[mso] Lessons for managing a list (oops)

  • From: "James S. Huggins (MSO)" <MicrosoftOffice@xxxxxxxxx>
  • To: "MicrosoftOffice" <MSO@xxxxxxxxxxxxx>
  • Date: Tue, 21 May 2002 14:35:14 -0500

Linda, remember your headache with the new list . . .

well, you are NOT the only one.

I'd HATE to be the person in charge of THIS one

State Dept. virus exposes system flaw

Anyone could have sent messages to U.S. travel warning list


May 21 ? When the State Department sent out a computer virus to an e-mail
list devoted to travel warnings last weekend, the incident exposed a larger
shortcoming in the agency?s security. According to the company that manages
the mailing list, the State Department list had been set up to allow anyone
to send a message to all recipients ? including journalists, foreign
diplomats, overseas nationals. The virus proved it would have been easy for
someone to send out a fake global travel warning in the name of the State

THE LIST WAS ORIGINALLY set up correctly, said Gabriella Linares,
spokesperson for L-Soft International. L-Soft provides the hosting space for
the DOSTravel list where several copies of the Klez worm were distributed
over the weekend.

Before any message was sent to the group, it was to be reviewed by a State
Department official ? the normal procedure for ?monitored? mailing lists.

But at some point, the list operator ?got lazy or whatever,? and just set
the list to pass along any message, without review, Linares said. The only
trick ? the ?from? e-mail address had to be spoofed to appear as if it were
sent by the State Department, which is routine for most computer hackers and
virus writers.

The State Department did not immediately return calls asking about L-Soft?s

Someone noticed the list?s security flaw over the weekend, and took
advantage of it, repeatedly sending out computer viruses over the government

?There is a setting that the list owner has to check and verify a
message before it goes to the list,? Linares said. ?The list owner
deactivated that feature. They were not reviewing messages before they
were sent to the list.?

The DOSTravel list provides notification when the State Department
recommends that Americans avoid travel to a certain country. Only about
10-15 email messages are sent across the list per month. The list is popular
overseas; hundreds of Web sites in multiple languages link to the list?s
sign-up page.

But it is not the only means the State Department has to issuing  such
warnings. Had someone sent out a fake warning over the list, there would be
many ways for the department to retract it ? including a follow-up e-mail to
the list.

Still, the incident demonstrates a lapse of security during a particularly
sensitive time for the U.S. government and for international travel.

On Monday, a State Department spokesperson blamed L-Soft for the incident,
saying the third-party vendor didn?t provide appropriate security. But on
Tuesday L-Soft shot back, saying it was the State Department that failed to
manage the list?s security settings.

It was not immediately clear how many people subscribe to the list. It?s
open to the public; some journalists subscribe to stay abreast of potential
travel threats overseas. MSNBC.com is a subscriber and received several of
the infected e-mails.

An apology e-mail arrived Monday morning. ?If you ever have any doubts about
any e-mails arriving from our listserver, you should delete them, and not
risk getting a computer virus,? the apology read in part.

The virus came in the form of an attachment named doc.bat, which was
infected with the pesky Klez worm . The worm can be destructive ? some
versions disable anti-virus products. Other versions can copy private
documents and spreadsheets and mass mail them around the Internet.

?On Saturday, Washington D.C. time, there were several messages sent to the
DOSTRAVEL mailing list with viruses, despite our safeguards,? the apology
e-mail read. ?We have taken additional steps to prevent this from happening
in the future.?

The State Department is hardly alone in dealing with Klez. The worm and its
many variants has been the world?s most reported virus for several months
now; with infections rates slowly on the rise. UK e-mailing filtering firm
MessageLabs Inc. says it has stopped about 650,000 copies of the bug.

The DOSTravel list software has now been reconfigured to never pass along
attachments, according to the agency.





You are receiving this mail because you subscribed to mso@xxxxxxxxxxxxx or 

To Unsubscribe from this group, send an email to mso-request@xxxxxxxxxxxxx with 
a subject line that says "unsubscribe" (without the quotes).  Do not put 
unsubscribe IN CAPS.  Screaming doesn't get you out any faster and the caps 
prevent the function from working.

To change your email settings to digest or vacation (no mail), visit the 
group's homepage for full instructions.


To be able to use the files section for sharing files with the group, send a 
request to mso-moderators@xxxxxxxxxxxxx and you will be sent an invitation with 

Other related posts: