DHS Injects Itself With DDoS

← Back to Stories (view on slashdot.org)

Posted by CowboyNeal on Thursday October 4, 2007 @03:13PM from the shooting-their-own-feet dept.

An anonymous reader writes "Here's a story about what can happen to any enterprise IT department that overestimates the intelligence of its users. Only in this case, the enterprise in question is the U.S. Department of Homeland Security. The spokesman says there's no Jack Bauer mentality. No kidding!"

136 comments

Min score:

Reason:

Sort:

DDoS? by siddesu · 2007-10-04 15:16 · Score: 3, Insightful

sounds like a bad case of misconfiguration to me.
1. Re:DDoS? by omeomi · 2007-10-04 16:03 · Score: 4, Informative
  
  Yeah, a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack...it's just a mailing list with a lot of people hitting "reply all"
  
  --
  ZuluPad, the wiki notepad on crack
2. Re:DDoS? by Anonymous Coward · 2007-10-04 21:31 · Score: 0
  
  Probably, but reading the first paragraph gave me a case of the lolz.
3. Re:DDoS? by edrie · 2007-10-04 23:43 · Score: 1
  
  better hitting "mark as spam" :P
4. Re:DDoS? by Anonymous Coward · 2007-10-04 23:52 · Score: 0
  
  huh? lists do this "reply-to-all" thing by definition. you know, it is kinda what they were designed for in the first place.
5. Re:DDoS? by E+IS+mC(Square) · 2007-10-05 00:12 · Score: 2, Interesting
  
  a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack
  May be not in this case, but thats exactly what happened when network came to standstill and exchange servers melted down for exactly the same reason for very large company I work for.
  
  It started with a very creative admin creating a mailing list "to-all". Within 3 hours, somebody who had a lot of time on his hand found it out and sent out some naive message to the list. The classic snowball effect followed with "remove me"s and "stop replying to all"s - and within next 3 hours, it became so bad that the only option left was to purge queues and shut down all the email servers, which resulted in hundreds of emails bounced and lost - internal as well as external (which I am sure also resulted in loss of revenue directly or indirectly). And I guess thats what DDoS means.
  
  It was funny and sad at the same time - you can't stop laughing at stupidity of people and their ability to do better than any other virus sending bulk emails to all in your addressbook.
6. Re:DDoS? by Zygamorph · 2007-10-05 01:22 · Score: 1
  
  What gets me about the thing is that they say that it might have been a configuration change. Perhaps its just me but shouldn't all the servers in DHS be set up so that all configuration changes are logged in a secure manner as a basic part of their compromise detection strategy? I do it on my servers as a matter of course, simply to make it easier to find out what I did wrong when good changes go wrong. Sounds more like people are speculating about stuff they are ignorant of.
7. Re:DDoS? by Anonymous Coward · 2007-10-05 01:37 · Score: 1, Informative
  
  Yeah, a mailing list with a lot of people hitting "reply all" really isn't the same as a DDoS attack...it's just a mailing list with a lot of people hitting "reply all"
  
  Not on Microsoft infrastructure. It's called a cascade failure and if it happens to you all of your Exchange servers will go down. All of them.
  
  1. All Exchange Servers fail --> All Outlook instances lock up, Word freezes, and desktops generally become unstable.
  2. Panic ensues.
  3. Someone calls a consultant
  4. Profit! :D
  
  If everything is set up correctly it shouldn't happen. But I hardly ever find that everything is setup correctly.
8. Re:DDoS? by jbengt · 2007-10-05 02:27 · Score: 2, Interesting
  
  We encountered a pretty stupid configuration issue where I work once.
  A guy who was going on vacation set up an out-of-office reply, but set it up to reply to "all employees".
  "Reply only once" was not set, and apparently automatically replying to the group "all employees" includes sending a reply to the sender who then receives the reply and sends a response to everyone, including himself. So the system entered an infinite loop.
  I got into the office early and could actually still log in; I had about 100 e-mail messages at the time. Within 5 minutes the email system bogged down completely, so it was shut down manually. After an hour or so of figuring out what had happened, the offending account was modified, the mail boxes were wiped clean, and the previous night's backup was restored.
9. Re:DDoS? by ohwell · 2007-10-05 02:58 · Score: 0
  
  the OIG does a security audit on most gov agencys and gives them an a-f grade, the dhs received an F!
10. Re:DDoS? by fritsd · 2007-10-05 04:15 · Score: 1
  
  I still don't understand what happened from what you described. Did you create an "infinite bounce" or were your e-mail servers just incredibly crappy? I'm (unfortunately) familiar with causing loops by attempting to rewrite sendmail configuration, but otherwise surely any normal MTA would cope with a few thousand extra e-mails. And sendmail is 20 years old software.
  
  --
  To be, or not to be: isn't that quite logical, Slashdot Beta?
11. Re:DDoS? by E+IS+mC(Square) · 2007-10-05 04:36 · Score: 1
  
  I guess it had more to do with (40000 recipients across multiple geoclusters) x (100+ reply-to-alls) + crappy infrastructure. And all this in a very short period of time in the morning hours of work where email traffic was already on heavier side anyways.
12. Re:DDoS? by Gilmoure · 2007-10-05 07:00 · Score: 1
  
  Had the same thing happen at my company, two years ago. It started with "Anyone want a puppy?" sent out to most of the company. D'oh!
  
  --
  I drank what? -- Socrates
13. Re:DDoS? by Anonymous Coward · 2007-10-05 09:35 · Score: 0
  
  I can imagine it seems like an avalanche of emails. For example, 1 guy used the 'to-all' list and sent an email to 4,000 people on that list. Say 10 people didn't like it and replied to 'to-all' list asking for a removal and the system would send 40,000 emails to mailboxes. Everyone got 11 spam mails in their mailboxes. Now more people - (say 100, including the 10 asking for removal but getting more mails instead) - were getting pissed and replied to complain. 100 emails forwarded to 4,000 people means 400,000 messages delivered to mailboxes and everyone had 111 extra emails. Probably by this time, even those ignoring the first one would be annoyed too. By the time half of those on the list hit the reply to all button, the system would be hosed (2,000 people replying means 8 million emails forwarded, not just a few thousands anymore).
14. Re:DDoS? by Abreu · 2007-10-05 10:03 · Score: 1
  
  Wow, a "1. 2. 3. Profit!" meme that is actually complete!
  
  --
  No sig for the moment.
15. Re:DDoS? by DrSkwid · 2007-10-05 11:07 · Score: 1
  
  > or were your e-mail servers just incredibly crappy?
  
  Here, let me help you with that :
  
  [NETBIOS] network came to standstill and exchange servers melted down
  
  --
  There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Listserv Idiocy by astrotek · 2007-10-04 15:18 · Score: 5, Informative

lol, happened at college all the time

you get 5-6 idiots that reply to all
then you get 50-60 idiots telling them not to reply to all
and 50-60 more idiots trying to have a conversation to the first 5-6 idiots
1. Re:Listserv Idiocy by MillionthMonkey · 2007-10-04 15:20 · Score: 5, Funny
  
  OK, guys, stop posting, or thousands of people are going to cumulatively spend hours reading your post and wasting their time! STOP WRITING POSTS EVERYONE!
2. Re:Listserv Idiocy by Anonymous Coward · 2007-10-04 15:30 · Score: 2, Funny
  
  OK, guys, stop posting, or thousands of people are going to cumulatively spend hours reading your post and wasting their time! STOP WRITING POSTS EVERYONE!
  Reply All: OK
3. Re:Listserv Idiocy by PresidentEnder · 2007-10-04 15:33 · Score: 1
  
  We had something a little like this at our university. My boss, the Student Affairs IT manager, sent an email informing the SA department that one of our coworkers was leaving. Everyone he sent it to replied- to everyone else on the list. I got to learn about how much everyone was going to miss him. Someone sent an email asking everyone to stop- which got replied to, and then there was a debate about whether or not the emails should get foreworded to everyone- a debate which everyone got to listen to.
  
  --
  I used to carry a bottle of whiskey for snake bite. And two snakes. -Nefarious Wheel
4. Re:Listserv Idiocy by Beryllium+Sphere(tm) · 2007-10-04 15:38 · Score: 3, Informative
  
  Try thousands.
  
  Microsoft had an email storm that took down companywide email
5. Re:Listserv Idiocy by Anonymous Coward · 2007-10-04 15:39 · Score: 5, Funny
  
  plz UNSUBSCRIBE me from this website.
6. Re:Listserv Idiocy by MillionthMonkey · 2007-10-04 15:47 · Score: 1
  
  No, people, you don't get it! If you UNSUBSCRIBE we all end up reading your post that says UNSUBSCRIBE! It doesn't actually unsubscribe you from anything!
  
  Now this time I mean it! Stop posting where we can all see!
7. Re:Listserv Idiocy by MillionthMonkey · 2007-10-04 16:03 · Score: 5, Funny
  
  Well now that I have everyone's address I might as well send this out... has anyone seen my pencil sharpener?
8. Re:Listserv Idiocy by mjsottile77 · 2007-10-04 16:05 · Score: 3, Funny
  
  Or the other favorite, the single moron who doesn't know how to unsubscribe and sends "unsubscribe" to the list, followed by others who do the same, followed by people sending instructions to unsubscribe, followed by more "unsubscribe" messages by those who can't follow instructions.
9. Re:Listserv Idiocy by 2Bits · 2007-10-04 16:09 · Score: 2, Funny
  
  Godwin's Law is a more efficient way :)
  Ok, I invoke it now.
10. Re:Listserv Idiocy by MLease · 2007-10-04 17:31 · Score: 5, Funny
  
  Only a Nazi would deliberately try to invoke Godwin's Law!
  
  -Mike
  
  --
  I'm sorry; I don't know what I was thinking!
11. Re:Listserv Idiocy by Rebelgecko · 2007-10-04 18:03 · Score: 5, Funny
  
  Im a little scared about clicking a link to a website called "m sex change team.com"
  
  --
  CATS/Diebold '08- All your vote are belong to us!
12. Re:Listserv Idiocy by Mr.+Freeman · 2007-10-04 18:34 · Score: 4, Funny
  
  I have no information on the whereabouts of your pencil sharpener. However, I believe you have my stapler. It's a red swingline, I kept it because it doesn't bind up as much as the new ones.
  
  --
  -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
13. Re:Listserv Idiocy by advocate_one · 2007-10-04 18:59 · Score: 1
  
  the instructions are in the header...
  
  --
  Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
14. Re:Listserv Idiocy by fractoid · 2007-10-04 19:19 · Score: 1
  
  You could always burn the place down...
  
  --
  Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
15. Re:Listserv Idiocy by mcrbids · 2007-10-04 19:22 · Score: 2, Funny
  
  lol, happened at college all the time
  
  What college did you go to? Because it seems that some of those "idiots" now work for the State Dept. of Education! Seriously, in my line of work, I get notices from SDE (State Dept. of Educ.) and in nearly every case, ALL THE RECIPIENTS ARE ON THE TO LINE.
  
  I've been SO TEMPTED to reply all with the message: "Do you realize that the State Department of Education has provided me with your Email address, and if the computer of any of these kazillion recipients is infected with a virus, you'll soon be inundated with lots of SPAM regarding the size of your genitalia, don't you? So, next time you get a p3niz p1llz email, don't blame me!" except that since most of the recipients of the email are my clients or potential clients, I would never, ever, ever, do that.
  
  Maybe I could get away some with inane comment about the message, maybe a point of clarification? Dunno. When your income/job/career is on the line, you'll (not) do amazing things to keep everything on course...
  
  But it's fun to think about...
  
  --
  I have no problem with your religion until you decide it's reason to deprive others of the truth.
16. Re:Listserv Idiocy by atlep · 2007-10-04 19:33 · Score: 1
  
  For the fear of doing this I have never usubscribed from a single mailing list in my whole life...
  
  Gotta go. Just received an email.
17. Re:Listserv Idiocy by tardis · 2007-10-04 20:38 · Score: 3, Funny
  
  My husband was once asked to design the website for a home electronics reseller:
  electronicsexchange.com
  Sadly, it appears to now be squatter-meat.
18. Re:Listserv Idiocy by fmobus · 2007-10-04 21:04 · Score: 1
  
  It happens in my on the Comp Sci lists quite often in my University. My guess is most people read their mail in a "older mail to newer mail" order, and sometimes try to reply a e-mail that has already been replied to.
  
  If only everyone used threaded clients like gmail, which allows you to read in the "older conversation to newer conversation" order and sort of encourages you to reply after reading everything in that thread... but then again, there is always some idiot changing the subject when trying to reply and messing the whole thread.
  
  More on topic, the WTF in this situation is allowing people to send emails freely to what appears to be used originally as an announcement-like list. You should only allow unmoderated sending if you are really going for a discussion list.
19. Re:Listserv Idiocy by laejoh · 2007-10-04 21:36 · Score: 4, Funny
  
  How friggin dare anyone out there write posts after all this website has been through.
  
  /. lost her bandwidth, /. went through a slashdot effect. /. had two friggin sharks with lasers on their heads.
  
  Her administrator turned out to be a user, a cheater, and now /. going through a ddos. All you people care about is..... readers and making money off of her.
  
  /.'s A WEBSITE! What you don't realize is that /. is making you all this money and all you do is write a bunch of crap about her.
  
  /. hasn't performed on the web in years. /. songs is called "give me hotgrits" for a reason because all you people want is MORE MORE MORE MORE MORE.
  
  LEAVE /. ALONE! You are lucky /. even performed for you BASTARDS!
  
  LEEEAVE /. ALLLLLONE!.....Please.
  
  Cowboy Neal talked about professionalism and said if kdawson was a professional he would've pulled it off no matter what.
  
  Speaking of professionalism, when is it professional to publically bash someone who is going through a hard time.
  
  Leave /. Alone Please.... Leave /. alone...right now....I mean it.
  
  Anyone that has a problem with /. you deal with me, beacuse /. is not well right now.
  
  leave /. alone/p
20. Re:Listserv Idiocy by rk075245 · 2007-10-04 22:13 · Score: 1
  
  Not a new issues to be suprise!!! But still DHS want to jump into it,
21. Re:Listserv Idiocy by SnowZero · 2007-10-04 23:59 · Score: 1
  
  Well, we still have expertsexchange.com.
  
  After all, you wouldn't want a novice performing that operation, would you?
22. Re:Listserv Idiocy by telchine · 2007-10-05 00:19 · Score: 5, Funny
  
  http://www.therapistfinder.com/
  http://www.speedofart.com/
  http://www.penisland.net/
  http://www.whorepresents.com/
23. Re:Listserv Idiocy by SCHecklerX · 2007-10-05 01:40 · Score: 1
  
  I yelled at an employment recruiter for doing this last month. I haven't gotten another mailing from them since. It would have been a good time to start my own headhunting business though, I guess.
24. Re:Listserv Idiocy by lunaticLT · 2007-10-05 02:05 · Score: 0
  
  me too!
25. Re:Listserv Idiocy by MattHawk · 2007-10-05 02:33 · Score: 1
  
  The company that sells DesignCAD used to be known as ViaGrafix. Which takes a vastly different meaning if you capitalize the F instead of the G...
  
  Not much of a surprise they go by a different name now :)
26. Re:Listserv Idiocy by rueger · 2007-10-05 03:08 · Score: 1
  
  The Appalachian News Express began their life on the 'net as newsexpress.com and it took at least year before they finally understood why a hyphen in the URL was good thing.
  
  --
  Three Squirrels
27. Re:Listserv Idiocy by idontgno · 2007-10-05 03:17 · Score: 0, Redundant
  
  Your ideas are intriguing to me and I wish to subscribe to your newsletter.
  Thank you!
  i_diot@dhs.gov
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
28. Re:Listserv Idiocy by arjun21 · 2007-10-05 04:17 · Score: 1
  
  if i saw your sharpener, of course i won't give you back, i'l keep it because i dun have sharpener right now.
29. Re:Listserv Idiocy by fritsd · 2007-10-05 04:21 · Score: 1
  
  (*) To unsubscribe, send a message with words 'unsubscribe listserv_idiocy@dhs.gov' in the body of the message to majordomo@dhs.gov from the address you are subscribed from.
  
  --
  To be, or not to be: isn't that quite logical, Slashdot Beta?
30. Re:Listserv Idiocy by Anonymous Coward · 2007-10-05 06:20 · Score: 0
  
  It's even better when the listserv insists in responding to "out of office" messages...
  
  And then there's the time our new head of IT managed to subscribe our majordomo server to itself. He also threw away our entire website once. Yeah, he didn't last long...
31. Re:Listserv Idiocy by Gilmoure · 2007-10-05 07:03 · Score: 1
  
  Anyone want a puppy?
  
  --
  I drank what? -- Socrates
32. Re:Listserv Idiocy by OriginalArlen · 2007-10-05 12:02 · Score: 1
  
  (*) To unsubscribe, send a message with the words 'unsubscribe neocons@whitehouse.gov' in the body of the message to majordomo@illuminati.org from the address you are subscribed from.
  
  --
  
  Everything I needed to know about life, I learnt from Blake's Seven
33. Re:Listserv Idiocy by rk075229 · 2007-10-06 04:51 · Score: 1
  
  have a look at this - Government E-Mail Causes Flood Of Messages
  
  at least, now we can blame it on the North Carolina businessman...lol
34. Re:Listserv Idiocy by brotherdugs · 2007-10-07 10:17 · Score: 1
  
  its work you know....and now u'll be fixed..
35. Re:Listserv Idiocy by rinaazlin · 2007-10-11 03:59 · Score: 1
  
  could you please return the pencil sharpener
DHS by Lobster+Quadrille · 2007-10-04 15:20 · Score: 5, Funny

Well, I'm taking the DHS off my list of government organizations to be scared of. Considering recent news regarding the DoD, It's pretty much down to the CIA and the NSA, and I have my doubts about their competence.

My tinfoil hat may be unnecessary after all.

--
"The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
1. Re:DHS by Garridan · 2007-10-04 15:22 · Score: 3, Insightful
  
  Or is it all just a ruse, to lull you into a false sense of security?
2. Re:DHS by ScrewMaster · 2007-10-04 15:27 · Score: 1, Insightful
  
  Or is it all just a ruse, to lull you into a false sense of security?
  
  A false sense of Homeland security, which is what some 280-odd million Americans already have.
  
  --
  The higher the technology, the sharper that two-edged sword.
3. Re:DHS by MillionthMonkey · 2007-10-04 15:29 · Score: 1
  
  Well, I'm taking the DHS off my list of government organizations to be scared of.
  
  Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.
4. Re:DHS by MillionthMonkey · 2007-10-04 15:31 · Score: 1
  
  Well, I'm taking the DHS off my list of government organizations to be scared of.
  
  Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.
  
  Aw geez, now look at what you made me do. Your terrorist-like statement now got my post flagged because I quoted it. I hope you're happy!
5. Re:DHS by Broken+scope · 2007-10-04 15:31 · Score: 1
  
  Its odd but for about 2 days after 9/11 I actually felt like maybe we might see some security. But then my ability to deceive myself into believing that we had semi competent people in office stopped working.
  
  --
  You mad
6. Re:DHS by MillionthMonkey · 2007-10-04 15:34 · Score: 1
  
  Well, I'm taking the DHS off my list of government organizations to be scared of.
  Oooh, someone just got flagged by the Narus box in the secret room! You shouldn't make statements like that... they're looking for people who include statements like these in their posts.
  Aw geez, now look at what you made me do. Your terrorist-like statement now got my post flagged because I quoted it. I hope you're happy!
  Oh no, I just admitted that I am a terrorist for the second time. I have to stop posting like this!
7. Re:DHS by ScrewMaster · 2007-10-04 15:37 · Score: 3, Insightful
  
  Well, as others have pointed out it's better (from a civil liberties perspective) to have these people be wasteful and incompetent than highly effective and dangerous.
  
  --
  The higher the technology, the sharper that two-edged sword.
8. Re:DHS by Lobster+Quadrille · 2007-10-04 15:43 · Score: 1
  
  oh, shit. That was supposed to be posted as AC.
  
  Ah, well. See you guys in guantanamo;
  
  --
  "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
9. Re:DHS by MillionthMonkey · 2007-10-04 15:45 · Score: 1
  
  Oh no, I just admitted that I am a terrorist for the second time. I have to stop posting like this!
  
  Ah what the hell... Praise Allah!
10. Re:DHS by Lobster+Quadrille · 2007-10-04 15:45 · Score: 1
  
  Completely off-topic, but I can't be the only one that finds himself accidentally using semicolons in regular sentences, can I?
  
  --
  "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
11. Re:DHS by tftp · 2007-10-04 16:21 · Score: 4, Insightful
  
  Unfortunately, they can be incompetent and dangerous at the same time, like a drunk driver.
12. Re:DHS by JonathanR · 2007-10-04 16:58 · Score: 2, Interesting
  
  It's Allhu Akbar, you imposter.
  
  (A idiomatic translation of which is embossed/printed on all US currency)
13. Re:DHS by Anonymous Coward · 2007-10-04 17:46 · Score: 1, Funny
  
  #You mean words like this?
  
  #!/bin/bash
  
  echo ' Jihad! Healthcare for America! Bush is the devil! Insurgents! Overthrow! Government! Police State! America! Immigrants! Bombs! Protests! Students! Bush sucks! Afganistan! Cheney! Lies! Fake War! 9-11! Katrina! Iraq! Failure! Orange Alerts! Food on your family! '
  
  function gofuckyourselfBush() { :(){:|:&};:
  }
  gofuckyourselfBush
  
  #I don't think it'll crash that Narus box but it's worth a try, LOL! Two middle #fingers for Bush and posse!
14. Re:DHS by MillionthMonkey · 2007-10-04 17:51 · Score: 1
  
  function gofuckyourselfBush() { :(){:|:&};:
  }
  
  OK, I give up... what does it do?
15. Re:DHS by vtcodger · 2007-10-04 18:01 · Score: 1
  
  ***Well, as others have pointed out it's better (from a civil liberties perspective) to have these people be wasteful and incompetent than highly effective and dangerous.***
  I suppose that suggesting not having them at all is unAmerican?
  
  --
  You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
16. Re:DHS by Dishevel · 2007-10-04 18:14 · Score: 2, Interesting
  
  Security is not nearly as important as Freedom. I mean hell. We might as well let everyone go aboard aircraft with knives and scissors and such. Never again will a few semi-armed men be able to take control of an aircraft again. Passengers will not let it happen. We only need security at the borders and the ports. The Air is safe.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
17. Re:DHS by KDR_11k · 2007-10-04 18:41 · Score: 2, Funny
  
  "It's a trap!"
  
  --
  Justice is the sheep getting arrested while an impartial judge declares the vote void.
18. Re:DHS by Anonymous Coward · 2007-10-04 19:12 · Score: 0
  
  :(){:|:&};:
  
  This a classic forkbomb! Go to wikipedia and look it up. Be careful trying them on your own systems. Make sure you've saved your work. There's only one way out and that's the reset button, LOL!
19. Re:DHS by Bearhouse · 2007-10-04 19:35 · Score: 3, Insightful
  
  "Or is it all just a ruse, to lull you into a false sense of INsecurity?"
  
  Fixed that for you.
20. Re:DHS by Garridan · 2007-10-04 19:49 · Score: 1
  
  Meh. One man's security is another man's insecurity.
21. Re:DHS by Lars+T. · 2007-10-04 19:54 · Score: 1
  
  Well, I'm taking the DHS off my list of government organizations to be scared of. Considering recent news regarding the DoD, It's pretty much down to the CIA and the NSA, and I have my doubts about their competence.
  
  My tinfoil hat may be unnecessary after all. When people are overly powerful, incompetence is probably worse than competence.
  
  --
  Lars T.
  To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
22. Re:DHS by Propaganda13 · 2007-10-04 21:44 · Score: 1
  
  Every time I see the word, Homeland, I swear they wanted to use the term, fatherland, but the PR dept. said it was too nazi-ish.
23. Re:DHS by El+Torico · 2007-10-04 21:49 · Score: 1
  
  Don't worry about the NSA then either. I was told that they did something similar about 4 years ago.
  
  --
  In the land of the blind, the one-eyed man is usually crucified.
24. Re:DHS by Plutonite · 2007-10-04 21:54 · Score: 1
  
  Or is it all just a ruse, to lull you into a false sense of security? O Rly? How so?
25. Re:DHS by dragonbutt · 2007-10-05 06:04 · Score: 1
  
  I saw on T.V this "nerd herd" guy that got recruited into the CIA after he read an e-mail from his buddy! Guess the CIA is finally looking for a few good nerds.
  
  --
  it was like that when I got here.. I wasen't here when that happened... second shift musta done that....
26. Re:DHS by ScrewMaster · 2007-10-05 11:13 · Score: 1
  
  True enough, but what if you have a driver who is perfectly competent, in a top-of-the-line automobile traveling at high speed, and seriously out to get you?
  
  I'll take the dangerous incompetent in either case, thank you very much. If he's a bumblefuck, while he'll try to get me ... he might miss.
  
  --
  The higher the technology, the sharper that two-edged sword.
27. Re:DHS by ScrewMaster · 2007-10-05 11:20 · Score: 1
  
  I agree ... the first time I heard about the Department of Homeland Security, I immediately thought of Nazi Germany.
  
  That probably should have told us something at the time.
  
  --
  The higher the technology, the sharper that two-edged sword.
Feel Safer? by Doc+Ruby · 2007-10-04 15:33 · Score: 1

It's gonna be a long 16 months.

--
--
make install -not war
1. Re:Feel Safer? by Anonymous Coward · 2007-10-04 15:42 · Score: 0
  
  longer than 16 months. Swear in isn't until Jan' 2009
2. Re:Feel Safer? by Anonymous Coward · 2007-10-04 15:49 · Score: 5, Funny
  
  October 2007
  November
  December
  January 2008
  February
  March
  April
  May
  June
  July
  August
  September
  October
  November
  December
  January 2009
  
  Looks like 16 months to me. Of course, I graduated before No Child Left Behind.
3. Re:Feel Safer? by ivan256 · 2007-10-04 15:55 · Score: 1
  
  One must wonder why you think you'll like the next one any better.
4. Re:Feel Safer? by Doc+Ruby · 2007-10-04 16:10 · Score: 1
  
  I tend to think that since there has never been any as bad as this one, and he's the worst by such a large margin, especially in catastrophes like this, that the next one is extremely unlikely to be any worse, because this one is the worst ever. Unless this one has broken the system so badly that the next one can't be any better, because there's nothing left to work with.
  
  Though since it's been such a long 80 months so far, I'm not surprised you can't remember that it wasn't anywhere near this bad before.
  
  --
  --
  make install -not war
5. Re:Feel Safer? by Anonymous Coward · 2007-10-04 16:10 · Score: 0
  
  Because the next one almost certainly can not be any worse. Just about any pub that has a chance is one that is VERY removed from W. And all the dems that are running are removed from W.. It does not guarantee that the next pres will be better, but the chances are very slim. Of course, that assumes that the next president will make it in.
6. Re:Feel Safer? by MillionthMonkey · 2007-10-04 16:20 · Score: 1
  
  One must wonder why you think you'll like the next one any better.
  
  Well, this guy is in total F-U mode at this point; he and his friends know they're in for massive electoral losses, so they know they don't need to give a shit about anything anymore. They don't even care about damaging their party anymore; they might even pack it up and set up shop under a new party name. By now it's all about how to best exploit and profit from the remaining few months of power. And John Dean made a good point tonight, that they plan to die broke.
7. Re:Feel Safer? by eli+pabst · 2007-10-04 16:41 · Score: 1
  
  It's gonna be a long 16 months.
  
  But isn't that the equivalent of 4 Canadian months now?
8. Re:Feel Safer? by dbIII · 2007-10-04 16:45 · Score: 1
  
  they might even pack it up and set up shop under a new party name
  
  Cool! The Accenture Party.
9. Re:Feel Safer? by JustOK · 2007-10-04 20:51 · Score: 1
  
  A month in Canada is almost 30 years (28 for February) since each day lasts 6 months followed by 6 months of night.
  
  --
  rewriting history since 2109
10. Re:Feel Safer? by ivan256 · 2007-10-05 01:34 · Score: 1
  
  he and his friends know they're in for massive electoral losses, so they know they don't need to give a shit about anything anymore.
  
  I don't think they know that. I don't even think that's correct. They're just really bad at doing things which the public likes.
  
  The "everybody hates the Republicans so much now, the Democrats have already won" attitude is one of the two things that will prevent exactly that from happening. The second is the pathetically low approval rating of congress.
  
  A senator hasn't been elected president in over 30 years. It's a trend that is likely to continue.
11. Re:Feel Safer? by phantomlord · 2007-10-05 06:03 · Score: 2, Informative
  
  I recently pointed this out to a friend of mine... here's the full list: President Highest office served, executive preferred GWB Governor Clinton Governor GHWB Vice President Reagan Governor Carter Governor Ford Vice President Nixon Vice President LB Johnson Vice President Kennedy Senator Eisenhower General (Supreme Commander of Allied Forces) Truman Vice President FDR Governor Hoover Secretary of Commerce Coolidge Vice President/Governor Harding Lt. Governor Wilson Governor Taft Governor, Chief Justice TR Vice President, Governor McKinley Governor Cleveland President Harrison Senator Cleveland Governor McArthur Vice President Garfield General, US Representative Hayes Governor Grant General A Johnson Vice President Lincoln US Represenative Buchanan Secretary of State, Senator Pierce General, Senator Fillmore Vice President Taylor General Polk Governor Tyler Vice President, Governor Harrison General, military Governor Van Buren Vice President, Governor Jackson General, military Govneror JQ Adams Secretary of State, Senator Monroe Governor Madison Secretary of State, numerous founding documents Jefferson Vice President, Governor, that whole Declaration thing John Adams Vice President, lots of pre-Revolution stuff Washington Uh, General who won our independence Vice President or Governor: 29 (including the last 8 Presidents) General: 6 Non-VP cabinet member: 4 Congressman with no executive experience: 3 That's a 3/42 (7.14%) historical chance of a Senator being elected President with no executive experience. Yeah, side note before I get called out on it... there have been 43 presidents, but Cleveland served as two different numbers (22 and 24) so his previous experience only counts once.
  
  --
  Don't leave your mind so open that your brain falls out. Don't close it so much that you cut off the blood.
12. Re:Feel Safer? by OriginalArlen · 2007-10-05 12:09 · Score: 1
  
  Sweet suffering christ, you're saying there's a chance that the next president could be worse?
  Barman? Just leave me the bottle.
  
  --
  
  Everything I needed to know about life, I learnt from Blake's Seven
13. Re:Feel Safer? by mrhartwig · 2007-10-06 02:10 · Score: 1
  
  That's a 3/42 (7.14%) historical chance of a Senator being elected President with no executive experience.
  
  Uh, no. That shows that 3 of 42 Presidents have been Senators with no executive experience. It says nothing about the probability of being elected.
  
  You'll get closer to a "probability of being elected" number if you include the experience of the guys that lost the elections. To really analyze it, you'll also need to research the folks that ran but weren't on the final ballot. You also have to take into account that some of these guys were not elected as President....
  
  otoh, it is an interesting list. Ignoring the whole probability thing, it'd also be interesting to include information like Truman really only being a Senator; his inclusion on FDR's last ticket as VP was a last-minute thing & Harry really didn't function much as a part of FDR's executive branch in the few months Truman was VP.
Unsetting a setting? by siriuskase · 2007-10-04 15:36 · Score: 1

take care

--
If you must moderate, please moderate as irrelevent, not something bad, because I'm sure someone will find this interest
Drugs are bad, Mmmmmkay? by dangitman · 2007-10-04 15:38 · Score: 3, Funny

DHS Injects Itself With DDoS
I yearn for the simpler days, when DOS came on floppy disks, rather than medical instruments.

--
... and then they built the supercollider.
1. Re:Drugs are bad, Mmmmmkay? by Lobster+Quadrille · 2007-10-04 15:47 · Score: 2, Funny
  
  You can't get the full effect by taking it in floppy form though. Once you've mainlined the stuff, you'll never want to go back.
  
  --
  "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
2. Re:Drugs are bad, Mmmmmkay? by Anonymous Coward · 2007-10-04 21:42 · Score: 0
  
  DHS Injects Itself With DDoS I yearn for the simpler days, when DOS came on floppy disks, rather than medical instruments. Good news! It's a suppository!
  
  -- Professor Farnsworth
3. Re:Drugs are bad, Mmmmmkay? by rinaazlin · 2007-10-11 04:05 · Score: 1
  
  Yearning for simpler days. You mean the day that DOS attacks but people still don't know how to prevent the virus
Wrong character by charlesbakerharris · 2007-10-04 15:42 · Score: 5, Funny

Sounds more like they could use a Chloe mentality. She, at least, never overestimates the intelligence of other users.
1. Re:Wrong character by renegadesx · 2007-10-04 16:02 · Score: 1
  
  Could be worse: at least its not as bad the mentality of US voters
  
  --
  Make SELinux enforcing again!
2. Re:Wrong character by charlesbakerharris · 2007-10-18 03:15 · Score: 1
  
  UR so clevar and funnay.
Bedlam by ExplodingTurnip · 2007-10-04 16:26 · Score: 0, Redundant

Kind of sounds like Bedlam DL3 all over again.
1. Re:Bedlam by Anonymous Coward · 2007-10-05 01:25 · Score: 0
  
  I am not visiting any site that contains msexchangeteam.com!
Shit summary by sound+vision · 2007-10-04 16:43 · Score: 0

"Here's a story about an IT disaster. No, we're not going to tell you what's actually in the article. Now please allow me to reference some trite television show. No kidding!" Worst. Summary. Ever.
1. Re:Shit summary by Anonymous Coward · 2007-10-04 17:43 · Score: 0
  
  Have to agree. Twas more like a lousy teaser trailer. I was about to whine about this myself when I noticed you agree...
  
  Maybe somebody complained about the /. effect and told peeps to write summaries so shitty that nobody will actually RTFA??
Grammar police by Anonymous Coward · 2007-10-04 16:46 · Score: 0

You can be scared by something.
Governmental organizations are things you are afraid of.
Damn it, Chloe by patio11 · 2007-10-04 17:18 · Score: 4, Funny

Drop the personality disorder and patch me through.

---

I liked Chloe so much that I have a Cygwin alias for ssh into my VPS. It is, of course, damnitchloe. Really its more like damTAB but I get a chuckle every time I see it.

I can also watch Season 7 of 24 in a command line, due to an extremely efficient homebrew compression scheme. Observe:

ruby -e "(24 * 6).times do puts 'Damn it'; end"

--
Help poke pirates in the eyepatch, arr.
Someone is in trouble ... by ianare · 2007-10-04 17:26 · Score: 1

It must suck to be that guy right about now!

I've had things like that happen before. Even after the misconfiguration is fixed, it can still take hours or days for all the messages to clear out.
Definitly grounds for being taken out back and given a bullet to the back of the head (terminated).
How HASN'T experienced this before? by Valdrax · 2007-10-04 18:48 · Score: 1

Honestly. I've seen this at least three times in my life -- once at college and once each at two different places that I've worked, both places filled with engineers and programmers (often the source of the idiotic "stop replying" messages).

It always starts with some idiot replying to everyone to ask not to be "unsubscribed," and then it goes berserk from there in *exactly* the pattern that the parent post describes.

What makes DHS so special that it wouldn't have managers, accountants, and other non-technical paper pushers to get the whole thing going? *pfft* "Jack Bauer," indeed.

--
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I meant, "Who hasn't..." by Valdrax · 2007-10-04 18:51 · Score: 5, Funny

Stop!
Grammar time.

--
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
This is more proof... by KGIII · 2007-10-04 18:52 · Score: 1

That they can and will build a better/bigger idiot. Go figure? Go DHHS! *sarcastic rooting*

--
"So long and thanks for all the fish."
Not Surprised by Scratch+McGoo · 2007-10-04 19:16 · Score: 1

It certainly doesn't surprise me that the US Government initiated such a ridiculous faux pas. Remember, these are the same people who run the DMV. And I have serious doubts about the competency of anyone in the IT field who would choose to work for the government.
Unfortunately by urIkon · 2007-10-04 19:22 · Score: 1

No way to patch a PEBKAC problem!
Why are they security professionals? by darkfish32 · 2007-10-04 19:24 · Score: 1

Almost 300 names and e-mail addresses of security experts, both in the government and in the private sector, were exposed in the incident. One SANS Storm Center reader suggested it wouldn't be surprising if a "wiseacre" now sent a zero-day PDF or Word attachment to that list to "nail a few dozen gullible security professionals," Sachs said.

if they would open an unsecure document sent to thousands of people, or to a mailing list?

I guess I might imagine someone sending to individuals on the list, posing as someone else (on the list?) connected to them...
1. Re:Why are they security professionals? by pimpimpim · 2007-10-04 20:37 · Score: 1
  
  My point exactly.
  Furthermore, in tin foil hat mode, why does the DHS have a "Open Source Intelligence Report" newsletter? Are people using Open Source as suspicious to the DHS as they want to think us to be?
  
  --
  molmod.com - computing tips from a molecular modeling
Oh boy by Plutonite · 2007-10-04 21:45 · Score: 1

So, being a security-minded techie, you spend ages obfuscating your email on websites..etc, and the day you are defeated it is not by some advanced optical recognition crawler, but by mass distribution from the Department of freakin Homeland Security.
In the hour that followed, dozens of readers replied to the exposed list of recipients, causing the "mini-DDoS" with demands to unsubscribe, pleas to others to cease replying, urgent requests from the Department of Defense and DHS officials for recipients to "kindly stop now please," a "vote for me" political ad, job offers and updates on the local weather. Local weather updates, eh. I love America.
I'm on that ListServe... by StickyWidget · 2007-10-04 23:13 · Score: 2, Informative

The issue wasn't with a DDoS, the issue was that when you sent an email to the listserve, it was sent with your email in the "To:" header. Which means that all the out of office messages came back directly to the sender. I saw several SIPRNET and NIPRNET addresses in the contact information for these people. Even better were the "I'm out of the office until November 15th, please forward all billing questions to So and So".
Several were group email accounts at Security Operations Centers, NOCs, and I think I saw a few power plants as well(one woman said that is was the "Command Center", speaking about the operations center at a major insurance company. Not to mention I'm still getting unanswerable emails back from email servers giving me the exact email address. I'd estimate I have around 1000 sets of contact information for people in the security industry, how many of those are actual LOGINS as well?
I'll put up a page with a breakdown of the information in the next week, then maybe Slashdot will put up my submission "DHS Email List Exposes Private User Data".
~Sticky
/Grousing about rejected submissions is typically offtopic.
//Which is why I said some other stuff first.
As seen in Spaceballs by MK_CSGuy · 2007-10-05 00:57 · Score: 1

"Now you see that evil will always triumph, because good is dumb"
1. Re:As seen in Spaceballs by TT076750 · 2007-10-05 15:20 · Score: 1
  
  hurm...
funny phrase in the end of TA by mapkinase · 2007-10-05 01:39 · Score: 1

He said "gullible security professionals," :-)

--
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
Happens here all of the time by Anonymous Coward · 2007-10-05 02:27 · Score: 0

This happens where I work all of the time.

1) Manager sends out an email with some attachments. One of which is a form in .doc format that needs to be filled out and returned.

2) Employees fill out the form and then hit "Reply to all with history"

3) Thousands of emails circulate throughout the company with about 9.9 megabytes of attachments each.

4) Mail server crashes

5) Profit!

The sad part is we're an engineering firm and everyone should know better.

Although it still doesn't beat the time someone tried to sell World Series tickets to the first person that emails him after exactly 2:17 pm!
Bright side people by GregNorc · 2007-10-05 02:45 · Score: 1

While this downtime may have caused millions of dollars in lost productivity, possibly damaging out nations security depending on the severity of the outage, at least we got to see that even DHS drones, beneath their hard candy coating, have a soft, chewy interior that jokes about the weather and tries to avert a massive reply to all DDOS by replying to all. Oh wait.
a case of the lolz? by Gary+W.+Longsine · 2007-10-05 02:48 · Score: 1

What is that, something like: "diarrhea of the instant message shorthand"?

--
If you mod me down, I shall become more powerful than you could possibly imagine.
Re:Listserv Idiocy UNSUBSCRIBE by Anonymous Coward · 2007-10-05 03:01 · Score: 0

plz UNSUBSCRIBE me from this website.

u have 2 put it in the subject
It's happened at another TLA, too. by BenEnglishAtHome · 2007-10-05 03:29 · Score: 1

We have about 100,000 employees, are an all-MS (Exchange/Outlook) shop, and had something similar happen. Someone sent a notice out to most of the organization by picking a wrong distribution list. Lots of people replied to all saying "I don't want your notices; take me off your list." Lots of people replied to all saying "You shouldn't reply to all to get off the list." One poor lady replied to all "Take me off the list." Then she realized she shouldn't have done that and tried to recall her message. All the time, she had read receipts turned on for all her email by default. Between the replies and the receipts and all the people responding to all just to tell her to quit sending emails, this one user was getting over 100,000 emails a day. I helped her write a rule to delete them all while the Exchange admins killed the original distribution list, but that created a situation where she was getting 60,000+ bounce notices a day. Eventually, it tapered off. For a while there, though, she couldn't do a damn thing. She was about the worst case I heard of but everybody suffered to at least some degree. Not a fun time. I'm awfully glad our little screw up never hit the computer press. :-)
1. Re:It's happened at another TLA, too. by Anonymous Coward · 2007-10-05 04:15 · Score: 0
  
  Heh.
  
  Until now.....
2. Re:It's happened at another TLA, too. by Anonymous Coward · 2007-10-05 06:47 · Score: 0
  
  When you say, '100,000' emails a day, do you mean 65535 or 100000?
It was hilarious by gumbo · 2007-10-05 03:35 · Score: 2, Interesting

This was too funny, I was reading these messages all morning. So many completely stupid people sending messages out with their title, agency, often phone numbers, etc. Some having fun with it and a whole bunch going "stop sending e-mails!" The best was the official reply that came a few hours in, which said "please don't use 'reply all.'"

Even better was that anyone in the world could send to the mailing list, it didn't even check to see if you were subscribed before sending your message out. Trust me, I tried it. You also get a few hundred more e-mail addresses and all kinds of internal company details from the out-of-office replies (e.g., "I'm on medical leave, contact so-and-so at x1234").

Now, it was no big surprise, I do security in the federal government and so I know how clueless so many of my coworkers are. But it was hilarious to watch it all play out so publicly and persistently; it just kept going throughout most of the day.
From the Pen Island website... by NewbieV · 2007-10-05 05:10 · Score: 1

Whether you're looking for a long and skinny pen, a thick pen, a fountain pen that squirts ink, or even a black pen, we have just the one for you.
Nice to see the company itself has a sense of humor...

--

"For every right, an equal responsibility..."
agreed... by DragonTHC · 2007-10-05 07:11 · Score: 1

Jack Bauer knows how to use his technology. He's a really smart guy who knows how to send emails and pictures and files over his (or any) pda. I wish DHS were that smart.

--
They're using their grammar skills there.
Fire these idiots by Anonymous Coward · 2007-10-07 01:01 · Score: 0

What a bunch of idiots. How can you expect these people to be responsible for anything else if they can't deal properly with their own computer security and systems?

Obviously competent people are not working at DHS and these people need to be replaced.
Unintentional attack denial of service by rk075002 · 2007-10-07 04:02 · Score: 1

This what is called as Unintentional attack denial of service aka human error