Homeland Security e-mail server turns into spam cannon

Subscribers to a U.S. government daily e-mail bulletin were inundated with e-mails due to a glitch with its mailing list

Subscribers to a U.S. Department of Homeland Security daily e-mail bulletin were inundated with dozens of e-mails on Wednesday due to a glitch with the mailing list.

The gaffe started after one man, Alex Greene, a manager at GKN Freight Services, sent a reply to the Daily Open Source Infrastructure Report, a round-up of security-related news reports, to change his subscription information.

The e-mail server sent Greene's reply to everyone on the DHS's subscriber list, which sent off a torrent of responses from recipients -- some humorous, some irritable -- which in turn were fired out again to all subscribers, according to the SANS Institute, a computer security monitoring organization. The cause of the problem was likely an erroneous change in the e-mail server's settings.

The error could cause big trouble if a hacker sent a bad e-mail attachment with a zero-day security vulnerability "to nail a few dozen gullible security professionals," Marcus Sachs wrote in the SANS diary, which documents security incidents.

"If you maintain a broadcast mailing list, make sure that the address will not reflect e-mail from sources other than the owner of the list," Sachs wrote. "Otherwise, you will become a training example for SANS."

Excerpts of some of the e-mails were published by The New York Times.

"Dear Mr. Alex Greene (the guy who started this mess). May the fleas of a thousand camels infest your armpits and may a yak in heat make love to your shin," wrote Michael B. Smith.

Others were more lighthearted and opportunistic about the mistake. "Well as long as we have a free for all going here, I'm job hunting," wrote Lt. Col. Mary Brown, a U.S. Air Force Reserve officer. "Anybody have anything open out there?

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies