The 2007 security hall of shame

Bad breaches, ghastly gaffes and five people we'd like to forget

Ummm ... oops? Notable meltdowns

Do you copy?: DHS's self-created DDoS attack Thousands of security professionals subscribing to a daily news roundup e-mailed by the Department of Homeland Security found their in-boxes clogged with mail from each other, thanks to an apparent technical oversight on the part of an e-mail administrator working for a DHS contractor. The early October cascade kicked off when one subscriber sent a reply to the list administrator with a change request. That e-mail was automatically resent to all of the list subscribers.

Within hours, dozens of subscribers replied to the original mail. Each response in turn was sent to all of the other subscribers on the list. By the end of the day, more than 2 million messages had been generated as recipients using Reply or Reply All first complained about the spam surge, then added to the flood by mailing offhand comments, humorous remarks and demands to be unsubscribed from the list -- creating, in effect, a miniature distributed denial-of-service attack. The e-mail addresses, phone numbers and contact information of several people, including government and military officials, were exposed during the uproar.

Bag that: Supervalu gets phished Eden Prairie, Minn.-based grocery chain Supervalu in February was conned into sending US$10 million to two fake bank accounts by phishers posing as employees working for two of the company's approved suppliers. Supervalu received two e-mails, one purporting to be from American Greetings and the other from PepsiCo's Frito-Lay unit, asking the company to send future payments for each supplier to new banks accounts based in Florida and Arkansas.

The e-mails were apparently convincing enough for Supervalu to deposit over US$10 million into both accounts before realizing it had been had. Happily for the retailer (and, presumably, whoever approved the change on its end), the money was recovered by the Feds before it was withdrawn.

Undiplomatic relations: Symantec in China A signature update to Symantec's antivirus software in May crippled thousands of PCs in China. The software identified two critical system files of the Chinese edition of Windows XP Service Pack 2 as a Trojan and quarantined them, causing widespread crashing. Making matters worse, those specific files were required to start affected systems in Safe Mode, ensuring all-but-total shutdown and drawing howls of protest from the blogosphere. Five weeks later, a red-faced Symantec decided to mollify affected users by giving them free backup software ... and extending their subscriptions to the same antivirus software that knocked out their computers.

Hear me, see me: House outs whistle-blowers The House Judiciary Committee in October had to apologize to dozens of whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the Department of Justice. The snafu came about when a clerical employee at the committee accidentally included the e-mail address of all the whistle-blowers in the To field of a message sent out to each tipster, ironically to inform them of certain changes in access conditions. A substantial number of the more than 150 e-mail addresses in the distribution list included portions of individuals' real names. Included in the list were the public e-mail addresses of Vice President Dick Cheney and some apparently fictitious individuals.

Arrrrr! WGA sees pirate people: In August, an unspecified server error at Microsoft resulted in many paying users of the company's Vista and XP systems being mistakenly identified as pirates by Microsoft's Windows Genuine Advantage (WGA) software validation system. The problem lasted for 19 hours, during which time frustrated users lost some features on their system that they could get back only after revalidating themselves all over again. The glitch occurred over a summer weekend, leading to further frustration when help from the company was slow in coming.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?