WTF? DHS Mail List Meltdown Becomes Internet Party for Exposed Gov Wor kers

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

WTF?

I mean, I saw this referenced on the ISC SANS Handlers Diary this
morning (Thanks, Mark), but this is now on an entirely different
level.

Via Threat Level.

[snip]

A Department of Homeland Security mailing list that provides unclassified
daily news reports on critical infrastructure information experienced a
meltdown today when the list apparently got misconfigured and began routing
any reply that someone sent to another person on the list to every
subscriber on the list.

The list was further configured to reveal the e-mail address of the senders
so that the names and contact details of hundreds of list members --
including government workers in critical infrastructure positions -- were
exposed. The mishap also revealed an interesting tidbit -- at least one
member of the list works in some capacity with Iran's Ministry of Defense.

[snip]

More:
http://blog.wired.com/27bstroke6/2007/10/dhs-mail-list-m.html

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHBFuNq1pz9mNUZTMRAoL9AJ9Ru3mKxrYTqlQax/bZZoQPH8gtZgCfVBkv
wJOt3iQpfV1GK6fYY93lJMY=
=BUkz
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.