Sat 16 Feb 2008
The good news. When they send bounced email, they strip out any attached email or original message.
The bad news. They send email from - ###REMOVEDFORNATIONALFREAKINGSECURITY###@… donotreply.com
More bad news. They include email addresses and names that are no longer valid.
The worst news. They also send email to TSA - which does not strip out the internal message.
Since homeland security and the TSA actually deal with national freaking security, I am not going to post the information in the emails past to say they include a mix of user information, software information, software usage information, hardware identification and expiration of software.
Could the “terrorists” use it? Like any data you expose to the public which is better kept private, it could be used for social engineering. Just think if you could call a department and tell them how many users they have running on a certain piece of software running certain hardware? Fishing for more information is just a jump from there.
So why post this? Why post any of this? Because this is just another example of corporations and government agencies paying lip service to security and privacy. Look at the companies listed this week. These are just examples of security or privacy issues, just examples, I have hundreds of examples, hundreds of thousands of pieces of mail.
And I am at the bottom end of stupidity. I am just one small instance demonstrating this lack of attention to detail.
When you give any private information to anyone, remember, they are idiots. They are not going to protect your information. So before you click submit, ask yourself, do you want chet reading your personal information?
10 Responses to “Scary Week Ends - The Department of Homeland Security”
Leave a Reply
You must be logged in to post a comment.
March 20th, 2008 at 6:40 am
[…] goes to a blogger who gets to post the scary things that come to that mailbox. For example. The Department of Homeland Security. Sigh. If you want to do something like that use your own domain as in donotreply@mydomain.com - […]
March 21st, 2008 at 4:59 pm
At least you’re not the only one, Chet. I remember reading an old Slashdot article about the Air Force, or some such, sending emails to a tourism site. The AF’s response to the site was to delete the emails the AF keeps sending them. >.<
http://it.slashdot. org/article.pl?sid=08/03/05/0710254
March 21st, 2008 at 11:25 pm
It is my understanding that law enforcement considers any information on the internet as public domain.
Having been in the Navy as an Information Systems Technician, I can tell you that the government is aware that no sensitive information is allowed to be sent over the internet, that is, unless they have changed their policies since I left (about three years ago). [caveat: I was stationed at an inter-agency assignment, so the scope of my experience is not limited to DOD policy]
So if the government has a policy of not transmitting sensitive information over the internet, and law enforcement considers anything on the internet public domain… well, I will let you draw your own conclusions here.
March 22nd, 2008 at 3:07 pm
Practically I should think you could make some money selling this domain to the DHS or someone up there in government land. I know they know too much already, but I’m impressed you actually take the time to deal with this… Bizarre.
March 24th, 2008 at 7:21 am
[…] Chet kann nichts dafür, hat den Ärger mit dem Mailserver, und macht das beste draus: Ein Web-Projekt. Er veröffentlicht die Mails, die bei ihm landen, und stellt die Benutzung des Servers in Rechnung (primär aus Jux, glaub ich, ich bezweifle, dass er diese Rechungen rumschickt). In diesen Mails stehen häufig vertrauliche Dinge (im Sinne von Rechnungsdaten, Adressen, etc…), und er kommt zu folgendem wunderschönen Fazit: When you give any private information to anyone, remember, they are idiots. via donotreply.com […]
March 27th, 2008 at 3:22 pm
allstate life ins co
Gehrig:snobbish likening
March 31st, 2008 at 8:43 am
“He added that another e-mail he received was about US “military procedures and tactics”.
“It had the notice ‘Destroy by any means to prevent capture’,” he said.”
@scooter: Military policy and what actually happens are two different things. At one place and time it seems good to have a policy that says “no sensitive info on the net”. At another it just seems so convenient to email those sensitive docs instead of mailing them.
April 1st, 2008 at 10:24 am
[…] You have probably seen some official emails come from your company or company you do business with, using the domain of “donotreply.com” as their email address since the mailbox is unattended. Or maybe the people sending the email have no interest in getting any response. So what happens if you actually reply to one of those emails? It goes to this guy who actually owns the domain. So far he has seen thousands of scary emails detailing the internal workings of companies and even some national security groups like the TSA and DHS. […]
April 3rd, 2008 at 5:53 am
[…] und wer alles so antwortet, illustre Namen wie „The Department of Homeland Security”, “Merrill Lynch” oder „Halliburton”. Und da Chet scheinbar Zeit und Muse hat, […]
April 13th, 2008 at 7:53 am
[…] sent to addresses @donotreply.com. Lots of private, secret information gets to them this way. The post about DHS is probably the single best, but of course it’s the cumulative effect of all the diverse […]