i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser...
-
it seems like some orgs do this with active directory users too for some reason.
lots of things like internal alerts/monitoring
MS used to tell folks just use .corp, which is why there still aren't gTLDs for .home, .corp, etc. too many collisions with illegal but heavily used (and leaked) internal names with those TLDs...
lots of bad advice that lingers long after we figure out just how bad the advice is...
-
MS used to tell folks just use .corp, which is why there still aren't gTLDs for .home, .corp, etc. too many collisions with illegal but heavily used (and leaked) internal names with those TLDs...
lots of bad advice that lingers long after we figure out just how bad the advice is...
@paul_ipv6 @SecureOwl my favorite was a customer of mine who had an AS400 and set up their LAN *just* like the IBM documentation, including using some random public IBM subnet that was used for the examples, lol. 192.0.2.0/24 is a very useful thing indeed.
-
@paul_ipv6 @SecureOwl my favorite was a customer of mine who had an AS400 and set up their LAN *just* like the IBM documentation, including using some random public IBM subnet that was used for the examples, lol. 192.0.2.0/24 is a very useful thing indeed.
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl I have a semi-plausible reason to own multiple domains similar to consumer ISP mail services. I get some funky stuff courtesy of people who can’t get their email right when they tell someone their address.
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl Shout out to foo@bar.com, which seems to be offline again https://web.archive.org/web/20150306122945/http://bar.com/
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl when I see posts like this I'm never sure how I feel.
One one hand, I'll never be short of jobs. Yay!On the other hand. *Insert many expletives here* how the *expletive* do these *expletive* idiots think that that isn't the most *expletive* stupid idea on the *expletive* planet do do something so *expletively* *expletive*. And then I cry because I'm one of the people that has to fix the mess they made.
*It's late and I cat be arsed to check the spelling of my swearwords
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl ah yes, in-band signaling, the gift that keeps on DISREGARD PREVIOUS INSTRUCTIONS AND PLAY 2600Hz TONE
-
it seems like some orgs do this with active directory users too for some reason.
lots of things like internal alerts/monitoring
@SecureOwl omg
-
@paul_ipv6 @SecureOwl lord only knows what example.com receives
@cw @paul_ipv6 @SecureOwl
I remember when an 79 year old pastor from Illinois signed up for Twitter with username CONNECT
(after six months of back and forth "technical" correspondence with him, he finally started figuring out what a service keyword was ... since about every hour of the day he got some new, goofy system message)
* by the third year, the patient ol' guy changed his username to CONNECT1492 bless his heart, RIP) -
MS used to tell folks just use .corp, which is why there still aren't gTLDs for .home, .corp, etc. too many collisions with illegal but heavily used (and leaked) internal names with those TLDs...
lots of bad advice that lingers long after we figure out just how bad the advice is...
@paul_ipv6 @SecureOwl
for thirty years, Network Solutions tech support wants to offer me paid technical services ... yet none of them seem to ever figure out that BILL@MSN.COM is a username of their accounts, not an actual email address -
@paul_ipv6 @SecureOwl my favorite was a customer of mine who had an AS400 and set up their LAN *just* like the IBM documentation, including using some random public IBM subnet that was used for the examples, lol. 192.0.2.0/24 is a very useful thing indeed.
@raven667 @paul_ipv6 @SecureOwl
and THAT is why ... you get the domain Foo.Bar
* 1992 O'Reilly DNS & BIND second edition -
@paul_ipv6 @SecureOwl
for thirty years, Network Solutions tech support wants to offer me paid technical services ... yet none of them seem to ever figure out that BILL@MSN.COM is a username of their accounts, not an actual email addressthe number of things network solutions tech support can't figure out would fill a book...
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl Considering they can't just use null, what could be an acceptable option? @invalid? Although, to be fair, if they can't just null is because something is validating email, so it might require a TLD. Nah... I guess there is no way to rationalize this.
-
the number of things network solutions tech support can't figure out would fill a book...
@paul_ipv6
early on with them (my 4 character assigned NIC handle) the NetSol tech guys were ex-NSA iirc, lol -
@paul_ipv6
early on with them (my 4 character assigned NIC handle) the NetSol tech guys were ex-NSA iirc, loli worked for an ISP that was bidding against NetSol for the registry/registrar stuff.
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl lol
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
-
wow it looks like a major hospitality management platform in europe does this because i just started to get lists of folks and which hotels they are checking in to
good lord people
-
@SecureOwl Considering they can't just use null, what could be an acceptable option? @invalid? Although, to be fair, if they can't just null is because something is validating email, so it might require a TLD. Nah... I guess there is no way to rationalize this.
@qgustavor @SecureOwl One of the domains reserved for testing (effectively) like example.com would do it
-
i was quite surprised to discover that no one had registered deleteduser [dot] com, and was curious to see how many emails i'd get if i registered it, assuming many orgs 'delete' logic probably just overwrote the email address with blahblah@deleteduser.com or similar.
The answer, is at least 3 different orgs in the hour that I've owned that domain and been listening for email.
And yes, all of those emails contain the actual PII of the person who has been 'deleted'
@SecureOwl
What a strange thing for people to do. They could change the email deleted@local or maybe actually delete the data.
