Subscribers to a U.S. Department of Homeland Security daily e-mail bulletin were inundated with dozens of e-mails on Wednesday due to a glitch with the mailing list.
The gaffe started after one man, Alex Greene, a manager at GKN Freight Services, sent a reply to the Daily Open Source Infrastructure
Report, a round-up of security-related news reports, to change his subscription information.
New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management
The e-mail server sent Greene's reply to everyone on the DHS's subscriber list, which sent off a torrent of responses from
recipients -- some humorous, some irritable -- which in turn were fired out again to all subscribers, according to the SANS
Institute, a computer security monitoring organization. The cause of the problem was likely an erroneous change in the e-mail
server's settings.
The error could cause big trouble if a hacker sent a bad e-mail attachment with a zero-day security vulnerability "to nail
a few dozen gullible security professionals," Marcus Sachs wrote in the SANS diary, which documents security incidents.
"If you maintain a broadcast mailing list, make sure that the address will not reflect e-mail from sources other than the
owner of the list," Sachs wrote. "Otherwise, you will become a training example for SANS."
Excerpts of some of the e-mails were published by The New York Times.
"Dear Mr. Alex Greene (the guy who started this mess). May the fleas of a thousand camels infest your armpits and may a yak
in heat make love to your shin," wrote Michael B. Smith.
Others were more lighthearted and opportunistic about the mistake. "Well as long as we have a free for all going here, I'm
job hunting," wrote Lt. Col. Mary Brown, a U.S. Air Force Reserve officer. "Anybody have anything open out there?
The IDG News Service is a Network World affiliate.
