Millions Of Sensitive US Military Emails Misdirected To Mali, Despite 2014 Warning From Me

In August 2014, I noticed a potential security vulnerability in relation to the .mil top-level domain, which is operated by the US military. As such, I reported the issue to CERT, describing the issue in sufficient detail that they could understand the problem.

Today, I learned via a tweet from Elliot Silver:

about the report in the Financial Times concerning millions of US military emails being misdirected, and quote-tweeted that I had reported the issue many years ago:

https://twitter.com/GeorgeKirikos/status/1680925062621216768

Elliot Silver later blogged about it, and it’s been reported on by many other news outlets.

You can read my August 6, 2014 CERT “Vulnerability Report” here (I had prudently saved a copy), and the confirmation was VRF#HYIXW4Z4. [The PDF is redacted, as it had contained my cell phone number, which I rarely disclose.]

Continue reading “Millions Of Sensitive US Military Emails Misdirected To Mali, Despite 2014 Warning From Me”