Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Yahoo! Google Government

US Congress Bans Members From Using Yahoo Mail (bbc.co.uk) 121

A week after we learned that the House of Represantives had banned its members from using Google's appshot.com, more details about the blockage have surfaced. Reader Big Hairy Ian writes: A series of ransomware attacks on the House of Representatives has led U.S. Congress to ban members from using Yahoo Mail, according to a leaked email. Both Yahoo Mail and Gmail are named in the 30 April email, published on Thursday by Gizmodo, saying the attacks had increased "in the past 48 hours". Yahoo Mail will be blocked "until further notice" it adds. Ransomware encrypts victims' files and demands a ransom be paid for unlocking. In this particular instance, I think it isn't all of Yahoo Mail's fault. People need to be wary of the links they click on.
This discussion has been archived. No new comments can be posted.

US Congress Bans Members From Using Yahoo Mail

Comments Filter:
  • by Anonymous Coward

    If you know how to use them. Like a lot of problems in the US, education could probably help solve them, at least a little.

    • by TWX ( 665546 ) on Thursday May 12, 2016 @11:56AM (#52099119)
      If you look at the nature of product recalls, they're generally recalled for one of three reasons:

      Product is inherently flawed or otherwise unsafe and cannot be corrected. This covers things like manufacturing the chassis of a product with flawed materials, or using the wrong material, or a design whose intended use is inherently unsafe. Two examples I can think of off of the top of my head are Lawn Darts, whose very concept makes them unsafe, and the Perfect Flame grille, whose housing was magnesium and prone to igniting in a metal-fire.

      Product has minor flaws or only a risk of safety-issue, but correcting those flaws will cost too much to achieve. Inexpensive home goods may fall into this category, and sometimes when food products are recalled en-masse it's like this- only a few actual package of a food item may be dangerous, but it would cost far more to test all of the food for the danger than it is to just throw it away.

      Users misuse a product and it's not possible to correct user-error. At first this doesn't sound like a product problem, but casual-use products are not supposed to require advanced training to use. There's a threshold for the number of incidents relative to the userbase to be considered, and if too many users are all having similar problems then that's indicative that something in the product itself needs to be changed, as changing human behavior on a large scale is not easy.

      Unfortunately software has been allowed to violate #3 and arguably the others for a very long time, as the push for newer/faster/prettier has trumped all other considerations. It's about time that we acknowledge that we haven't really made much improvement in UI in the last decade and that at-best we're reimplementing the wheel, and that we need to forcus on the underpinnings.
      • by sims 2 ( 994794 )

        Just newer/prettier. I haven't seen a newer verison of something be faster in a very long time.
        And no the ui wasn't broken before.

        I have to point out that even in windows 10 half the settings are in a touch screen style ui and the rest are in a windows 7 ui its terribly inconistant.

        • Just newer/prettier. I haven't seen a newer verison of something be faster in a very long time. And no the ui wasn't broken before.

          I have to point out that even in windows 10 half the settings are in a touch screen style ui and the rest are in a windows 7 ui its terribly inconistant.

          you have no idea how much i hate touch screen UI on my Win10 computer. I hate it so much. all the control panels are still there but you have to go thru a curtain of simplified touch screen capable control panels first before you can find them EVERY time. It's a nightmare. Combine that with the hugely annoying Function Keys that are media keys and no way to change them to just plain function keys and I'm hating nearly every moment of my Win10 experience so far.

          • If you hate it so much, stop using it.

            Personally, I love it. I don't actually use it, because it's a piece of trash, but I love watching it make other people miserable while they suffer with it, but steadfastly refuse to abandon it like some kind of sadomasochistic ritual, and instead whine endlessly. Of course, they'll spout all kinds of excuses and rationalizations about why they can't possibly stop using Windows, but after year after year of MS making Windows more and more user-hostile, at this point I

            • If you hate it so much, stop using it

              If you can tell me how to turn off the UI Menus within menus that require me to dig thru touch capable menus ( that most importantly don't have the configuration options that I'm actually trying to access) in order to get to the panel that DOES have the config options I'm trying to get at. Then by all means enlighten me and I shall turn it off promptly.

              but steadfastly refuse to abandon it like some kind of sadomasochistic ritual

              I hate the touch screen aspects. There ar

              • If you can tell me how to turn off the UI Menus....

                You can't. That's how it is with Windows and proprietary software in general. You either take it or leave it. If the vendor doesn't care to make it configurable, then you're stuck with it as-is. Don't like it? Too bad. Stop your whining if you're not going to change.

                I hate the touch screen aspects. There are however things I really enjoy about windows

                Well you can't pick and choose. You can write to MS and try to get them to make these things configur

                • You can't. That's how it is with Windows and proprietary software in general. You either take it or leave it.

                  And this is why it's not "a free choice". I need to use windows to work and when MS changes things that makes it annoying to work with windows, I'm allowed to complain about it. I'm not steadfastly refus[ing] to abandon it like some kind of sadomasochistic ritual. I'm forced to maintain with it because of extrinsic factors that you seem to think are mythical.

                  Sure you can [switch]

                  No I can't because I

    • LOL, educate members of the House of Representatives?!? You can't educate people that are already certain they know everything!
  • Not how they roll (Score:5, Insightful)

    by sjbe ( 173966 ) on Thursday May 12, 2016 @11:26AM (#52098905)

    In this particular instance, I think it isn't all of Yahoo Mail's fault. People need to be wary of the links they click on.

    That's not how Congress rolls. They refuse to take personal responsibility for everything and they have the authority to make someone else pay for their incompetence and/or corruption.

    To be frank however, I cannot see any sane reason why our elected officials are not using official government email accounts supported by official government IT workers. It's not like congress doesn't know where to find the money to do it. Why on Earth they would be using Yahoo accounts while on the job is a mystery without a responsible answer.

    • Why on Earth they would be using Yahoo accounts while on the job is a mystery without a responsible answer.

      Because in the infinite wisdom of taxpayers and Congress government employees are not supposed to use the Government maintained e-mail to conduct personal business so they resort to webmail products. Also anything on the Government servers is subject to FOIA requests so they use a .COM server instead.

      FOIA is one of the biggest reasons that executive branch personnel (AKA Hillary, Condoleeza, and Colin Powell all had there own private e-mail servers.

    • Comment removed based on user account deletion
    • That's not how Congress rolls. They refuse to take personal responsibility for everything and they have the authority to make someone else pay for their incompetence and/or corruption.

      To be frank however, I cannot see any sane reason why our elected officials are not using official government email accounts supported by official government IT workers. It's not like congress doesn't know where to find the money to do it. Why on Earth they would be using Yahoo accounts while on the job is a mystery without a

      • I disagree. "Harmful" URLs should not be a problem for government computers, and if they are, that's the government's fault for having a shitty IT infrastructure.

        Hint: a URL can only be "harmful" if you're running Windows.

    • Why on Earth they would be using Yahoo accounts while on the job is a mystery without a responsible answer.

      It's congress, obviously they have too much spare time on their hands! It's not like they spend all day enacting useful legislation, is it? Hell, they can't even pass a budget plan!

    • by Hentes ( 2461350 )

      I'm guessing the reason they can block Yahoo without disrupting operation is because they don't actually use it. Those are most likely people checking their personal account from work.

    • Why on Earth they would be using Yahoo accounts while on the job is a mystery without a responsible answer.

      A sensible, and possibly accurate, answer: they're sticking with the e-mail accounts they're familiar with. Before they're elected, they won't have .gov e-mail accounts - they'll be heavily invested in something else, like Yahoo, something they've had and settled with for years. If elected, they can get a House account, but most all their contacts know them by their old accounts, and if they're un-elected in two years, the fancy House account goes away (I assume).

      So, a luddite (and let's face it, most pol

  • I'd still blame Yahoo for allowing this sort of thing. I've been warning people for MONTHS now to 100% stop using their search engine because random search results will redirect to a bogus Microsoft support virus infection message. It's a little difficult to train users to hover over the link and ignore the first 75 characters to see where it is actually pointing to- assuming they have the link details at the bottom.
    • failblog,com has been putting up a "You need to update Adobe" trojan for several weeks now... they really need to be more selective about who they let advertise on their site!
  • Why is it that people who are provided accounts by their employer/organization insist on using "free" services ? I can't imagine NOT using my work provided address for work stuff, and whatever personal address I use on whatever provider for personal stuff...

    • by cdrudge ( 68377 )

      Why is it that people who are provided accounts by their employer/organization insist on using "free" services ?

      For the same reason that I have a corporate email account, but also have a free account hosting my own domain at gmail. I want to keep my work activities and emails separate from my personal activities and email.

      In the case of Congress members, they are prohibited from using official account(s) for personal or political campaigning activities that are not related to an official representative purp

  • "Your email service has been banned. A generous contribution to the Congressional Don't Forget The Children fund can reverse this ban."

    - Sincerely, Congress
  • Better question... (Score:2, Insightful)

    by jratcliffe ( 208809 )

    ...is why non-government webmail is allowed on government computers? Should be blocked entirely. If it's a government computer, then it's for government business, and emails for government business should be sent on government accounts that are saved should they be needed for FOIA act requests down the line. If people want to use personal email, they should do it on personal devices.

    • by __aaclcg7560 ( 824291 ) on Thursday May 12, 2016 @11:49AM (#52099075)
      If the government computers are on an unrestricted, non-classified network, government workers are not that much different than regular office workers. Some personal usage is permitted as long as it doesn't interfere with work.
      • Reasonable personal usage is fine, no objection, but not software that allows for communications that aren't available for FOIA or investigation in the future.

        This is the model in finance - webmail, dropbox, etc. is blocked from work computers, but nobody cares if you email your spouse about weekend plans on your work account. If you email your spouse "hey, I just heard we're helping company X buy company Y, get your dad to buy a bunch of Y stock today," that's going to present a problem.

        • Most government workers don't have admin rights to install software on their government computers. The few who do and do install software can get into trouble whenever a security audit is run. I once had to figure out why a Java component was updating out of sync with the other Java components on one system, traced the log entries back to eight months, and determined that a user with admin rights had installed a version of Java from off the Internet. Fixed the problem, notified my management, and the user g
          • I'm not talking about admin rights (no reason for the user to have those), I'm talking about the firewall blocking gmail, yahoo mail, etc. etc. the same way it blocks pron sites, etc.

            • I'm not talking about admin rights (no reason for the user to have those), I'm talking about the firewall blocking gmail, yahoo mail, etc. etc. the same way it blocks pron sites, etc.

              Email services are typically not blocked because they don't present a security risk on a non-restricted, unclassified network. Government workers have annual training on the proper use of network resources, including clicking on any strange links in email and web browser. That's a lot more training than most people get in the private sector.

              • The security risk (which seems to be driving the Yahoo ban in the article) is one thing - the rationale for banning webmail is more extensive than just "somebody might click on a virus." It's also the fact that allowing its use leaves a major source of communication unreviewable and unarchived, which is a problem for FOIA or investigatory purposes.

                • It's also the fact that allowing its use leaves a major source of communication unreviewable and unarchived, which is a problem for FOIA or investigatory purposes.

                  Congress has the ability to subpoena personal email accounts. Everything in a subpoenaed accounts becomes public record. If the government worker is a contractor, the attorney for the contracting agency will review the personal email account. If Congress wants it, they get it.

                  • But that doesn't extend to FOIA, at least not fully.

                    • But that doesn't extend to FOIA, at least not fully.

                      If someone goes out of their way to avoid FOIA, you really can't stop them. If you lock down everything in sight, you won't get anything done. You can treat users as adults or children. The government agency I work for treats everyone as adults.

                    • You can't stop them, but you can make it harder for them. There's no good reason to allow access to non-logged, non-archived private email accounts on government computers, and lots of reasons not to.

                    • There's no good reason to allow access to non-logged, non-archived private email accounts on government computers, and lots of reasons not to.

                      Sure. But you have balance convenience with security. If politicians and government appointees are skirting FOIA, punishing government workers on non-restricted, non-classified networks isn't going to change the underlying problem.

                    • There's no loss of convenience - reasonable use of gov't email for personal use would be fine, and if the personal use isn't reasonable, the employee shouldn't be doing it at work at all.

                      Skirting FOIA should be a serious offense - if, for some reason, a gov't employee needs to use personal email for government work, then every email they send from that account should be required to be cc'd to their gov't account, so it gets archived.

          • Sorry, shouldn't have used "software," poor choice of words.

          • No, the problem here was that the user had admin rights. That should never happen. If some software requires admin rights to work, then you need different software. There is never any good reason for a non-admin user to have admin rights on a locked-down machine. The only users who should ever have admin rights are developers, but those machines should not be the same machines they access the internet with.

    • So when you are at work your significant other can't send you an e-mail to your company address with a grocery list or asking you to pick up the kids? You only use your phone to get these kinds of e-mail.

        BTW in many government facilities you can't bring in personal computing devices (including your phone0 so you use your government e-mail for this kind of communication or you use a webmail provider.

      • by jratcliffe ( 208809 ) on Thursday May 12, 2016 @12:11PM (#52099251)

        I have no problem with using gov't computers for limited personal business. That's perfectly reasonable. The employee needs to understand that business is now a matter of public record, however.

      • BTW in many government facilities you can't bring in personal computing devices (including your phone0 so you use your government e-mail for this kind of communication or you use a webmail provider.

        Or, they can use this old-fashioned thing called a "telephone" (I mean the government-provided landline desk phone that every government office worker has).

        And if they want to send a grocery list, they can just send that by text as usual, and then give their spouse a phone call at work to tell them they've sent

        • Not just secure spaces, many Air Force buildings prohibit bringing any person computing devices, including personal phones.

          True you can receive a call on your desk phone from a spouse but don't you think the GP might object to that base on his rant about not using non-personal devices for personal business.

          By the way these days that desk phone is really a dedicated computer using VIOP software and I have personally participated in meetings where it has been discussed eliminating stand-alone phones on AF des

          • I don't see the problem. The spouse just needs to call up and say "check your personal phone". Then the employee can leave the secure space or building, grab his phone from the locker, walk outside, and use it like normal. The government isn't going to hassle employees for using government computers and phones for this kind of thing.

            • I am referring to "jratcliffe's" attitude expressed in the above posting.

              According to him a government computer should only be used for government business and nothing else. He would probably to you taking that few minutes to go out to the car to check your personal phone.

  • by Bruce66423 ( 1678196 ) on Thursday May 12, 2016 @11:36AM (#52098983)

    As a user of both Yahoo mail and Live, it's notable that my junk folder in Yahoo is stuffed with phising emails - easily identified by the difference between the visible sender and the originating email address. By contrast my live junk folder has virtually none.

    So why doesn't Yahoo make the effort to kill off the dangerous junk?

    • Comment removed based on user account deletion
    • Simply answer to "why doesn't Yahoo do X?" is: because it would cost them money, and they don't have any. They will have even less after paying Marissa Meyer her $55 million golden parachute! Their new company slogan is is "Somebody buy us... please!"
      • "Please!" is right: Yahoo actually has negative value. Alibaba is the only part of the company that actually has real value, more in fact that the total value of Yahoo!, and once that spins off, the rest of it will be less that worthless: they'd have to somehow pay another company to take them over.

    • by Danathar ( 267989 ) on Thursday May 12, 2016 @12:48PM (#52099581) Journal

      The reason why Yahoo does not fix things is because the company is "dead man walking". They have been trying to get sold to SOMEBODY for years, but since Microsoft refused to buy them years back for a premium nobody seems to want to buy them.

      Spending the time, money and resources to fix an email problem is not a high priority for them considering the position the company is in...

  • Cubicle Politics 101: "Don't complain without supplying alternatives". The public-sector alternatives are not so great either. [reuters.com]

  • All internet advertising is immoral and should be made illegal. The inventor of the pop-up window needs to be shot, hung and quartered. Any less actions will be regarded as criminal collusion.
  • Why modern browsers even allows users to download and execute binaries any more confounds me. The app repository idea is something long overdue for all desktop OSs as well, where all of the SHA verification can be done and so forth. It would be a good idea to apply some access rules to ban users from executing any executable in their user writable directories like their home directory. It also makes little sense that we insist installers run as super user when all they need to do is install a few files, yet

  • Rather than Yahoo Mail being a particular attack vector for ransomware, is it not more likely that users who use a relatively old and unsophisticated email service are also more likely to indiscriminately click through on a dodgy email?
  • by Anonymous Coward

    is the FBI going to investigate the house of representatives for its use of corporate email when they had access to government email but chose to use their own preferred email due to convenience?

    quick...provide the house's IT director/staff with immunity to get to the bottom of this!

  • Funny how this came on the heels of a wide spread outage at yahoo mail last night.

  • IIRC, It was Netscape that started all this back in the 90s. I was on a mailing list, and suddenly HTML markup started appearing on the list. HTML added nothing to mail then, and I would submit that it adds nothing of value to mail now. No good ever comes from clicking on links or viewing images inline with mail. NONE. Mail is text. Attachments are data. You could cut down on a lot of shenanigans by going back to that. If they download an attachment, it's totally the user's fault.

  • Yahoo Mail is simply a vehicle that doesn't appear to me to be any more or less secure than most other delivery vehicles. Yesterday we dealt with some ransomware that came in the form of an email from an employee's spouse that had a link to a landscaping company, and that landscaping company's website had a link (probably an ad) to a malicious site that delivered the ransomware. The employee's spouse contacted their IT, who reported not seeing any ransomware, which is why I'm thinking it was an ad on the landscaping company's website rather than the website itself that had the malware.

    Telling Congress "don't use Yahoo Mail, it isn't safe, use official email instead" is giving them the wrong idea that they're safe to click on anything they get in the official email, and doesn't do anything to mitigate the danger of malicious websites. Their official mail might or might not be any better about scanning attachments for viruses. Their official mail would hopefully be better about prevent account hacks, though - it seems that's a fairly common thing for Yahoo Mail.
  • Huh, maybe they should run their own mail servers...

  • by jxander ( 2605655 ) on Thursday May 12, 2016 @12:49PM (#52099593)

    Do Congresscritters not have standard-issue .gov email addresses, with in-house servers (exchange, apache, lotus, whatever)??

    Or is congress saying that members can't use Yahoo at home for receiving recipes from their mom, participating in fantasy football, and/or signing up for Cat Facts.

  • "appshot" looks an awful lot like "asshat".

    • by Anonymous Coward

      At quick glance your name looks like puke.

  • by Revek ( 133289 ) on Thursday May 12, 2016 @12:58PM (#52099679)

    If they fall for some garbage email its their fault, not the provider. If they are so incompetent they fall for some scam it isn't yahoo or googles fault. I guess they will tell people to quit using AT&T or Verizon if they fall for some tech support phone scam.

  • No, bsmt is not bull shit mail transfer protocol. It is basement mail server protocol, as in you keep your own server in your basement. Is that allowed?
  • This is hardly a surprising action. Instead of addressing the behavior of people, the solution will be to attack a problem with technology. Its 'easier' then trying to fix people.

  • They should be explicitly banned from using anything other than the official email for official duties and only while using supplied equipment. Personal and business communications should be partitioned off from one another. This is how it *should* be but that's not how reality works.

Keep up the good work! But please don't ask me to help.

Working...