An email typo has reportedly sent millions of US military messages to Mali | Engadget
www.engadget.com
A typo has reportedly routed millions of US military emails — some containing highly sensitive information — to Mali.

‘This risk is real and could be exploited by adversaries of the US,’ warned the Dutch whistleblower who discovered them.

  • Caboose12000@lemmy.worldEnglish
    13·
    1 year ago

    it’s wild to me that .ml isn’t a blocked domain by default for most military contractors and employees

    • RheingoldRiver@kbin.social
      6·
      1 year ago

      no kidding, that’s the kind of thing that after the first few times it happens, someone from product should flag this and build in a system with redundant checks if you want to send mail to .ml, like:

      1. The user has to have permission to send to .ml in the first place

      2. Any individual .ml address they want to send to has to be whitelisted in a separate UI from email compose (possibly excluding replies)

      3. Any time they send to .ml (or any external domain), the recipient box turns a different color, and there’s a notice, CURRENTLY SENDING TO AN EXTERNAL DOMAIN

        • with a list of all external domains included eg you could also be sending to a contractor
        • and a count of the domains

      4. Any .ml sent mail is auto delayed by a couple minutes and requires you to confirm you wanted to send it (again possibly excluding replies)

      I would hope there’s also some flags emails can have for whatever sensitive info levels, these should also come with automatic client-side and server-side validation that you’re not sending them to someone who you shouldn’t.