Typo watch: 'Millions of emails' for US military sent to .ml addresses in error For the past decade, millions of emails destined for .mil US military addresses were actually directed at .ml addresses, that being the top-level domain for the African nation of Mali, it's claimed. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, …
Can't stop stupid people from being stupid.
Computers are quite literal. They send email to EXACTLY the address that you tell them to send it to. There is absolutely nothing that the combined military power of the entire planet can do to stop this ... short of banning email entirely.
"half the world is stupider than average"
"You will find it is the median you are referring to"
I believe both those statements are wrong. Firstly because of the way IQ is calculated with 100 being by definition the average of everyone, the median and the mean are for all practical purposes the same. Secondly with intelligence being a symmetric bell curve, saying "half the world is stupider than average" is numerically making the same claim as "half the world is cleverer than average", and both are wrong. It would be correct to say that "half the world is of average intelligence or stupider", and of course it would be equally correct to say that "half the world is of average intelligence or cleverer".
In any case I find IQ to be a very reductive measure since it only measures 'logical' intelligence, and does not take into account emotional intelligence nor physical/motorial intelligence. All of which to a greater or lesser extent are required to be successful in life
I don't think IQ is a symmetric curve though, is it? There are people recorded with IQs above 220, but even our dumbest politicians would struggle to get down to -20. There might be some attempt to define it as a net bell curve, and it might approximate one, but it's going to be one with a long tail.
Are there people with verified scores that high? I can think of several in fiction, where making up random high numbers is the code for "I'm going to have this character do unrealistic things later and I'm hoping that this number will work as my get out of scoffing card". The way that IQ tests work today, however, makes those scores prohibitively difficult to happen. They are hard-coded to produce bell curves, whether that's a good idea or not (it's not the only bad idea in many such tests), so a score of 220 would pretty much require the smartest person to have lived in the past century and wouldn't necessarily include them either, since it's a one in ten trillion chance. The old way of assigning scores by age, which incidentally stopped working on graduation from secondary education, could allow a score of 220 if, for example, a child aged five was operating at the educational equivalent of one aged eleven, but for various reasons, this system has not been used for some time.
I doubt you can find someone who actually has a score of 220. There are probably people who claim they do, but they're likely to be lying on the assumption that people don't know how IQ scores work or what they mean.
'physical/motorial intelligence' is simply nonsense. Emotional intelligence is a thing but in the current context is irrelevant. And saying "Secondly with intelligence being a symmetric bell curve, saying "half the world is stupider than average" is numerically making the same claim as "half the world is cleverer than average", and both are wrong." is pedantic tosspottery.
Can't stop stupid people from being stupid.
But you can separate human mistakes from deliberate action.
Given that these emails were internal, they should have been explicitly marked for system exit or being bounced by the MTA.
This isn't rocket science, and hasn't been for decades. Even the UK government has something like that in place, and in its most basic form can simply be something added to the subject line. A typo would bounce off any such a system, so I'm a bit puzzled why this is still an issue.
Two answers:
- yes, guilty of PBC (Posting Before Coffee)
- but .. 'internal' does not always mean 'inside mil only'. UK's CJSM setup interfaces with a lot of external third parties which appear to manage those externals just fine, so it would be interesting if that is technology or decent management of the humans involved. That said, they screwed up in a different way by not making that website automatically divert to https :)
"There is absolutely nothing that the combined military power of the entire planet can do to stop this"
I shouldn't be hard to prevent mail from a .gov or .mil address from being sent to a .ml domain. There can even be a filter set for all US government agencies that prevent them from sending to a .ml address other than from a gateway account that somebody is manually verifying.
And of course there is something that _can_ be done (even if it _shouldn't_ be done):
Pressure the US (and US malleable) DNS responders to ignore the ICANN top-level domain servers for ".ML" and instead send them to a custom resolver that recognizes that e.g. "mail.ml" from the US should bounce.
Yeah, that's sucky for the Malian ISP who wants to register "mail.ml" for their own customers, but why be the biggest player in town if you don't throw your weight around!!!
And if you were feeling generous, you could build a gateway that forwards, say, fred@mail.ml.forwarder.com to fred@mail.ml, with a modified "Reply-To:" header! This sort of thing was routine, back in the day before we all got addresses in a pretty unified name space!
(If I recall correctly, we've already seen dodgy cases where TLDs are blocked, possibly for different reasons).
"And of course there is something that _can_ be done"
What you suggest would require the cooperation of far too many email admins world-wide, most of whom frown on such censorship (it's in the job description). As the saying goes, herding cats would be much, much easier.
So no. The concept is there, as a theory, but implementing it would be impossible without breaking email as we know it entirely.
What exactly is stopping the US military from registering "army.ml" and "navy.ml" for itself, since the current users of the TLD aren't using them?
The they'd quickly get a list of idiots sending emails to the wrong TLD, and could go and have a quiet word with each of them. Pretty sure they could cut the problem by at least 95% that way.
"I shouldn't be hard to prevent mail from a .gov or .mil address from being sent to a .ml domain."
And of course, blocking all emails to anyone in a country that is a member of the UN and has bilateral diplomatic relations with the US including reciprocal embassies is obviously a sensible idea. 100,000 emails sent to non-existent domains by accident in a bit over half a year? There have likely been far more than that sent from .gov to .ml addresses on purpose during that time. Putting checks on an internal .mil system that only expects to send to other .mil addresses is one thing, but putting manual checks on the entire government covering things like customs, immigration, and all other contacts that happen between two countries with normal diplomatic and commercial relations is just a ridiculous idea. Mali may have been slightly less friendly to the West in the last couple of years, but that hardly means they need to be cut off from all routine communications.
You could be surprised!
A domain may be $9.95 per year, but the US military must then establish servers and redirects. These come at a steep price. The running cost may run well into the billions of dollars as we already know from other military projects. And trusting the military with additional computer infrastructure may be inappropriate because their attack-surface increases with all the associated costs.
Therefore, simply taking over the country may be the significantly cheaper option after all.
Seems like an easy way around it would be for all machines in the .mil domain, and most in the .gov domain to be configured to bounce messages to .ml by default. Probably want to do it for major US defense contractors as well, as they would be emailing a lot of .mil addresses.
So other than perhaps the State Department bounce the emails with "if you intended to send this to xxx@yyy.ml in Mali rather than to a .mil US DoD receipient, add '[Mali]' to the subject line and resend". Very minor inconvenience for any legit email to Mali, reduces accidental traffic to Mali that was intended for .mil by 100%.
Given that anyone can register new TLDs for what a couple hundred thousand dollars it seems like it would be worth the money to China and Russia to grab other possible typos of .mil, as well as typos of .gov and give them a wildcard mx. The fix for the US (other than blackholing them when they pop up) would be deprecating the existing TLDs in favor of .mil.us and .gov.us, but that would probably take a decade or more to implement.
Perhaps go back and read the article, this time for content?
Here's a relevant paragraph: "The Pentagon said it has technical controls in place that prevent its users from sending emails to the wrong place – such as going from a .mil to a .ml – by blocking those messages before they leave Dept of Defense systems. Senders are told to check the recipient and try again; the DoD didn't mention when it added such controls."
Here's another: "As to why the issue is ongoing if the DoD has already taken some action, there's only so much it can do, the department's officials said. For one thing, someone trying to email a .mil address from a personal or external account, and typoing it as .ml, can't be stopped by the Dept of Defense due to the way today's internet works."
Aside from easily strongarmed military contractors, the vast bulk of all non-spam emails (especially personal) to .mil are going to be sent from US based email providers such as GMail and Microsoft. I’m sure that Uncle Sam could have a word and ask them to implement a confirmation scheme (maybe an account setting you tick to enable email to a list of clearly military-looking Mali domains) for US companies and individual accounts linked to a US cellphone. The exorbitant privilege of owning most of the internet…
Would be even more effective if it’s made clearly in big red letters that the details of anyone ticking the box that their details will be shared with the US Gov. That would prevent the ‘reflex box tick’.
I regularly get email intended for someone fairly high up in the US military.
From the subject lines, I'm guessing their travel plans have been accidentally scuppered several times.
There's a reason I generally book direct instead of using a travel agent...
"the vast bulk of all non-spam emails (especially personal) to .mil are going to be sent from US based email providers such as GMail and Microsoft."
Assumes facts not in evidence. I assume you are willing to present proof?
For one thing, someone trying to email a .mil address from a personal or external account
I suspect that sort of traffic will not exactly contain nuclear codes, but it's still annoying. Must be quite an interesting catch-all account..
"I suspect that sort of traffic will not exactly contain nuclear codes"
Not since Trump sent his infamous GMail bulk CCed "Change the codes to 56789, that one you gave me is too hard to remember" email.
Note the cunning way that code starts *after* the one for his suitcase.
"I suspect that sort of traffic will not exactly contain nuclear codes, but it's still annoying. "
Those codes are important, but are also easy to change and lock-out. They'd also only be useful in the event of a really bad day. More useful is lists of personnel with full names, id numbers, salary, department, rank/GS standing, etc. Information on people isn't easily changed.
Can I get manor.guv ? As in not-in@my.manor.guv, keep-to@your.manor.guv
And while I'm buying, how about ok.guv ? That one speaks for itself.
Mines the one with the keys for the Ford Consul GT with power steering and a sliding roof.
This post has been deleted by its author
My very desirable (short, relevant, single-word, a noun) .co.uk domain is similar to that of a university, the only difference being that their domain suffix is .ac.uk
It was fine for a couple of years but then they started to issue students and staff with email accounts at the .ac.uk domain. At at the start of the academic year my catch-all account started to get wrongly addressed university mail and soon a trickle became a flood. That sometimes included personal details like individuals sexual proclivities, substance abuse (and occasionally even a few related to academic work).
When I alerted the university admin the response was that it was my problem and proposing that I should relinquish my valuable commercial domain name upon which my business relied. In one communication I was threatened with legal action implying I was spying on students. (Even had their emails included one of those utterly worthless lengthy footers demanding that, should the email reach the wrong person, they should delete it unread and advise the sender; they have no legal validity.)
I wrote to the vice-chancellor suggesting he would not be happy with the situation, especially in respect of the confidential data like staff salary and performance reviews that were coming to me. The flow of mail originated on their mailserver ceased next day. I understand senders using their mailserver now get a bounce message that rather implies that I'm at fault for having the impertinence to buy a similar domain to theirs. Mail from outside the university to staff and students continued.
This was in the mid 1990s before catch-all email addresses had been recognised as being a problem, and the facility was useful to me for catching recipient name variants and typos (like steven/stevan/stephen/steve@) so it took me a while to create aliases and disable catch-all.
In their situation I'd have bought a separate domain name or maybe used a subdomain for email to ensure security of staff and students, relying on me not to use catchall sounds like an accident waiting to happen. I could easily send credible phishing mails even without enabling catch-all by setting up addresses closely similar to genuine ones for example replacing vicechancellor@ with vice-chancellor@ Furthermore, I black-hole wrongly addressed email so they will have problems with emails going missing. I could forward it to a specified address at the university but that would breach confidentiality. I guess it might even be possible for me to "correct" the .co.uk to .ac.uk and forward to the intended recipient but I'm disinclined to expend my resources to fix someone else's problem.
I briefly re-enabled catch-all recently to see if anything had changed. Despite having being aware of the risks for ~25 years they've done nothing more to minimise them.
Auto-responder:
Thank you for your email. Your email has been leaked by your University, as they apparently have a major problem distinguishing between <domain>.co.uk and <domain>.ac.uk.
This problem has been reported since <date>.
In case you feel your privacy was affected, contact the Information Commissioner's office here: https://ico.org.uk/make-a-complaint/.
Your copyright will be respected, and your email may be retained if the contents was amusing or useful. This has been a public service notice.
You could, of course, report the problem yourself to the ICO. After all, you're flagging a potentially risk to privacy so you're merely doing the right thing..
"Despite having being aware of the risks for ~25 years they've done nothing more to minimise them."
There is absolutely nothing they can do except tell the people who use those addresses to make absolutely sure that the folks sending them email are using the proper address.
And again, stupid people are stupid. That's out of both yours, and the Uni's hands.
"There is absolutely nothing they can do except..."
Yes there is: One possibility would be to change to a separate domain for email. After 25 years that's not an option one would relish. It would be nice to think internal sensitive emails like the HR ones the OP mentioned might be better protected by now but is knowingly leaving a security gap wide open (an easy phishing entry point) an acceptable action? I'm sure (or am I?) they'll have good phishing protection practices and training in place but the attack surface could be thousands of staff and student email accounts.
My advice, should they be interested is to get a very short domain name so the scope for confusion is limited. Edinburgh university for example seems to have stopped using edinburgh.ac.uk even for web a decade ago, now uses ed.ac.uk (not ideal as someone else owns ed.co.uk but that's not in active use so may be open to offers). The switch from a 15 character domain to 8 character is easier to type. .ac.uk domains can only be issued to verified academic institutions so there's little competition even for 2 and 3 character names. I doubt there are any 3 character .co.uk still available but many are only held with a view to resale. FWIW there are about 200 university .ac.uk names
If it's one of the bigger universities with high value research projects there's a risk of something akin to industrial espionage with phishing as the way in.
Another option might be to approach the OP with a view to purchasing the .co.uk Although it sounds as if the price might be substantial, unless it's one of the smaller UK universities their budget will be in the hundreds of millions so they could afford a chunky price.
Maybe I'm exaggerating the risk and plugging that hole would just make a potential hacker look elsewhere.
When the first email with those instrucations at the end arrived my supervisor replied with "I deleted the email as i could not be sure i was the intented receiver. I will keep handling email with that affix that way and hope you appreciate my compliance with your instructions".
I bounce those back to the sender and admin@ the domain in question, with a note explaining why, exactly, such a message is pointless and not enforceable legally. Not quite automatically (I do a sanity check to ensure I'm not bouncing spam to an unrelated third party), but it looks automatic to the folks in question. If the admin address bounces, I blackhole the domain (this is automatic) until someone using my systems asks me to unblock it. Probably happens about once a week or so these days, down from dozens daily about 15 years ago.
I own a domain name that is a .com and the .net is owned by a mom and pop business in the USA. I used to get emails for them every so often and would forward them on. One year I got back from holiday and found one about their insurance expiring, where the agent had mistyped it despite the incoming email being from the .net
Then I spotted that all the mails were going to one address only sam@momandpopbusiness.com. So I set up an automatic forward for mails addressed to that but incorrectly to the .com not the .net Nothing has reached me since.
I had a similar .com from a long forgotten project ... I didn't know it at the time, but the matching .net was owned by a small family business several states away. When I found out about the .net, I gave them the now unused .com for xmas. That was around 25 years ago. Their family and my family are now really good friends :-)
"Despite having being aware of the risks for ~25 years they've done nothing more to minimise them.
This is why people need to understand that communicating sensitive things online can be ill-advised. At the very least, they should verify that mail is going to a correct address and stick that address in their contacts list rather than typing them in by hand before sending personal information. I have endless issues with customers that use Gmail address that are something like JohnSmith18994. There's likely John Smiths from 1 all the way up and beyond. I had to call a new customer back a couple of times as the cell connection was never great and English was a second language so I had a hard time writing down his information correctly. At least with my addresses, it's all going to my domain which is rather simple.
and stick that address in their contacts list rather than typing them in by hand before sending personal information
Personally I prefer typing the address in, that way I can see exactly what it is as I type.
Now, it has to be said that Microsoft should get a big chunk of the blame here - although it seems every man & dog seemed to have copied their idiocy. It "really annoys" (an accurate description would fail the profanity filter) me that Outlook (and others) actively obscure the actual email address. And for good measure, it seems that in Outlook, once you have an incorrect address cached, then it's hard (or if you use a locked down setup as I do for ${day_job}, impossible) to remove that entry.
In a previous job we did support for many small businesses, and I recall overhearing many conversations at the hell desk around problems with cached incorrect addresses.
Icon sums up what I think should happen to all software that actively obfuscates stuff.
No, the people who allow email to be used for evil purposes, leading to the necessity of blocking them, are the tits.
Yes, there is occasional collateral damage. Fortunately, there are plenty of places for people to get another email address should they find themselves to be on the wrong side of that blocking.
It would make sense for the Pentagon to simply buy the equivalent .ml domains for a few hundred semolians. But it's the US government. So before they could do that, they'd need to commission a study (by a Beltway Bandit) on the topic. Then they'd need a multi-agency review. Then they'd need a study to hire a someone to write an RFP for a company to do the procurement of the domains from the registrar. Then that company would need to pay the few hundred dollars and collect a few tens of thousands in fees, maybe five years down the road. That's how Good Government works, after all.
Fortunately for the US, Russia's method is even worse. Everything just gets stolen.
Mali, however, knows that they don't need the current operator any more. After all, they work with Vagner, which also owns the Internet Research Agency. So they are obviously very good at Internet stuff and will be happy to manage misrouted US military mail.
how not to use an emali address
You shouldn't anyway, as you'll annoy some people in Kenya..
:)
Because Microsoft[1] refused to support anything like PGP/GPG (especially in an easy to use, "click here to encrypt, leave unchecked and we will just sign it for you" format) and their bad practice becomes the default.[2]
[1] yes, email long predates MS but it is the practises of mass adoption that are a problem; you can spot the Old Guard and their protégés lurking on tech boards, their public messages properly signed.[3]
[2] See also top-posting, ye gods, top-posting and the apparent inability to insert your responses directly beneath each question in an interrogatory email!
[3] Especially hilarious when you see all the bullshit "if you are not the intended recipient" sigs
You admit that Microsoft have nothing to do with the origin of email, but still it's somehow their fault? RFC 561 dates to 1973, two years before Microsoft even existed, and RFC 733, which superseded it, dates to 1977, and RFC 822 which superseded that, to 1982. The current RFC that obsoletes all of these, RFC 2822 is from as recently as 2001, and none of these specify a standard way to secure and encrypt messages.
Microsoft is not the author of any of them, all they have done is write a series of popular* mail clients, as have many others. The first email clients I used were elm and pine.
*popular as in well-used, not necessarily well-liked.
OK, down-voter, how would you propose to "securitise" email in such a way that the intended recipient can read an email, and nobody else, without the need for some sort of key-exchange beforehand, presumably by some medium other than email? How would you integrate that with a popular mail client in such a way that people actually use it and don't immediately complain that it is too complicated and that they don't understand it? How would you educate them about all the nuances of security, such as MITM attacks in key exchanges, key strength, issuing authorities, the difference between a certificate and an encryption key, and between symmetric and asymmetric encryption, and why "Password!" isn't sufficient?
Try "I'm going to send you an encrypted email, send me your public key please" on the sort of user who is going to accidentally email state secrets (in plain text) to Mali and see how far that gets you. Email's strength (and also its weakness) is that it is easily useable by anyone who can just about work a computer, and that includes a LOT of people who are otherwise not computer-literate, and, for example, think "the internet" is an AOL CD. It can either be secure, or easy to use, and it is very much the latter. If you want secure, use something else.
I'm no particular fan of Microsoft, but blame them for the things they are actually responsible for, not standards that they have had no input into.
"I'm no particular fan of Microsoft, but blame them for the things they are actually responsible for, not standards that they have had no input into."
When they indulge in stuffing ISO committees there are some standards they can be blamed for.
The pity is that although there is an RFC for encryption of email it's only for an extension. What's needed is an RFC that mandates encryption as standard, including a means of distributing private keys and deprecates the existing RFCs for email with effect from, say, a year of publication.
Yup, email is stateless, each message is send-and-forget. There is no point in that simple process, where key exchange could take place, so it would have to be done beforehand, and keys fed into the sending/receiving of messages. Messy, fiddly, insecure, and no doubt error-prone. Anyone versed in security would be getting out their collection of red flags to wave at you at the mention of trying this.
"What's needed is an RFC that mandates encryption as standard"
That would invent a new thing, call it "no-longer-email" until someone comes up with a new name.
Which I am OK with ... but leave email as we know it alone. Changing it across the board would break entirely too many things.
Not your down voter, but::
> without the need for some sort of key-exchange beforehand, presumably by some medium other than email?
> Try "I'm going to send you an encrypted email, send me your public key please" on the sort of user who is going to accidentally email state secrets (in plain text) to Mali and see how far that gets you
Well, I'm sort of guessing here, *but* before you start sending out state secrets to people, how about a good old fashioned face to face meeting? Then you can exchange keys in person.
Say the top guys met like that and vouched for each other, exchanging keys. Then they go back to their offices and each vouches for their lieutenants, passing on the keys. The lieutenants vouch for the sergeants and so on down the chain. And back up it again, so by the time of the second meeting, to shake hands and drink champers over the agreed contract, the keysets can be passed across again, face to face.
We could give this scheme a name: how about The Web Of Trust? Catchy, isn't?
Outside of the military (who can just order people to swap face to face) and Big Military Contractor (who can order as, really) we can have a nice Wine And Cheese evening and call it a Key Signing Party.
We can have nice little UIs that even top-brass know how to use; heck, even dress it up as a Mission:Impossible style gadget, which shows pictures of all the key owners flashing past when they each each shove their USB stick into the slot. They'll love that.
PS if you just want to send an email to someone, they can just put their public key on the website. To make it trivially easy for Joe Bloggs, just put it it in a clickable link, inside the "contacts" record or otherwise tag it so the browser/email client Just Does The Right Thing.
Thank you for your very complete description of what I said ("email long predates MS") - most impressive ability to list RFCs.
But you must learn to distinguish between someone being responsible for doing something positive (inventing email, inventing encrypted email) and being responsible for something negative (discouraging encrypted email to the point most people don',t seem to know it even exists).
As you have such a comprehensive knowledge of the history of email, you know well that earliest days didn't bother much with a widely-known encryption scheme (we were happy to have email, we trusted most people in the small world before "IT" was invented). Heck, ROT13 was new! (No, it doesn't encrypt worth a damn, but it looked scary to the uninitiated).
You also know that before MS even started including an email client in every install (Outlook proper dated to 1997) privacy had been an issue for while. PGP (1991) was (arguably) the best, providing encryption, signing and the web of trust for key exchange (face to face for best security, of course): wrappers for common mailers were created and the Open Source mail clients started providing options to use it.
Your own favoured clients, pine and elm, allow you to use PGP and/or GPG (the latter coming in 1997).
Encryption was becoming generally available in the Internet email (sadly, proprietary pre-popular-internet systems remained incompatible, sigh).
Then Outlook. Not the best, but increasingly widely used - as time passed, if you weren't compatible with Outlook (and its increasingly large set of headers) then you were in the wrong. More and more non-techies used email and even those you would *really* think cared about signatures at the very least (lawyers and all the people signing contracts) didn't bother to find out what was available. No point in encrypting your emails because chances were the recipient had no idea how to decrypt and Outlook gave no suggestions to help.
Microsoft had the opportunity to follow what the other email clients provided but steadfastly refused.
So, yes, I do hold them responsible: it was a deliberate and knowing action to refuse to support a feature available in the other clients (hey, they didn't own the web of trust!) not even providing their own, incompatible, encryption. That wouldn't be great but at least it would get people thinking about secure email.
You have heard of "embrace, extend, extinguish", well sometimes "ignore, ignore, extinguish" will also work if you have the market share.
PS Apple didn't help either, but again, email isn't proprietary, so - once they started growing in stature again - why would they bother?
The problem is that you're being quite simplistic, throwing the blame onto one company who did the same thing as many other companies. So Outlook didn't support PGP, and neither did Apple, and neither did a number of other email clients that existed at the time. You can point to a couple that did and assume that everyone should have supported what they did, even though that wasn't part of the standard. Let me guess, if PGP had turned out to have a systemic flaw and Microsoft had adopted it, it would be their fault that we were using the flawed system too?
Outlook was designed to follow the specifications, just like a lot of mail clients. That didn't and doesn't make it a good mail client, but it's akin to complaining that a browser, written to work over HTTP, doesn't support the Tor protocol and you have to use other software if you want that level of security. There might be some advantages if every browser did build that in, but they aren't built for every use case in existence and use other software to manage those alternate cases. Like it or not, PGP was somewhat rare in 1997 as it is today. Microsoft would not have seen a reason to adopt something that wasn't in common use and introduced some significant usability problems* when it would have meant that many users would select to encrypt their mail and send it to someone whose client wasn't capable of reading it and whose user didn't have any understanding of why not and what they could do about it.
* Key management. It's not easy. It wasn't any easier back in 1997. It isn't easy now. It's not like TLS security, where we've accepted a relatively simplistic certificate system signed by a small number of central, trusted authorities and software just assumes that any connection should be checked through that for authenticity. With PGP, both then and now, the key management was a manual process which made sense only to those who knew what they were doing and why. Neither was true of the average user, who was not thinking too much about security when they sent messages around. It's not true of them today either, when most mail clients in typical use still don't support it (shall we have a blame session for Google because GMail doesn't have PGP support, or should we forget it as pointless because GMail is an online client anyway). Email encryption isn't as simple as we would like it to be, and the causes and responsibility for why that hasn't improved as quickly as we'd like isn't as simple as you want it to be, either.
> Outlook was designed to follow the specifications, just like a lot of mail clients.
They had the market share to sway standards. After all, Outlook was responsible for most people replying like this:
_________________________________________________________________________________________________
They had the market share to sway standards. After all, Outlook was responsible for most people replying like this:
---Original Message---
The problem is that you're being quite simplistic, throwing the blame onto one company who did the same thing as many other companies. So Outlook didn't support PGP, and neither did Apple, and neither did a number of other email clients that existed at the time. You can point to a couple that did and assume that everyone should have supported what they did, even though that wasn't part of the standard. Let me guess, if PGP had turned out to have a systemic flaw and Microsoft had adopted it, it would be their fault that we were using the flawed system too?
Outlook was designed to follow the specifications, just like a lot of mail clients. That didn't and doesn't make it a good mail client, but it's akin to complaining that a browser, written to work over HTTP, doesn't support the Tor protocol and you have to use other software if you want that level of security. There might be some advantages if every browser did build that in, but they aren't built for every use case in existence and use other software to manage those alternate cases. Like it or not, PGP was somewhat rare in 1997 as it is today. Microsoft would not have seen a reason to adopt something that wasn't in common use and introduced some significant usability problems* when it would have meant that many users would select to encrypt their mail and send it to someone whose client wasn't capable of reading it and whose user didn't have any understanding of why not and what they could do about it.
* Key management. It's not easy. It wasn't any easier back in 1997. It isn't easy now. It's not like TLS security, where we've accepted a relatively simplistic certificate system signed by a small number of central, trusted authorities and software just assumes that any connection should be checked through that for authenticity. With PGP, both then and now, the key management was a manual process which made sense only to those who knew what they were doing and why. Neither was true of the average user, who was not thinking too much about security when they sent messages around. It's not true of them today either, when most mail clients in typical use still don't support it (shall we have a blame session for Google because GMail doesn't have PGP support, or should we forget it as pointless because GMail is an online client anyway). Email encryption isn't as simple as we would like it to be, and the causes and responsibility for why that hasn't improved as quickly as we'd like isn't as simple as you want it to be, either.
Yes, the particular line was from Outlook, but the inclusion of the original message wasn't Microsoft's fault. It was, once again, the fault of the specification. Email could have been specified as a structured format where the original message was attached to the new message as a separate object. One could have chosen top or bottom posting as they liked if that was done. The RFCs don't specify that, though. They have the message as one big blob, and that leaves clients with only a few options:
1. Paste in the old message somewhere.
2. Turn the message into a file of some kind and attach it.
3. Discard the old message and only send the new one.
The one which is easily parsed by humans, no matter what client or operating system they use, is number 1. Number 3 works if they keep copies of everything so they can refer back, but is harder to organize, and option 2 starts the game of what format should be used (for example, try opening the .msg file format that Outlook saves messages to if you don't have Outlook; it's quite annoying). To blame Outlook for something that A) is required by the RFC and B) is done by every other mail client, just not in an identical way, is falling into a situation where some company is automatically blamed for anything we don't like, whether they had anything to do with that or not.
I just love the way people appear to be trying to argue that not having encrypted email is in some way a good thing.
> The problem is that you're being quite simplistic, throwing the blame onto one company who did the same thing as many other companies
First, "many other companies"? Where it mattered, MS held (holds) the lion's share. Plus I also blamed Apple. Who else did you have in mind?
> Let me guess, if PGP had turned out to have a systemic flaw and Microsoft had adopted it, it would be their fault that we were using the flawed system too?
I've just been pointing out the history as I saw it unfold - you are determined to pick at imaginary holes to defend the status quo! But if we were all using the standard, de jure or de facto, and it was flawed, well, how about looking at a real example, MD5. You wish o point out that I raged against MS for foisting that upon us? No, of course not.
> You can point to a couple [of mail clients] that did and assume that everyone should have supported what they did, even though that wasn't part of the standard.
There you go; you mean the couple that were mentioned as direct response to the previous message? There were more - do you really need me to look them all up for you? - and you neatly ignored the bit about wrappers (and third party addons) that allowed extensions. Does that cover your "many companies" (want to bring in Lotus? Not long for this world by then. Anyone else you have in mind?)
Oh, and BTW the encryption being done by (purely for example) PGP occurs *outside* of all of the email standards: it occurs on the body text, which means it can be - has been - implemented purely in the text editor and be nothing whatsoever to do with the mail client. You know, for all the decent mail clients that let you set your favourite editor?
Better if it can be part of the email standard, of course - then it can even protect some of the extra data that is flowing put via all those newer headers.
> akin to complaining that a browser, written to work over HTTP, doesn't support the Tor protocol
Daft comparison. As just pointed out, the encryption even as currently available just has to touch the body text. Better comparison, when Internet Explorer refused to admit that PNG images exist: you could use a better (for your purposes) browser or you could right-click, save as and run your utility over the file. Irritating but if you value the result, worth doing.
> Like it or not, PGP was somewhat rare in 1997 as it is today...
Gleefully skipping over the original "something like PGP" - any encryption, so long as it was as good as that would have done. Yes, I've stuck with PGP/GPG on the simple basis that it actually existed and was therefore a candidate. Please supply your better candidate, let us all learn together.
> With PGP, both then and now, the key management was a manual process which made sense only to those who knew what they were doing and why. Neither was true of the average user
True, for the worked example of PGP. Oh, hang on a moment, except that is only true if you want the highest level of security (like, say, military, just to drag this back the original article). The Web Of Trust allows you to pass around keys with less trust (secure, but less trustworthy - as those aren't the same thing) to all your minions.
> who was not thinking too much about security when they sent messages around
Which is the whole problem, and MS (and everyone else flogging to the masses) made this worst by totally ignoring it.
> It's not true of them today either
And why do you accept that? Why aren't you railing against the worst case scenario we have now?
Or do you simply believe we must shrug our shoulders and all be happy? Even if *you* don't want to bother, are you really saying that the bulk of users shouldn't even have the option, shouldn't even be made aware by their email clients that there is a better way (amd this client can't be arsed to give it to you)?
> shall we have a blame session for Google because GMail doesn't have PGP support, or should we forget it as pointless because GMail is an online client anyway
We should blame *all* of the peddlers of unencrypted and unencryptable emails, ESPECIALLY as they don't even admit to their users that there is the possibility of encryption (and that they have decided not to support it).
> isn't as simple as you want it to be, either.
Bollocks. Get an encryption standard in place. Use the Web Of Trust at a minimum (or a simpler scheme) it really isn't *that* hard (keys have been exchanged on cardboard business cards, for bleeps sake and the trust trickles down into organisations, who are the ones who ought to want this). Put in a button on the UI and flags for signature status.
> the causes and responsibility for why that hasn't improved as quickly as we'd like
Yes, I largely blame MS because they have the lions share of organisational use and it is organisations and business who ought to be concerned about encryption and secure signatures. You spotted I also noted Apple wasn't blameless, yes.
If MS wanted to provide encryption, they could have done it. Whatever they did, would become a de facto standard. What other company had that power, back then? They have demonstrated that ability so much we even created a phrase for it ("Embrace, Extend, Extinguish"[2]).
To repeat, I have reported purely what I have witnessed: if you witnessed other problems standing in our way[1] how about you report on them, rather than simply naysaying.
Unless you really *are* totally happy that we are in the ridiculous situation where unencrypted mail has been the norm in the military, where we've not been demonstrably signing contracts over email etc.
[1] and no, I don't accept technical difficulties as the reason: it sadly won't ever be trivial but it isn't *that* hard either - especially where it is, or should be, important to be secure there are far harder tasks going on than arranging keyswaps!)
[2] yes, others do that, but we know who it was coined for - and that if MS could have had us stuck on MSN and away from all this nasty Internet and SMTP etc, they would have gone for the Extinguish as well. As would any of its rivals, nobody comes out of this mess clean. Name 'em and I'll blame 'em equally.
"I just love the way people appear to be trying to argue that not having encrypted email is in some way a good thing."
And I just love how people are trying to pretend I said something I clearly didn't, since my point was that encrypted email was and is a difficult thing, not a bad one. My assumption about what you would have done had PGP been flawed was an attempt to explain what I saw in your reply: in my opinion, you're blaming Microsoft for deficiencies in standards, even as others implemented standards in the same way and Microsoft didn't write them.
"Oh, and BTW the encryption being done by (purely for example) PGP occurs *outside* of all of the email standards: it occurs on the body text, which means it can be - has been - implemented purely in the text editor and be nothing whatsoever to do with the mail client. You know, for all the decent mail clients that let you set your favourite editor?"
If that was a defense, then let's apply that to Outlook. Open your favorite editor, write some text, encrypt it, paste it over. It's really easy. I've done it myself repeatedly. If that's all you want, then Outlook has it just by implementing copy and paste and the generic Windows edit box. Clearly, that's not what is really needed here. The benefits of encryption inside a mail client are such things as automatic decryption of received messages and verification with stored keys, and if the client only implements encryption by calling a text editor, it doesn't do that.
"Better if it can be part of the email standard, of course - then it can even protect some of the extra data that is flowing put via all those newer headers."
Agreed entirely. This is what I would like to see now, and if we had seen it in the 1990s, all the better. It is also what Microsoft could not have done given their goal, because by the time they wrote a mail client, they needed to be compatible with existing mail systems and those systems used the RFC. They could have tried making a Microsoft Mail Standard and replacing email with it. I'm glad they didn't, since 1990s-era Microsoft tended to try locking people into Microsoft products and a format particular to them would probably have balkanized email. If you're saying that you'd have preferred Microsoft to abandon the open standards and pursue a proprietary encrypted standard, then I misunderstood and I still disagree that it would have been beneficial.
"I've stuck with PGP/GPG on the simple basis that it actually existed and was therefore a candidate. Please supply your better candidate, let us all learn together."
You misunderstand. I didn't say that there was something better. I meant that any form of encryption was rare at the time, and a program intended to have compatibility with what existed was going to focus on the unencrypted standard first. A rare standard which was used by the small set of security-conscious people would have been worth adding, but it was not likely to be in the spec any more than a browser of the time would have implemented any of the various encryption systems that were in rare use.
"And why do you accept that? Why aren't you railing against the worst case scenario we have now?
Or do you simply believe we must shrug our shoulders and all be happy? Even if *you* don't want to bother, are you really saying that the bulk of users shouldn't even have the option, shouldn't even be made aware by their email clients that there is a better way (amd this client can't be arsed to give it to you)?"
I don't think we should just accept it. My comment to you was mostly focused on whether Microsoft deserves the level of blame you have assigned, which in my opinion is misplaced. As for what we should do today, I think Outlook should add PGP support, although I don't use it, partially because I need PGP support and the lack of the feature meant I would use something else, in my case Thunderbird. I'm afraid that people do not appear as interested in encryption as is needed for a relatively complex system like PGP (I've scanned keys on business cards, but I don't have much hope of training everyone to know how to do that correctly), and if we think that end-to-end encrypted mail, not just transport encryption, is critical, we may need a new protocol to get more adoption of it. We could try an extension of the certificate system currently used to identify servers and allow them to sign keys for addresses at that server, which could be stored by mail clients and requested automatically by senders, but obviously that protocol has a few more potential vulnerabilities than decentralized PGP would. I'm fully in support of more secure email, including multiple changes to the old RFC email we've been using. I just don't think that, from a historical perspective, Microsoft is to blame for us not having it or would have made a good one in the 1990s if they had tried.
Don't be daft. He said he knows that Microsoft didn't invent email.
However, they could have easily made PGP defacto, instead they made their mark with REPLYING-WITH-THE-ORIGINAL-MESSAGE-ADDED-TO-THE-END. and all the top-posting bollocks we've had to suffer since.
Now, GMAIL could have taken a stand, but they didn't, and now that boat has long since sailed...
I've long been of the opinion that Outlook installations in corporate environments (or in any other large organisation) should come with a default install where "reply all" is not even available. It should be an additional optional install for people who REALLY need it, such as BoFHs.
Personally, I prefer top-posting. The alternatives are to read the original email as an attachment (and other previous emails as attachments within attachments - it's turtles all the way down) or to have to read an entire email thread in order to even realise that what you are reading is what is being replied to and not an original message in itself. At least, with top-posting, you can easily tell what is the last thing said, where it starts and ends, and what came before it, in reverse-chronological order.
The fact remains that email was designed as, and is, a simple and inherently insecure messaging system. It's fine for its purpose, which is to send non-sensitive content easily and asynchronously to a recipient anywhere else. Its purpose isn't an end-to-end encrypted synchronous messaging system, for that, you'd want to use a synchronous end-to-end encrypted messaging system. I believe such things exist (and also that they scare governments, who use "terrorists" and "paedophiles" as an excuse to try to break encryption for everyone).
Complaining that email isn't encrypted is a bit like complaining that your car can't be used to transport five tonnes of bricks. It was never designed for that purpose, and trying to hack it to do so now is going to mean you end up with some monstrosity with reinforced suspension and no roadworthiness certificate.
If it's not important enough to include in context, it's not important enough to include AT ALL.
Simple, No?
--- Original Message ---
12 hrs ao, MJ wrote:
Re: The
I actually hate bottom posted stuff, huge long thread you have seen the rest of and you have to go to end, then back up, aghhh, was a pain in USENET, is still a pain when it happens.
So not going to complain about top posting.
Absolutely.
I only ever see techie types ( and only a subset of these) want new posts at the bottom of an email. And I don't understand why they do.
Who wants to scroll down a (possibly long exchange) email to find the new stuff?
The subject line should give the context. And mostly you'll know what it's about and only want to see the new bit.
It's simple, and obvious.
That's the way people read. - from top to bottom.
As I said, if it's not worth quoting, don't quote it at all, otherwise quote relevant bits inline as you reply to them.
Have you ever tried to catch up on an email thread with top posting? You have to go to the end, then move up to the start of the message... Move down, then when read, scroll back up to find the previous message, read it - FROM TOP TO BOTTOM - and then scroll up to find the start of the previous message and so on and so on.
So, your way, you're scrolling all over the place, the proper way, you're just scrolling in a logical chronological order.
As for "scrolling to the bottom to find new stuff" - you can set your email software to start at the top of the new message, but if it's done right, you shouldn't need to even do that.
How about this site, for example? No-one includes the full text of the message they are replying too below their comment.
What you do sometimes see, when replying to a long message is inline quotihg such as:
this
> or this
Why does email have to be so different, especially when you can thread your email threads together.?
If they were the big players around your parts (and weren't mainly concerned with trying to keep you in their systems), particularly with businesses and organisations that *should* have cared about signing and privacy, then, yes, I'll gleefully blame them.
Well, they get a free pass up to 1991 at least (okay, 1992) but anyone starting something new after then and missing the opportunity to get a better feature than the long-established competition...
I can only report on what I knew of back then and, whilst we all had a supply of AOL CDs to use as coasters, no-one I knew of signed up. Perhaps if it had been called Blighty OnLine...
Heck, I could have had a go at CIX and BIX (boy, did that cost in phone calls! Got onto CIX ASAP, then tenner.a.month ...) but that was was where I learnt about PGP in the first place and you did see signed messages popping up.
See also top-posting, ye gods, top-posting and the apparent inability to insert your responses directly beneath each question in an interrogatory email!
And it's worse. Not only does Outlook default to top posting, not only does it not (AFAIK) have an option to default to bottom posting, but it actually is physically incapable of inserting responses in a quoted message in the manner that was considered normal practice before MS screwed us over with their Outlook defaults. This is because Outlook actually uses some other code (html editor from Word ?) for it's editor, and that doesn't support inline responses. So Outlook can't do :
| Q1 text
A1 text
|Q2 text
A2 text
...
And that's why you see stuff like :
|Q1 text
|[ICBEDR] A1 text
|Q2 text
|[ICBEDR] A2 text
Or the even worse (because colour can so easily disappear with formatting changes) "Responses in RED" sort of comments at the top of replies.
I would consider email to be insecure at the moment it reaches the mail server, and if the connection to that is unencrypted, then as soon as the send button is pressed. Given the security hygiene of many users, it's probably insecure as soon as they put finger to keyboard, slowly, with one finger, one key at a time.
"It is not possible to implement technical controls preventing the use of personal email accounts for government business"
Yes, it is. All you need is a bespoke mail client that has the proper restrictions in place.
Of course, that means not using Outlook, which is something you should avoid anyway.
Either that, or you put National Security to good use for once and you force Microsoft to make a special, military-grade Outlook.
But don't just say it's not possible.
This is very true in lots of cases, general purpose SW shouldn't be used for specialist tasks.
As an example in a totally different domain (pun intended) I was reading a book recently where they were discussing medical accidents causing drug overdoses. Doctors and & nurses using normal calculators to workout doses of medicines. Here typos kill people. Get the decimal point in the wrong place and be too busy/harassed to notice and you can give a fatal or maybe just dangerous dose. The author was talking about introduce domain specific tools so that the "calculator" knew that this sum was to work out the dose of diamorphine to be given to a patient and would recognise when things like the weight of the patient were unlikely to be correct and also know what is likely to be an acceptable result/dose.
The same should be possible with email tools.
As for the pathetic
"It is not possible to implement technical controls preventing the use of personal email accounts for government business"
You're the military FFS if service personnel break the rules you have well known ways of dealing with the issue.
For contractors there are other approaches. Travel agents were mentioned in particular. Well the US military must be the most enormous account worth gazzillions to travel firm, their contract should have built in penalties for screwups like this, n* the cost of the travel per mistyped email address should work, you can bet the contractor would soon find a way to stop their staff ballsing up.
As for internal traffic, which they say they now deal with, you'd expect there to be a mandatory access control system involved here. Documents should have a sensitivity associated with them and it should not be possible for someone to email sensitive information to someone who's not authorized to receive it. It's hardly a new idea, the orange book detailed this sort of thing decades ago.
As you say...
Yes, it is. All you need is a bespoke mail client that has the proper restrictions in place.
Of course, that means not using Outlook, which is something you should avoid anyway.
Either that, or you put National Security to good use for once and you force Microsoft to make a special, military-grade Outlook.
But don't just say it's not possible.
Here F*** Here
once something like this existed then it would probably find a large ready market. There are lots of businesses who have similar issues and would like control over what data goes where.
As another commentard above says, MS should be forced (again the mil contract is big enough to lay down the rules) to support strong encryption in an easy to use fashion.
". Doctors and & nurses using normal calculators to workout doses of medicines. Here typos kill people. Get the decimal point in the wrong place and be too busy/harassed to notice and you can give a fatal or maybe just dangerous dose"
Or just not getting practise without the calculator and just blindly trusting its display.
Nurses and docs have told me of catching mistakes not because they had done the exact calculation themselves but because the too-rough-for-actual-dispensing-but-quick-estimate in their head showed too large a difference, yes, even by orders of magnitude! Thankfully, their SOP allowed those to be caught before they became more than an embarrassing moment.
Exactly
Nurses and docs have told me of catching mistakes not because they had done the exact calculation themselves but because the too-rough-for-actual-dispensing-but-quick-estimate in their head showed too large a difference, yes, even by orders of magnitude!
These rough mental calculations are an invaluable skill when using a general purpose calculator. Anyone needing to rely on calculations should be using them.
The nurses I've know also relied a lot on the "I've never heard of any being proscribed THAT much" approach to sanity checking.
With junior doctors it was frequently the ward sister who would instil that experience
These rough mental calculations are an invaluable skill when using a general purpose calculator
And if you learn to fly, you are explicitly taught to do a rough order of magnitude calculation in your head BEFORE you touch the calculator. Particularly as the circular slide rule (a.k.a. whizz wheel) needs you to take out zeroes and decimal points, then add them back afterwards.
E.g., if you take on 50l of fuel, at a specific gravity of 0.72kg/l, you'd be using the "5" and "72" locations on the scales, and need to shift the answer left a digit to account for the dropped zero, then right two digits to account for the dropped point. Answer being you expect something in the order of 3/4 of 50, a little under 40kg, so if the answer comes out of the calculation as 360 (it should be 36) then you've made a mistake.
Of course, you also have to factor in whether you are multiplying or dividing. So when your flight manual needs weights in pounds, you can do the same again and expect something in the order of 80 (there should be more pounds than kilos, and for a rough order check like this, it's near enough a factor of 2), so if you get 800 or 8 then you know you've gone wrong. Unfortunately mistakes do still happen.
"...too busy/harassed to notice and you can give a fatal or maybe just dangerous dose"
Mother is currently in hospital - sister was visiting, and a nurse was just doing the medications - for one of the tablets, they did not have it in the required dose, so, the nurse went off to get a tablet cutter - split the tablet in half, put both pieces into a receptacle along with the other tablets to be taken and asked sister to give the medication. At which point sister pointed out to the nurse that both halves of the tablet that was split had been put.
This post has been deleted by its author
If I were a genuine military bod, I'd have an ID card that provides access to commonly needed things. It would probably be called a CAC (so people could refer to CAC Cards in the same vein as ATM Machines). This would include my private key, and would be tied to a database somewhere that has my public key.
The snag is that I can't get a CAC _unless_ I'm a genuine military bod. So if I were trying to send Colonel Eva Vigilent her travel details, I'd have to use plain old unauthenticated email.
In my fantasy world, I'd be able to show up to a National Office of Doing Things (perhaps related to law enforcement/security, perhaps a passport office-type entity, perhaps social security....) and pay something nominal (say, $25 or so) to get a civilian CAC. Hey, they could even join two things together and make a "Passport Card" also a CAC-like thing. I could use it, or not use it, as the occasion warranted.
(I have a US Passport Card, which is only usable as a passport at the land crossings, but it's a solid piece of government-issued ID without my address on it...)
> . So if I were trying to send Colonel Eva Vigilent her travel details, I'd have to use plain old unauthenticated email.
Ah, you should be able to get hold of the good Colonel's public key, that is sort of the point.
Admittedly, if you got the public key from somewhere, well, too public (like FaceBook) you would not put much trust in it to prove something came from her, but to send her the travel details it will be fine (if FB wasn't correct you just get back a reply from her saying "yer wot?" and hints about how to do better).
Trust management is not something we all deal in [1], but for the military it really ought to be second nature. Assuming that those travel details (or whatever) ought to be encrypted, whoever sets that requirement also sets up the apparatus.
[1] more's the pity; if only we'd all consider that the longer the chain of "it happened to a friend of a friend" was the less import we ought to give the story. That is all it boils down to, after all.
"It is not possible to implement technical controls preventing the use of personal email accounts for government business"
Yes, it is. All you need is a bespoke mail client that has the proper restrictions in place.
But as Jake has pointed out, the article says that the problems almost entirely originate from personal or business emails, a lot of them from travel agents. Short of compelling everyone to use it a bespoke client isn't going to help. Even if government email domains were set up to refuse messages from the bespoke client it still wouldn't stop non-gov users sending messages intended for .mil to .ml instead by use of another client.
This; ........have told me of catching mistakes not because they had done the exact calculation themselves but because the too-rough...............t-quick-estimate in their head showed too large a difference........., used to be taught to 11 year olds. Always have a rough estimate in your head of what answer you need.
Anytime you need to use a calculator you need to have some idea of the sane answer range. Medicines,timber, stationery orders, copper tubing, whatever. If you need to calculate it accurately you need to error trap it.
Maybe the schools don't teach that anymore? They do still teach estimating, though.
<minirant> And if you don't need to do it accurately maybe you should bloody well do it in your head anyway.</minirant>
"They do still teach estimating, though."
Really? Where? I hope so, but the (not so) younglings just look blank when asked.
We should teach the sliderule again.
Not only does it give a physical demonstration of the principles but you have to keep track of your powers of ten, which is your estimate. Start with an adding-up-rule to get the principle across (the next step on from the Cuisenaire rods). You can even get them to draw their own. Then get them draw their own log 2 rules, without explaining them (dead easy), and MAGIC! It can multiply and divide!
Yes, calculators are easier - which is the whole problem!
(To the person who says "oh, why not go back to log tables while we're at it": sarcasm noted, but I'd argue that teaching about them is important for the history - and if you are lucky enough to have an inquisitive maths learner letting them see the patterns written out has potential enough to be worth having the book around, on the off chance)
The problem is that as long as people see this as an "oh dear, I done a silly thing" problem, with a minor ticking off as the punishment, employees won't take it seriously.
Organizations need to take this seriously, as a disciplinary offence with all that implies - black marks on a personnell record and retraining for a first offence, with well-publicised demotion/dismissal if they do it twice. Only then will people start thinking "Shit, I could have caused a really serious problem".
If it becomes common for the military to send a couple of MP*s round to every travel agent who sends a booking to .mil travel agencies will simply stop doing business with the military. The article makes it clear that, at least now, it's largely civilians who are the problem.
* Deliberate misunderstanding doesn't make you smart.
The article makes it clear that, at least now, it's largely civilians who are the problem.
Indeed, and its the civilian employers who need to take action when their employees screw up. The military is just a customer, its powers are limited to choosing a different travel agent, just as most of us would if an agent was careless with our personal data.
That is, the fact that people seem to think that email is a secure medium in the first place, and that they might be trying to send anything remotely sensitive, unencrypted, by email.
Even if they hadn't accidentally got the address wrong, the content of the emails would be open for any mail server they happen to pass through to read. Typically, that's going to be at least the sender's own ISP, some backbone addresses, and the target domain.
In the UK, many government departments, and 3rd parties, now employ mandatory TLS - requiring each end to have valid keys, and to mandate TLS before sending to the other end. The problem with this is that it requires the operators of each end of every permutation to configure it, so it only gets done with selected connections - I know, I deal with a third party where we've done it as a matter of necessity.
The bigger problem is that as users we don't have access to a list so we don't actually know if the party we want to email to has this set up other than asking the 3rd party's IT people ! Internal advise told us that for major partners it's "most likely" to be in place - as if "most likely" is good security advice. "Respectful challenge" to this is apparently a disciplinary offence :-(
Unencrypted transport has quietly been phased out. Just look in your message headers - you will find which encryption has been used for the exchange.
The problem is that contents encryption is a massive pain in the neck to process (partly due to keys, but it's more complex) and worse: it still leaves a lot of valuable data unaddressed (the magic phrase is "Gordon Welchman, look it up).
> it still leaves a lot of valuable data unaddressed
Encrypting just the user's contents does leave a *lot* of metadata readable (the number of headers just seems to longer and more baroque each year).
Which is really just an issue because encryption is being done separately from the rest of the emailing process: it can be (mostly[1]) solved but only if everyone agrees to implement it. So, fat chance. Sigh.
[1] Some metadata is very hard/costly to disguise, as you know: routing has to be readable by every node in the chain, for example.
"Unencrypted SMTP ought to have been deprecated and its use replaced years ago."
Nah. It was thought of decades ago, but it would break far too many things. Better to try to convince people that email is like a holiday postcard, anybody can read it between it being posted and arriving at its intended recipient. Instead, we should add another service for safe & secure communication.
Unfortunately, back in the mists of time the likes of CI$ and AOL (and much later Microsoft) decided that that would be too difficult for mere mortals to understand, and they refused to persue it. So the rest of us shrugged out shoulders and carried on with our stone tools (PGP/GPG et alia).
Note that in my case, at least, so far I haven't actually felt a need for encrypted email at all this year ... and only twice last year. Not sure what that means in the great scheme of things[0], and I'm just a sample of one ...
[0] Probably that I'm a boring, mostly retired old git.
Reminds me of when my lawyer sent me a bunch of legal documents to me@gmail.co or something similar. Only found out when said documents failed to arrive - and since lawyers aren't exactly prompt anyway it caused a week's delay till I found out. In a bit of a mild panic I tried to research who actually owned gmail.co - and couldn't confirm it either way.
This could be easily solved by having a "us.mil" but hey this is the same country that doesnt know how to use US when sharing a places location. Just look at any statement its always city and state, never country, i guess racist arrogant pricks get what they deserve in this case, where morons cant even type a lousy few characters. At least with a top level "us" they wouldnt end up in Mali for military emails.
A few years (decades?) back I emailed a big comany's support at companyname.com and got a rather snotty email back saying that this was their USA only support address. So I queried why they didn't then have a USA email address rather than the generic .com. Their response was that .com was a USA address.
I've given up online shopping from US sources. For two reasons.
The first is that the site will ask for your address, ask for you country, and so on all the way to the shipping stage where you can pick USPS or FedEx (etc) and it says in little letters at the bottom they they do not ship overseas.
The second is the number of places I've been that behave the same, but choke on my postal code which doesn't match the ones expected in my state (which isn't a surprise given I'm on the other side of the ocean). It would probably refuse to post international, but I don't even get that far.
"I've given up online shopping from US sources."
I gave up online shopping entirely ... No, wait. I can't honestly finish that thought.
I never started online shopping. Seems to be more trouble than it's worth, with far too much to go wrong.
Idiots blocking my perfectly good ESR browser because it is "out of date" are just that ... idiots. I just don't go there anymore. Sorted.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
