Comments on: Hushmail not as secure as previously thought?

By: Jo

Jo — Wed, 02 Jan 2008 13:33:54 +0000

What secret police organisation wouldn’t want to set up a secure email company?

By: Bob

Bob — Mon, 19 Nov 2007 10:19:08 +0000

TOR & FireGPG

http://www.torproject.org/
http://firegpg.tuxfamily.org/

By: eye0eye

eye0eye — Sun, 18 Nov 2007 22:59:22 +0000

Only 3 email addresses were affected and those were to do with drugs.. And anyway like 44 said, if you use the Java applet and do “client side” encryption you are still secure. The keys are never sent to the Hushmail server.

Read the interview with the Hushmail CTO here
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

By: lostart

lostart — Sun, 18 Nov 2007 15:55:53 +0000

“if you dont know anything about security you deserve to get caught n your butthole flamed by some govt gaaylords

ever heard of proxy tunnels? ever heard of running a transponder on a fluctuating cycle to seesaw your MAC address? ever heard of wireless hotspots? ever heard of … the list goes on and on and on”

Ok first off, i didnt know about any fluctuating cycle of transponders seesawing my MAC address. It sounds so techy, so it must be something cool. But after thinking a while, you mean just changing my mac address constantly ? Wow, that is some serious hi-tech information. It really helps the people, who have been wise enough to send private keys to some server when sending e-mails.

Wireless hotspots ? Tunneling ? What does it matter, if the person on the other end doesnt use these. Just take a situation of some group, you only need to get one of the people, and i bet the pressure is high enough to rat out the rest of the “sceners”.

Just think it yourself, if you would be in a group – if they offer you to get away more easily, would you not give away all your information ?

Privacy contains a lot more than just technical stuff.

By: TorrentU

TorrentU — Sun, 18 Nov 2007 14:31:12 +0000

Heard about it here first:
http://www.p2p-blog.com/item-410.html

By: artards

artards — Sun, 18 Nov 2007 14:15:46 +0000

I agree with 26 & 39. Just because there’s an e-mail address in an nfo for contacting a scene, doesn’t mean the scene depends on it for all their communication, or that they even use it to reply. I’m sure if anyone is careful about their data transfer, it’s some of the scene, we can’t talk down on their methods when we don’t even know they are actually using.

By: Lebanon

Lebanon — Sun, 18 Nov 2007 14:09:12 +0000

@36

Adobe owns Cold Fusion

By: Hush mail

Hush mail — Sun, 18 Nov 2007 13:58:53 +0000

I read somewhere about this. Normally there is a an applet that runs on your computer to encrypt / decrypt messages. The applet is downloaded from Hushmail and set up by the user with the keys etc. However if you can’t be bothered / don’t know there is a n00b option where encryption / decryption is done at the server end however Hushmail then has your keys and the messages may or may not be secure in transit from your PC to Hushmail (depending on SSL connection.) I believe it was this n00b option that got busted. So the proper method should still have some security as long as the encryption applet is not compromised by some trojan etc…

By: Anon

Anon — Sun, 18 Nov 2007 12:43:35 +0000

@41

lol. how safe is safe mail though? who is to be trusted?

Only way you can truly trust something is if you work inside and know the exact inner workings of the system they use and what they do with your emails.

As seen with hushmail they advertise that its private!!! and fully secured, but they hand ya emails to government officials.

Nothing can be trusted anymore when it comes to the internet, can you even trust yourself? maybe we are all in a matrix and there are people manipulating us from above?!?!?!?! hahahaha

anyways jokes aside. If you are paranoid about the internet then just simply don’t use it. If you are paranoid about life then simply end it. hahaha XD

Just watch the movie Gattaca sooner or later a world like that will be born. Where everything is science based, and security is to a whole new level, where cyberspace mixes in with real life.

By: Tom

Tom — Sun, 18 Nov 2007 12:21:19 +0000

http://www.safe-mail.net/ is the way to go

By: 0000

0000 — Sun, 18 Nov 2007 12:02:11 +0000

#38

Have you checked the comments made on the source?

“Posted by Concerned, 18/11/2007 7:54:56 AM”

Comments made in articles are sometimes just as important as the article itself.

……………..

““Here is a better one. A Canadian company divulging personal data to U.S. law enforcement is a violation of Canadian law. “

From the complaint, it’s clear the Hushmail.com evidence was obtained via a MLAT, so actually the RCMP is the one interacting with Hushmail.com, not the US DEA.

What wasn’t mentioned in the article, is that not only was unencrypted email accessible to Hushmail.com, they are also logging and archiving IP addresses used to access mailboxes. So the Hushmail.com privacy statement:

“Web logs and cookies
Hush.com and Hushmail.com do log IP addresses to analyze market trends and gather broad demographic information for aggregate use.”

is at best “incomplete”, but one might argue outright fraudulent.

What’s not clear is how they obtained plain text eMails. If the details are accurate, and the product description complete, then the only way it could occur is if the product encrypts using 2 keys, one being a public key in which Hushmail.com holds the corresponding private key. Anything else, such as plaintext version existing anywhere in the chain, would invalidate any sort of security model. I’d like to hear from Hushmail.com on the process they maintain specifically to satisfy court orders, yet at the same time publish this statement:

“Does Hushmail have a “back door” so that people with a special key can decrypt any message?
Hushmail is compliant with the OpenPGP standard which does not have any backdoors in it. Your encrypted email cannot be decrypted without your own secret passphrase and private key.”
”

Posted by Concerned, 18/11/2007 7:54:56 AM

…………………

By: bob

bob — Sun, 18 Nov 2007 11:41:51 +0000

@13 / blues: If you’re just gonna prove you’re a moron, why not shut up instead?

#10 / saywhat asked where in the writers SOURCE (iTnews) it said they logged IPs. Everyone can see it says so in the ARTICLE here on RlsLog!

If you’re gonna be a smartass, make sure you don’t appear dumb first!

By: Toyman

Toyman — Sun, 18 Nov 2007 11:20:48 +0000

Windows is a surveillance tool for the CIA.
There is a backdoor so they can snoop on anyone who is of interest to them.
If you encrypt anything, you are considered guilty if you do not provide the decrypt key.
You will be incarcerated in Guntanamo with no charge forever.
The plane that crashed into the Pentagon was vaporized by burning kerosine!
Wake up people

By: Denny Crane

Denny Crane — Sun, 18 Nov 2007 10:50:49 +0000

@NuZZ

..welscome to the world dude, i`ve been thinking about the implant thing for a while myself now, i can well see that happening,…

..there`s an old saying (well old to me) that military technology is always 25 years in advance of public technology..

…so satilitte`s can read your licence plate from space, the chips on your credit card can be read wirelessly, cold fusion is probably possible..

..it`s just nobody has told us yet..

http://en.wikipedia.org/wiki/ECHELON

…just proves what they`ve told us, and by my previous equasion it`s worse than that!

By: 9_P

9_P — Sun, 18 Nov 2007 09:53:36 +0000

why do people reply to comments about mothers catching you jerk off when there are replys (tank) that are actually giving relevant answeres to the questions this topic proposes. this is done with. dont use hush or leave a trail like an fool if your in the scene; surprise?