Politech mailing list archives

Previous By Date Next
Previous By Thread Next

FC: FAA.gov ran open mail relay, could let people forge FAA email

From: Declan McCullagh <declan () well com>
Date: Tue, 06 Nov 2001 08:53:04 -0500
[Excerpted from RISKS Digest Vol 21 Issue 73. (ftp://ftp.sri.com/risks) --DBM]

[...]

Date: Sun, 4 Nov 2001 17:15:16 -0500 (EST)
From: Bill Duncan <bduncan () beachnet org>
Subject: FAA Asleep at the Control Column?

A few days ago while looking through the e-mail rejection logs, I was
surprised to find some e-mail blocked by virtue of being in an RBL list and
coming from a host in the FAA.GOV domain.  The e-mail was obvious spam, as
I'd blocked the same sender (from a domain in the UK) from various other
addresses.

Being a new private pilot and with the recent of September events fresh in
my mind, I quickly investigated.  Sure enough, there was a host on their
network, loaded with software from that outfit in Redmond, and happily
spewing relayed mail.  (I tested whether it would relay mail from anywhere
to anywhere else by telneting to its smtp port.)

Furthermore, to get on this exclusive RBL list, the e-mail relay must've
been in operation for some time.

Imagining scenarios where relaying e-mail through the FAA system might at
best be an embarrassment, and at worst might be some kind of a security
threat, I immediately e-mailed whatever addresses I could find on their
website as well as the usual postmaster () faa gov etc.  So far, no response,
and according to my log files, I'm still rejecting spam from them.

While many US Federal Government agencies are discovering the virtues of
Open Source for security, I'm dismayed to find that the FAA is still using
software well known for insecurities on their website as well as other hosts
connected to the Internet.  Getting junk e-mail relayed through the FAA might
be just an annoyance, but it might also point to other security issues
there.

So if you get any e-mail from the FAA, be careful.  It's probably just
SPAM, but it might be worse.

  Follow-up: Mon, 5 Nov 2001 15:41:11 -0500 (EST)

I didn't want to include the identifying IP address in the original
submission, to protect the guilty, but it looks like they took it off this
morning.  I tried pinging the address and they are no longer there.  The
last SPAM which was sent my way from that address was at 1:15 this morning
EST.

Although I e-mailed about 4 addresses at the FAA, including one for emergency
response, I've received no replies as yet.  But I guess the message finally
got through this morning.  Maybe they'll take it as a wakeup call, which I
didn't think they'd really need after the recent events...

Here's the last log entry from my mail log, with the local address changed.
I'm using Exim.

2001-11-05 01:15:18 recipients from atos.faa.gov [204.108.10.130] refused
2001-11-05 01:15:18 recipient <localname () domain com> refused
  from atos.faa.gov [204.108.10.130]
  sender=<masterdisc8745 () gmx co uk> (host_reject_recipients)

Bill Duncan, VE3IED http://www.beachnet.org bduncan () BeachNet org
+1 416 693-5960

[...]

Date: Thu, 1 Nov 2001 20:39:12 -0500
From: Monty Solomon <monty () roscom com>
Subject: Sony uses DMCA against Aibo Enthusiast's Site

Sony Dogs Aibo Enthusiast's Site

Courts: The company uses a controversial law to stop owners from altering
the robotic pet. Some consumers balk.

Sony Corp. is using a controversial U.S. law aimed at protecting
intellectual property to pull the plug on a Web site that helps owners of
Aibo, Sony's popular and pricey robotic pet, teach their electronic dogs new
tricks.  Aibo owners are outraged, and hundreds have vowed to stop buying
Sony products altogether until the company backs off. Sony has sold more
than 100,000 Aibos worldwide since 1999, at prices ranging from $800 to
$3,000. The dogs have spawned a community of enthusiasts who fuss over the
mechanical marvels as if they were real canines.  [Source: Article by Dave
Wilson and Alex Pham, *Los Angeles Times*, 1 Nov 2001]
  http://www.latimes.com/business/la-000086726nov01.story?coll=la-headlines

[...]




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: