Please Scroll Down to See Forums Below
napsgear
genezapharmateuticals
domestic-supply
puritysourcelabs
UGL OZ
UGFREAK
napsgeargenezapharmateuticals domestic-supplypuritysourcelabsUGL OZUGFREAK

Encrypted mail doesnt do shit!

That's what I've always thought. Pick whatever email you like, it doesn't mean shit. If they want to read it, they will.
 
Look at what that porogram is doing if somwething can see what you are doing like that and know what you type that makes pgp useless! they just read it as or before you encrypt it if they know what keystrokes and have a pic of what you are doing then encryption has found its one major fault!

The small end users wouldnt need to worry about it, or you wont need to worry unless you are sourcing or doing something persay... right?1? Wrong if you send the email to a source and even with pgp the govt will be able to read your message as he decrypts it making your encryption faulty and easily breakable even when they arent watching you directly! Either weay for whatever we dso to encryp it will help against the average hacker/PI/family but if the government wants you they WILL get you it is just a matter of when and where!
 
So what you are saying is that the gov't knows what keys I am pressing right now? Without even sending the data across the net? If that's what u think, then you don't understand how it works.
First off the only way they can see your keystrokes is to either have a piece of hardware attached between your keyboard and computer or a software that records it on your comp.
Now let's get into encryption. The way hushmail encryption works is that it loads up a java applet that in essence is the encryption tool. This loads up BEFORE you insert your password. You type in your password and don't press enter yet. Guess what, the gov't has no clue what u just typed. The second you pressed enter, the data goes out in packets across the net BUT before it goes out it gets encrypted. So a passward of "jackfrost" could look like fjeEE$$^&.. Now that is the text travelling across the phone lines etc. So the gov't nabs it. First off they have no clue if it's just garbage or not. Think about how much data they are looking at. In case they have specifically targeted you, then they would have to know the algorithm to decrypt the password. This is no easy task or hushmail would be out of business pretty fast. Hushmail is situated in the UK if I remember correctly so it's out of the DEA's juristiction. Of course they can work with the authorities in the UK to force hushmail to hand over passwords but I highly doubt they'll do this for steroid users.
Getting back to the message now. When u type your message in the elite/hushmail/cyber-rights text box, the second you press enter, you see it convert to some jibberish, this is what goes out across the net.
That program carnivore that sniffs all data would be able to pick up jack from encrypted email. Not yet anyway. Who knows what they can come up with in the future.
Just for your information, sending data from elite to cyber-rights to hush or any of these combinations will garantee it is encrypted. From elite to ziplip it is not encrypted as the algorithm's are different so one email system cannot decrypt the other.
Hope that clarifies some stuff for u guys. Do things the riguht way and you shouldn't have any problems. Encrypted mail is still safe.
 
MuSuLPhReAk said:
So what you are saying is that the gov't knows what keys I am pressing right now? Without even sending the data across the net? If that's what u think, then you don't understand how it works.
First off the only way they can see your keystrokes is to either have a piece of hardware attached between your keyboard and computer or a software that records it on your comp.
Now let's get into encryption. The way hushmail encryption works is that it loads up a java applet that in essence is the encryption tool. This loads up BEFORE you insert your password. You type in your password and don't press enter yet. Guess what, the gov't has no clue what u just typed.
Click to expand...
why not? there are programs which record everything you type and save it in a temp space to transmit the data to a designated server when you are connected to the internet. It is quite easy to spy on coworkers with tools like netbus or backorifice this way. to inject this kind of software onto a pc without having physical contact is harder but possible for an experienced hacker.

http://www.symantec.com/avcenter/warn/backorifice.html
 
Worried about Carnivore?

(Thanks Arty)

Carnivore-Free ISPs

The following is the list of ISPs that have publicly declared that they will not allow the use of Carnivore on their networks:

RMI.Net: This statement was quoted in a 7-12-00 story by ZDNet: "I would have to say we would fight such a court order," said Ehud Gavron, the chief technology officer of RMI.Net Inc., an ISP based in Denver with 110,000 subscribers. "We would not want the privacy of all users to be compromised on the basis of witch hunts for one user." (This statement has not been confirmed by StopCarnivore.org)
Ace-Computers: From Owner Roger Alumbaugh: "If ever approached we would simply refuse to allow the FBI access and would shut down our mail servers before allowing such an invasion. We are not required by law to offer an email program and they can not force us to continue to offer any particular service.
Bottom line... I would go to jail before putting our customers at risk with this invasion of privacy"
WebWings.Net: From Owners J & M Mankowski: "Yes we are a small community ISP. Yet freedom begins at home. WebWings.Net will refuse the F.B.I.'s request or demand to run Carnivore on our systems."
Earthlink: Earthlink (which was forced to install Carnivore back in 1999 after fighting it in court, and which then removed it after having Carnivore-related problems with their network) has issued the following statement: "We do not allow the installation of Carnivore on our network because it has the potential to compromise the privacy of our legitimate users and the performance of our network. We have an internal solution which allows us to comply with court orders without the presence of government personnel or equipment in our buildings. The government accepts this solution since they still receive the requested information about the criminal suspect, and we sleep well knowing that our customers are safe from unauthorized surveillance." (This statement was confirmed by StopCarnivore.org via telephone call with Earthlink's Director of Investigations)
X-Mail.net: From an e-mail by their webmaster: "We run a free Web Based E-Mail and hosting service. Our servers are located in Canada, out of Carnivore's reach."
Not an ISP per se, but I'll list them because they asked, and they seem proud to be Carnivore-Free (and rightly so).
Click here to see the ISP's that have issued non-answers and half-answers.

If you know of another ISP that has made a clear statement of this nature, or if you represent an ISP and you would like to be on this list, please contact us at [email protected].


Here is the link there is a lot of good info here...

http://stopcarnivore.org/carnfreeisps.htm

:fro:
 
What exactly is Carnivore?

(Thanks Majc)

computer security-please read Post #1

Since it comes up so often, I decided to write a little observation/recommendation list concerning personal computer security. This is a work in progress, so anyone feel free to add to it.

The government has implemented an internet monitoring tool known as Carnivore. What carnivore does is monitor email messages through text searching, meaning it searches for certain keywords like “primobolan” or “cocaine” in the mail. While the FBI claims it only looks at the subject header, I doubt it limits itself to just that. As an example, you send an email ordering 50 amps of Primo. Carnivore picks this up and saves the message. your friendly G-Man looks at the message and decides to set carnivore to monitor al messages coming from your email addy. Later, when you send shipping info, the nice G-Man gets the info and calls customs to have them stop all packages going too your address. Cojntrolled delivery, Bye bye.

As a result, mail needs too be sent in a way that only the recipient can read it. This problem is solved by data encryption, a process by which a message is turned into an unreadable form. As an example,

this is the un-encrypted message.

And this is what that message looks like after it is encrypted:

-----BEGIN PGP MESSAGE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

qANQR1DBwU4DzfcyOrm77gYQB/0QBDOZ5ASlWgmS05daR3CMnJjgXUiPm7WNOeJE
LNDbZ9BJTVUenVzpkbGMj2KpDWHdHzZjw6C3oiw8WxSnHUONLL
LYCS5WPcH8cv51
UsmKi3JedRYIXKFLym01vkr3fBlMBVcSAEUKms3pDXZef4OKC4
B4WE6jylgH94QG
aHX3qpZeXx4moLIJ3ZDO58EGkvUK0wPj9qFifDc7nELebB0WM6
V74SbxVP9HlrjT
wr/ dYukH71PBmg9GsAl18ufKMOKxvrZIblGII49QISbhrvGRiJBNX
hV1jQ4qaAxO
MSENZeslnJDUvlaf20ci5bS1QCkiyzqXYGdaUIfeko65gFAjCA
DwTwS3WfC+oNlP
x9axAZIbzbrhKl6KV/euc9+NC8he1A/FCQgEmZgbUgf6r0j7B0zTleWqLhtGLD03
TG5o82rVFrtFJdIDvNoeQmF7uEpWiK10bKFA74fJ5lrAqlqz0e
hrjaVwVpD1duBq
cogB5g2ghNjNyE+R/YFncl49JO/QUPdo1VANCZSvZVKfMqWxJeY6IxizSfDleVbY
ITHXoL3TjT2reUKxZmIQMu6sHcwXnmVTlS3koSLU1ohWOHoQ4s
SSLoEF1HRop7pA
NaEHlDStcTbdoy7qxTKTwYsEb9A6hy6rTqRoI04SISUVgGbMcv
c0+WwvELqcoSq8
MYCO0zpNyTjNFg4KGm0U5zfjwx0YuCKNJJiLNNdAjq8KffH+Zi
fLOBM6FktzP0Ew
rx8cVIRjr75vGTrr40a9gw==
=jj4T
-----END PGP MESSAGE-----

See! Can't makes heads or tails of it, can you? Well, neither can carnivore. However, how can your recipient read the message? with a key. This key can be sent via email too the recipient who can decrypt any message you send too him/her. Generally, I wouldn't include both the message and the key in the same email. The Key is output in a text format just like above except "BEGIN PGP KEY" and "END PGP KEY" appear. This key actually consists of a pair, one for you and one for other people to read your message. This key pair is protected by a password or "passphrase", which you create yourself.

The process is very quick and a snap to use. How much does this marvel cost? Nothing. One implementation of this process is known as PGP "Pretty Good Privacy" and is available from http://www.pgpi.org/

How secure is PGP? Very.
right now the only two ways of defeating PGP are:

1. attacking the encrypted message by brute force eg. guessing every possible key.
2. attacking the key's passphrase

Since even the most powerful supercomputer could take decades or even centuries too guess every key, this is simply not feasible. Therefore, figuring out someone's passphrase is the only way to go. As a result your passphrase must be strong. It must have letters, characters, nonsense phrases or anything that only you would know. The stronger the passphrase the longer it takes to guess it, again brute force takes too long. This brings us to the "magic lantern" everyone is talking about. the idea is the FBI "infects" your computer with a Trojan horse which records all your key strokes and can be used to get your passphrase. It sends this information from your computer over the net to the FBI. This idea is not new and hackes have been using it for years now. what I mean is that this is neither new nor very clever. However, it is an issue that you need to address. this brings us to the second part:

In order for someone to remotely access your system over the internet they need to know you exist. This is accomplished by pinging your ip address to see if anyone responds. Since you don't want too respond you want what's called a firewall. A firewall can be either hardware or software and should also monitor outbound traffic too alert you too any program which is trying to send information without your knowledge. Such software is usually called "spyware"
A software firewall exists which does this and it is free, Zonealarms. As a backup you can also use ad-aware.I really depends on how paranoid you are. However, an ounce of prevention goes a long way.

As far as the virus thing keep your anti-virus software updated or do the online scan at trendmicro, it's free. Never open email attachments. anyway, I'll add anything if I think of it.

:fro:
 
In order to track every click you make they need to install a trojan on your system and even if it is installed I bet its transmissions could be blocked if you know the comm type and port its using and block it.
 
Sorry to burst your bubble. But I think the FBI or other government agency has the technology available to them to decrypt or generate a key to read those encrypted messages. I think the software/utilities available today are simply out there to prevent your average Joe from reading your messages.
 
Re: What exactly is Carnivore?

drveejay11 said:
However, how can your recipient read the message? with a key. This key can be sent via email too the recipient who can decrypt any message you send too him/her. Generally, I wouldn't include both the message and the key in the same email. The Key is output in a text format just like above except "BEGIN PGP KEY" and "END PGP KEY" appear. This key actually consists of a pair, one for you and one for other people to read your message. This key pair is protected by a password or "passphrase", which you create yourself.
Click to expand...
PGP does not work this way. Asymmetric encrpytion means that if you start it for the first time PGP generates a key pair - a private key and a public key. You then have to distribute the public key to those who want to send you secure email. A good way is to post it on a public board like this:
http://anabolicfitness.infopop.net/2/OpenTopic?a=tpc&s=702093973&f=1903038632&m=1223037496
http://www.testonet.com/showthread.php?s=&threadid=49

if someone wants to send you encrypted email, he encrypts it with this public key. only the one who holds the corresponding private key is now able to decipher the message. no one else, not even the original sender can do anymore.

your private key never leaves your system. a weakness of PGP is the safe storage of this private key. PGP stores it in a disk file (the so call private keyring) and encrypts it with a passphrase which you have to remember each time you want to access your private key. if you lose the disk file you will not be able to read any of your messages anmore; PGP offers you to backup the keyring file on a floppy disk for example.

if your passphrase is long enough this keyring storage is secure. with 2048-bit keys the assymmetric message encryption is also secure. these algorithms are public domain, thousands of mathematicians have tried for 20+ years to crack the algorithm, no avail. there is proof that you would need thousands of years to brute force attack PGPs encryption.
 
Re: Re: What exactly is Carnivore?

Punschkrapfen said:

PGP does not work this way. Asymmetric encrpytion means that if you start it for the first time PGP generates a key pair - a private key and a public key. You then have to distribute the public key to those who want to send you secure email. A good way is to post it on a public board like this:
http://anabolicfitness.infopop.net/2/OpenTopic?a=tpc&s=702093973&f=1903038632&m=1223037496
http://www.testonet.com/showthread.php?s=&threadid=49

if someone wants to send you encrypted email, he encrypts it with this public key. only the one who holds the corresponding private key is now able to decipher the message. no one else, not even the original sender can do anymore.

your private key never leaves your system. a weakness of PGP is the safe storage of this private key. PGP stores it in a disk file (the so call private keyring) and encrypts it with a passphrase which you have to remember each time you want to access your private key. if you lose the disk file you will not be able to read any of your messages anmore; PGP offers you to backup the keyring file on a floppy disk for example.

if your passphrase is long enough this keyring storage is secure. with 2048-bit keys the assymmetric message encryption is also secure. these algorithms are public domain, thousands of mathematicians have tried for 20+ years to crack the algorithm, no avail. there is proof that you would need thousands of years to brute force attack PGPs encryption.
Click to expand...

Agreed. Now isn't hushmail 2048 bit encryption? :)
 
The funny thing about it is... that encrypted mail programs such as PGP are MORE likely to be used as evidence against you in court than programs such as Yahoo or Hotmail.

The reason being is that there is a direct link to your encryption key to you... whereas an e-mail like Yahoo.. it could have been sent by anyone... even from your computer... the doubt would be there.

I've found the BEST way to say something is to say it out in the open (Yahoo), but to say it in a way that only you and someone else would understand... kinda like your own language...

That's just MY opinion.

C-ditty
 
You must log in or register to reply here.

Similar threads

jasonhill800
10 Ways to Boost Testosterone Naturally
Replies
13
Views
3K
Tiger Salman Khan
Tiger Salman Khan
A
Think Encrypted email is Safe???? Read this..
Replies
2
Views
2K
sterolizer
S
RUI-Products
  • Sticky
RUI-Products FAQ's List
Replies
0
Views
3K
RUI-Products
RUI-Products
B
Are Prostitutes Better Than Normal Women?
Replies
49
Views
56K
NAVIRA
N
G
HCG On Cycle... Yes? or No?
Replies
1
Views
2K
Johnny 138
J
Top Bottom