaces anyway, and then to have this mailstorm happen ...  Well, anyway, I think I've finally dealt with the last 
of it (although I'm sure a few more bounces will dribble in today).

The DHS list, for those who don't know it, is actually pretty good in terms of collecting various security related 
stuff from the news media.  It's been sending out the messages in PDF, but switched to Word format about a month ago 
(which indicates that whoever manages the production and distribution of the stuff is fairly technically thick).  We've 
seen indications in the past that the list wasn't locked down, but they switched servers about a month ago as well.

Yesterday morning, about 8 am eastern, somebody sent a message (probably just replying to the daily message) asking 
them to change his email address.  Standard bonehead mailing list move: sending admin mail to the list itself.  The 
server should, of course, have just rejected it, but it seems to be configured to accept email from anyone.  (He 
compounded the problem by sending a "cancellation" message after the first: I've kept both, as well as some of the more 
interesting subsequent traffic.)

> The list was further configured to reveal the e-mail address of
> the senders
> so that the names and contact details of hundreds of list
> members --
> including government workers in critical infrastructure
> positions -- were
> exposed.


The only email addresses exposed were of the people who got all hot and bothered and sent "take me off the noisy list 
immediately!" messages.  There are a lot of chowderheads on the list--as well as a number of people who took the whole 
thing in good humour.  At one point they started a series of messages along the lines of "where is everybody from?"  I 
replied to that, and got a whole bunch of bounce messages telling me about all kinds of people in sensitive positions 
who were away from the office--including one guy who announced that he was having health issues.

> The mishap also revealed an interesting tidbit -- at
> least one
> member of the list works in some capacity with Iran's Ministry
> of Defense.


Yeah, and he was one of the "WTF?  I didn't sign up for all this noise!" types.  I kept his message, too.


====================== 
rslade () computercrime org  slade () victoria tc ca  rslade () vcn bc ca
"If you do buy a computer, don't turn it on."     - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs:     [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews:   [Base URL]mnbk.htm
                [Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-subscribe () egroups com
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.