Technology

59201 readers

3238 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

'Millions' of sensitive US military emails were reportedly sent to Mali due to a typo (www.theverge.com)

submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

8 comments fedilink hide all child comments

'Millions' of sensitive US military emails were reportedly sent to Mali due to a typo::Millions of emails were misdirected to Mali due to a typo that swapped the US military’s .MIL domain for Mali’s .ML domain, according to a report from the Financial Times.

top 5 comments

sorted by: hot top controversial new old

[–] Mic_Check_One_Two@reddthat.com 11 points 1 year ago* (last edited 1 year ago)

That’s what we in the cybersec business call an “oopsie daisy I made a little fucky-wucky”.

For real though, this isn’t a problem yet. The TL;DR is that Mali has a top-level domain “.ml”. Just like “.co.uk” for the UK. And the military uses the domain “.mil”.

So lots of emails accidentally get sent to “[Military email]@[Military email server].ml” instead of sending to .mil. So a bad actor could simply set up an e-mail server with .ml domains that mirror the military’s .mil ones, and start collecting all of those mis-addressed emails.

So why isn’t it an issue yet? Because a Dutch contractor had a contract with Mali to manage their domain. They literally signed administrative rights for the .ml domain over to that Dutch contractor. And that contractor was the one who originally noticed the issue, since he saw lots of emails failing to deliver to sites like army.ml and navy.ml. He set up some quick domains to capture said emails, but it was quickly overwhelmed by the sheer volume; He’s received over a hundred thousand since January. But that contract ends this week, so Mali could 100% start registering their own domains when that contract expires and current domain registrations begin expiring.

[+] housepanther@lemmy.goblackcat.com -9 points 1 year ago (2 children)

Why am I not shocked? I hope that Microsoft gets heavily punished for this.

[–] Alinor@lemmy.world 10 points 1 year ago (1 children)

How is this Microsoft's fault?

[–] Cow_says_moo@lemmy.world 4 points 1 year ago

They're probably using MS exchange /s

[–] Mic_Check_One_Two@reddthat.com 4 points 1 year ago* (last edited 1 year ago)

This isn’t Microsoft’s fault though?

The US military uses the .mil domain, and Mali uses the .ml domain. People in the military/contractors keep typoing email addresses and sending them to the .ml domain instead of .mil.

The nuclear move would simply be for the military to disallow any emails to the .ml domain, and warn contractors about the issue so they can do the same. It’d block any legitimate emails to a .ml domain, but aside from diplomats there likely isn’t a huge need to email anyone at a .ml domain anyways. Those people who do need to do so could be selectively allowed to email .ml addresses.

load more comments