this post was submitted on 17 Jul 2023
124 points (98.4% liked)

Technology

75292 readers
3886 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
124
An email typo has reportedly sent millions of US military messages to Mali (www.engadget.com)
submitted 2 years ago by PopBobert@lemmy.world to c/technology@lemmy.world
15 comments fedilink hide all child comments
 

‘This risk is real and could be exploited by adversaries of the US,’ warned the Dutch whistleblower who discovered them.

you are viewing a single comment's thread
view the rest of the comments
[–] RheingoldRiver@kbin.social 6 points 2 years ago* (last edited 2 years ago)

no kidding, that's the kind of thing that after the first few times it happens, someone from product should flag this and build in a system with redundant checks if you want to send mail to .ml, like:

  1. The user has to have permission to send to .ml in the first place

  2. Any individual .ml address they want to send to has to be whitelisted in a separate UI from email compose (possibly excluding replies)

  3. Any time they send to .ml (or any external domain), the recipient box turns a different color, and there's a notice, CURRENTLY SENDING TO AN EXTERNAL DOMAIN

    • with a list of all external domains included eg you could also be sending to a contractor
    • and a count of the domains

  4. Any .ml sent mail is auto delayed by a couple minutes and requires you to confirm you wanted to send it (again possibly excluding replies)

I would hope there's also some flags emails can have for whatever sensitive info levels, these should also come with automatic client-side and server-side validation that you're not sending them to someone who you shouldn't.