The 2007 security hall of shame

Bad breaches, ghastly gaffes and five people we'd like to forget

Ummm ... oops? Notable meltdowns

Do you copy?: DHS's self-created DDoS attack Thousands of security professionals subscribing to a daily news roundup e-mailed by the Department of Homeland Security found their in-boxes clogged with mail from each other, thanks to an apparent technical oversight on the part of an e-mail administrator working for a DHS contractor. The early October cascade kicked off when one subscriber sent a reply to the list administrator with a change request. That e-mail was automatically resent to all of the list subscribers.

Within hours, dozens of subscribers replied to the original mail. Each response in turn was sent to all of the other subscribers on the list. By the end of the day, more than 2 million messages had been generated as recipients using Reply or Reply All first complained about the spam surge, then added to the flood by mailing offhand comments, humorous remarks and demands to be unsubscribed from the list -- creating, in effect, a miniature distributed denial-of-service attack. The e-mail addresses, phone numbers and contact information of several people, including government and military officials, were exposed during the uproar.

Bag that: Supervalu gets phished Eden Prairie, Minn.-based grocery chain Supervalu in February was conned into sending US$10 million to two fake bank accounts by phishers posing as employees working for two of the company's approved suppliers. Supervalu received two e-mails, one purporting to be from American Greetings and the other from PepsiCo's Frito-Lay unit, asking the company to send future payments for each supplier to new banks accounts based in Florida and Arkansas.

The e-mails were apparently convincing enough for Supervalu to deposit over US$10 million into both accounts before realizing it had been had. Happily for the retailer (and, presumably, whoever approved the change on its end), the money was recovered by the Feds before it was withdrawn.

Undiplomatic relations: Symantec in China A signature update to Symantec's antivirus software in May crippled thousands of PCs in China. The software identified two critical system files of the Chinese edition of Windows XP Service Pack 2 as a Trojan and quarantined them, causing widespread crashing. Making matters worse, those specific files were required to start affected systems in Safe Mode, ensuring all-but-total shutdown and drawing howls of protest from the blogosphere. Five weeks later, a red-faced Symantec decided to mollify affected users by giving them free backup software ... and extending their subscriptions to the same antivirus software that knocked out their computers.

Hear me, see me: House outs whistle-blowers The House Judiciary Committee in October had to apologize to dozens of whistle-blowers for accidentally exposing their e-mail addresses to other individuals who, like them, had used a committee Web site to secretly submit tips about alleged abuses at the Department of Justice. The snafu came about when a clerical employee at the committee accidentally included the e-mail address of all the whistle-blowers in the To field of a message sent out to each tipster, ironically to inform them of certain changes in access conditions. A substantial number of the more than 150 e-mail addresses in the distribution list included portions of individuals' real names. Included in the list were the public e-mail addresses of Vice President Dick Cheney and some apparently fictitious individuals.

Arrrrr! WGA sees pirate people: In August, an unspecified server error at Microsoft resulted in many paying users of the company's Vista and XP systems being mistakenly identified as pirates by Microsoft's Windows Genuine Advantage (WGA) software validation system. The problem lasted for 19 hours, during which time frustrated users lost some features on their system that they could get back only after revalidating themselves all over again. The glitch occurred over a summer weekend, leading to further frustration when help from the company was slow in coming.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jaikumar Vijayan

Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?