Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals CBD Concentrates

Jump to first unread post Pages: 1
Invisibleeeso
Str@nger
Male User Gallery
Registered: 03/25/07
Posts: 554
Hushmail rats users to feds
    #7632837 - 11/13/07 09:44 PM (16 years, 2 months ago)

Apparently subpoenaed info from hushmail played a part in the recent steroid busts.

"My guess is that Hushmail has had subpoenas before and had to develop
and install a modified java applet which captures the passphrase when
the user enters it. With that and the stored keys, it can decrypt all
the stored communications." - 'Travis'

http://cryptome.org/hushmail-rat.htm

http://static.bakersfield.com/smedia/2007/09/25/15/steroids.source.prod_affiliate.25.pdf



Remember - nothing is completely secure...

Edit: Shit there's already a thread on this - my bad


Edited by eeso (11/13/07 09:51 PM)


Extras: Filter Print Post Top
OfflineSheerTerror
ST
Male

Registered: 11/28/03
Posts: 2,348
Last seen: 9 years, 2 months
Re: Hushmail rats users to feds [Re: eeso]
    #7633563 - 11/14/07 01:09 AM (16 years, 2 months ago)

yea good post, alot of people here use it. i guess the only wise option would be if you need that kind of security would be to pay monthly to run your own encrypted mail server


Extras: Filter Print Post Top
Invisiblefastfred
Old Hand
Male User Gallery

Folding@home Statistics
Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
Re: Hushmail rats users to feds [Re: SheerTerror] * 1
    #7634328 - 11/14/07 10:19 AM (16 years, 2 months ago)

Quote:

SheerTerror said:
yea good post, alot of people here use it. i guess the only wise option would be if you need that kind of security would be to pay monthly to run your own encrypted mail server




Or you can just encrypt your own mail and send it using any of the thousands of free mail services. Then you KNOW that nobody else has your private key.

Encryption is only secure if you're the only one with access to your private key, which is why services like hushmail are a stupid idea in the first place.


-FF


Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero


Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 2 months, 20 days
Re: Hushmail rats users to feds [Re: fastfred]
    #7634468 - 11/14/07 11:02 AM (16 years, 2 months ago)

> Then you KNOW that nobody else has your private key.

Even then, you can't be 100% certain... keyloggers, spyware, etc.

Quote:

My guess is that Hushmail has had subpoenas before and had to develop
and install a modified java applet which captures the passphrase when
the user enters it.




I never used hushmail, but if they don't use SSL, then a man-in-the-middle attack (packet sniffer) would also be a good guess.


--------------------
Just another spore in the wind.


Extras: Filter Print Post Top
OfflineEl Zorro
in heaven
Registered: 03/21/07
Posts: 902
Last seen: 2 years, 27 days
Re: Hushmail rats users to feds [Re: Seuss] * 1
    #7634670 - 11/14/07 11:37 AM (16 years, 2 months ago)

Hushmail did not rat out anyone.

The DEA established probable cause by responding to an AD on a steroid discussion board. They then communicated with the steroid supplier via e-mail and set up several buys this way. They then issued a federal subpoena to Hushmail which they could not refuse.

The lesson here is don't advertise on a public discussion board that you are selling illegal drugs.


Extras: Filter Print Post Top
Invisiblefastfred
Old Hand
Male User Gallery

Folding@home Statistics
Registered: 05/17/04
Posts: 6,899
Loc: Dark side of the moon
Re: Hushmail rats users to feds [Re: Seuss]
    #7634855 - 11/14/07 12:22 PM (16 years, 2 months ago)

Quote:

Seuss said:
> Then you KNOW that nobody else has your private key.

Even then, you can't be 100% certain... keyloggers, spyware, etc.




If you really want to be secure you'll have your private key on a usb drive, hidden in your camera/mp3 player, or burned onto a little cd. That way you controll physical possesion of the key at all times except when you're using it to decrypt data.

The chance of a keylogger or spyware getting something on a removable drive that's only inserted for a minute or two as needed is pretty slim I would think.


-FF


Extras: Filter Print Post Top
Invisibleeeso
Str@nger
Male User Gallery
Registered: 03/25/07
Posts: 554
Re: Hushmail rats users to feds [Re: El Zorro]
    #7635816 - 11/14/07 03:51 PM (16 years, 2 months ago)

Quote:

El Zorro said:
Hushmail did not rat out anyone.

The DEA established probable cause by responding to an AD on a steroid discussion board. They then communicated with the steroid supplier via e-mail and set up several buys this way. They then issued a federal subpoena to Hushmail which they could not refuse.

The lesson here is don't advertise on a public discussion board that you are selling illegal drugs.




Well I understand all that, you miss the point completely. Do you understand what hushmail is and how it works?

Mail between hushmail accounts is usually PGPed using one of their web apps. They shouldn't have access to or store the users pass-phrase EVER and wouldn't unless they themselves obtained it surreptitiously.

Without this passphrase none of the stored encrypted messages in the users mailbox would be intelligible rendering the stored data in it useless for the governments purposes.

Hushmail stole a users passphrase using their own systems (not really that difficult) But they do not disclose that they can and do, do this.
This is certainly not the first time it's been done - even if it's the first we know about.

Therein lies the ethical rub.


Extras: Filter Print Post Top
Invisibleeeso
Str@nger
Male User Gallery
Registered: 03/25/07
Posts: 554
Re: Hushmail rats users to feds [Re: fastfred]
    #7635856 - 11/14/07 04:04 PM (16 years, 2 months ago)

Quote:

fastfred said:
Quote:

Seuss said:
> Then you KNOW that nobody else has your private key.

Even then, you can't be 100% certain... keyloggers, spyware, etc.




If you really want to be secure you'll have your private key on a usb drive, hidden in your camera/mp3 player, or burned onto a little cd. That way you controll physical possesion of the key at all times except when you're using it to decrypt data.

The chance of a keylogger or spyware getting something on a removable drive that's only inserted for a minute or two as needed is pretty slim I would think.


-FF




malware needn't be on the removable media to snag the data - only on a system that has read access to said media.

Though that's really not a bad idea.


Extras: Filter Print Post Top
OfflineEl Zorro
in heaven
Registered: 03/21/07
Posts: 902
Last seen: 2 years, 27 days
Re: Hushmail rats users to feds [Re: eeso]
    #7635903 - 11/14/07 04:19 PM (16 years, 2 months ago)

Quote:

eeso said:
Quote:

El Zorro said:
Hushmail did not rat out anyone.

The DEA established probable cause by responding to an AD on a steroid discussion board. They then communicated with the steroid supplier via e-mail and set up several buys this way. They then issued a federal subpoena to Hushmail which they could not refuse.

The lesson here is don't advertise on a public discussion board that you are selling illegal drugs.




Well I understand all that, you miss the point completely. Do you understand what hushmail is and how it works?

Mail between hushmail accounts is usually PGPed using one of their web apps. They shouldn't have access to or store the users pass-phrase EVER and wouldn't unless they themselves obtained it surreptitiously.

Without this passphrase none of the stored encrypted messages in the users mailbox would be intelligible rendering the stored data in it useless for the governments purposes.

Hushmail stole a users passphrase using their own systems (not really that difficult) But they do not disclose that they can and do, do this.
This is certainly not the first time it's been done - even if it's the first we know about.

Therein lies the ethical rub.





You're right.
That negates the whole purpose of Hushmail doesn't it?


Extras: Filter Print Post Top
Invisibleeeso
Str@nger
Male User Gallery
Registered: 03/25/07
Posts: 554
Re: Hushmail rats users to feds [Re: El Zorro]
    #7635921 - 11/14/07 04:25 PM (16 years, 2 months ago)

Quote:

El Zorro said:
Quote:

eeso said:
Quote:

El Zorro said:
Hushmail did not rat out anyone.

The DEA established probable cause by responding to an AD on a steroid discussion board. They then communicated with the steroid supplier via e-mail and set up several buys this way. They then issued a federal subpoena to Hushmail which they could not refuse.

The lesson here is don't advertise on a public discussion board that you are selling illegal drugs.




Well I understand all that, you miss the point completely. Do you understand what hushmail is and how it works?

Mail between hushmail accounts is usually PGPed using one of their web apps. They shouldn't have access to or store the users pass-phrase EVER and wouldn't unless they themselves obtained it surreptitiously.

Without this passphrase none of the stored encrypted messages in the users mailbox would be intelligible rendering the stored data in it useless for the governments purposes.

Hushmail stole a users passphrase using their own systems (not really that difficult) But they do not disclose that they can and do, do this.
This is certainly not the first time it's been done - even if it's the first we know about.

Therein lies the ethical rub.





You're right.
That negates the whole purpose of Hushmail doesn't it?





Pretty much yea.

BTW I'll agree that they perhaps didn't 'rat' out anyone, depending on how you define that - that was just the title of the cryptome page.


Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: PhytoExtractum Kratom Powder for Sale   Bridgetown Botanicals CBD Concentrates


Similar ThreadsPosterViewsRepliesLast post
* Hushmail.Com Fungi_x 1,886 7 10/31/03 01:15 PM
by windex
* Hushmail no longer secure? Anonymous 172 1 09/27/11 04:17 AM
by Alan Rockefeller
* What's up with hushmail? 4/23/05 - 7:30pm PST Mobius_Strip 935 11 04/25/05 07:16 PM
by Mobius_Strip
* hushmail. Anonymous 1,238 6 09/17/03 10:22 AM
by Lana
* Hush/Hushmail.com rats/snitches exposed!!! Crystal G 2,023 9 01/30/08 11:23 PM
by PoisonedV
* News: Encrypted E-Mail Company Hushmail Spills to Feds gryphix 765 3 11/12/07 05:37 PM
by elcharrosays
* Hushmail alternatives stickfigure 221 3 12/16/10 04:00 PM
by Anonymous
* hushmail, ziplip, etc. Xochitl 1,107 2 08/23/03 12:11 AM
by Xochitl

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
915 topic views. 0 members, 1 guests and 0 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.023 seconds spending 0.007 seconds on 15 queries.