worldnews

1900 readers

1 users here now

Welcome! This community is constantly upgrading and is a current work in progress. Please stay tuned.

/c/[email protected] strives for high-quality standards on the latest world events.

The basis of these standards comes from the MBFC, which uses an aggregate of methodologies, including the IFCN and World Freedom Indices, to rate the Bias and Factual Reporting of News.

These are non-profit organisations with full transparency of their funding and structure. Likewise, this community is also transparent – Please feel free to question its staff and the overall content of this community.

Does your post fit the standards? Check this thread!

Rules:

Disallowed submissions

~~US internal news/US politics~~ (Allowed while the Fediverse grows)
Editorialised titles
Editorials, opinions, analysis
Feature stories
Non-English articles
Images, videos or audio clips -- General Social media posts (Only Allowed during ongoing world events)
Petitions, advocacy, surveys
All-caps words in titles
Blogs
Old news (≥ 1-Month-old) articles
Memes/GIFs
Unlabeled NSFW images/videos
URL shorteners
Paywalls (Copy-Pasting the Article content or bypassing the paywall is allowed)

Commenters will receive one public warning with only one strike if violating any of the following rules:

Celebrating death/Advocating violence
Genocide denial/downplaying genocide
Disinformation/misinformation
Health disinformation/misinformation
Bigotry / Other offensive content Personal attacks on other users
The general rules of the sh.itjust.works instance apply!

Thank you.

todo list:

Automate a bot to check standards
Introduce tl;dr bot
Gain more moderators

founded 2 years ago

MODERATORS

goat

Typo sends millions of US military emails to Russian ally Mali (www.bbc.co.uk)

submitted 2 years ago by [email protected] to c/worldnews

17 comments fedilink hide all child comments

Millions of US military emails have been mistakenly sent to Mali, a Russian ally, because of a minor typing error.

Emails intended for the US military's ".mil" domain have, for years, been sent to the west African country which ends with the ".ml" suffix.

Some of the emails reportedly contained sensitive information such as passwords, medical records and the itineraries of top officers.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 32 points 2 years ago (1 children)

That’s what we in the cybersec business call an “oopsie daisy I made a little fucky-wucky”.

For real though, this isn’t a problem yet. The TL;DR is that Mali has a top-level domain “.ml”. Just like “.co.uk” for the UK. And the military uses the domain “.mil”. So lots of emails accidentally get sent to “[Military email]@[Military email server].ml” instead of sending to .mil.

So a bad actor could simply set up an e-mail server with .ml domains that mirror the military’s .mil ones, and start collecting all of those mis-addressed emails.

So why isn’t it an issue yet? Because we had a contract with Mali to manage their domain. They literally signed administrative rights for the .ml domain over. So the US was able to basically set up their own .ml mirrored sites, to capture all of those mis-addressed emails. They have captured thousands throughout the years, because military members keep misaddressing their emails. Supposedly containing all kinds of sensitive data. Everything from medical records to troop movements and equipment inspection reports.

But that contract ends this week, so Mali could 100% start registering their own domains when that contract expires and domain registrations begin expiring.

[–] [email protected] 8 points 2 years ago (1 children)

One solution to this would be to set the .mil mail servers to either correct or bounce all .ml addressed mail, no? It makes emailing legitimate .ml addresses more difficult, but requiring a second, dedicated gateway or mailserver for .ml would be at most inconvenient.