this post was submitted on 17 Jul 2023
6 points (100.0% liked)
Technology
58061 readers
31 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That’s what we in the cybersec business call an “oopsie daisy I made a little fucky-wucky”.
For real though, this isn’t a problem yet. The TL;DR is that Mali has a top-level domain “.ml”. Just like “.co.uk” for the UK. And the military uses the domain “.mil”. So lots of emails accidentally get sent to “[Military email]@[Military email server].ml” instead of sending to .mil.
So a bad actor could simply set up an e-mail server with .ml domains that mirror the military’s .mil ones, and start collecting all of those mis-addressed emails.
So why isn’t it an issue yet? Because we had a contract with Mali to manage their domain. They literally signed administrative rights for the .ml domain over. So the US was able to basically set up their own .ml mirrored sites, to capture all of those mis-addressed emails. They have captured thousands throughout the years, because military members keep misaddressing their emails. Supposedly containing all kinds of sensitive data. Everything from medical records to troop movements and equipment inspection reports.
But that contract ends this week, so Mali could 100% start registering their own domains when that contract expires and domain registrations begin expiring.