Please Scroll Down to See Forums Below
heard the rumors that hushmail was compromised
- Thread starter pisa con pele
- Start date
[email protected]
New member
I think the DEA is looking for orders in bulk and other drugs in such orders! Dealers and the like! I don't really worry don't worry until Hushmail was comprised! I just hope my luck doesn't run out and get busted for simply bulking up and making gains, just to get a "knotch" on someone's belt!? I'd move to Europe and send them a "FUCK YOU ASSHOLES!" cards every day with an amp or tab attach to each one card!!" lol lol
DJ_UFO said:
I will agree to this answer. may not like it but, that is the way it is. we always wind up paying the bill.. normal working class folks who do what is somewhat right cant even use some bodybuilding supplaments that are legal in other countries. but with all of the technology, we can bust gear heads but cant stop the cocaine traffic at all and can not find bin ladin or stop arabs from training to be pilots in our country to blow us up.. just plain sucks when you really think about it..
Everybody -- do yourself a favor -- go look up "diceware."
When you find it there will also be link to how to use it to make a good passphrase for Hushmail.
I'm not going to link to it here for two reasons -- one, someone too lazy (or too stupid) to find it himself probably won't use it anyway... and two, we don't need to have EF show up in the guy's logs as a "referrer."
When you find it there will also be link to how to use it to make a good passphrase for Hushmail.
I'm not going to link to it here for two reasons -- one, someone too lazy (or too stupid) to find it himself probably won't use it anyway... and two, we don't need to have EF show up in the guy's logs as a "referrer."
I agree.
digger said:
[email protected]
New member
pisa con pele said:
"You shouldn't worry about getting busted by the DEA just yet!!! They want to shut down the underground labs and go after the dealers first! Then the damn bastards may come after us! Yet, there are so many of us(You know what I mean)it would be a waste of man hours and the money! The government is already broke and hell they may even shut down the DEA from going after steriods; etc to save money! Relax!" LOL
Fidel_Castro
New member
Hushmail To Warn Users of Law Enforcement Backdoor
By Ryan Singel
November 19, 2007 2:08:23 PM
Categories: Crime, Hacks and Cracks, Privacy
http://blog.wired.com/27bstroke6/2007/11/hushmail-to-war.html#previouspost
Hushmail, the web's leading provider of encrypted web mail, updated its
explanation of its security model, confirming a THREAT LEVEL report that
the company can and will eavesdrop on its users when presented with a
court order, even if the targets uses the company's vaunted Java applet
that does all the encryption and decryption in a browser.
As THREAT LEVEL reported earlier this month, Hushmail provided 12 CDs of
emails in June to U.S. officials targeting steriod manufacturers. But
Hushmail promises users that "not even a Hushmail employee with access
to our servers can read your encrypted e-mail, since each message is
uniquely encoded before it leaves your computer."
Hushmail responds only to court orders from the Supreme Court of British
Columbia that target specific, named accounts, according to Hushmail's
CTO Brian Smith. In the steriod case, the Drug Enforcement Agency used a
mutual legal assistance treaty to get a Canadian court order, according
to court documents.
But when the company gets a court order, "we are required to do
everything in our power to comply with the law," according to an updated
explanation of Hushmail's security.
That everything seems to include sending a rogue Java applet to targeted
users that will then report the user's passphrase back to Hushmail, thus
giving the feds access to all stored emails and any future emails sent
or received.
The Canadian email provider offers two options for its users. One method
works nearly identically to typical webmail, with the exception that the
company's Encryption Engine, encrypts and decrpyts messages that go to
or from other Hushmail users (or to people who use PGP or GPG running on
their own computers). In that service, Hushmail's servers briefly see
the passphrase that unlocks a user's emails, but normally does not store
it.
A second option sends the Encryption Engine to a user's browser as
a Java applet. That method, where the encryption and decryption of
email is done in the browser and the passphrase never leaves the user's
computer, was widely presumed to be much safer than the webcentric
version.
But Hushmail's update of their website and a statement made to THREAT
LEVEL by Smith make clear that Hushmail will compromise that applet when
served with a court order.
When one Hushmail users sends an email to another Hushmail user, the
body and attachments of that email are kept on our server in encrypted
form, and under normal circumstances, we would have no access to that
data. However, since Hushmail is a web-based service, the software
that performs the encryption either resides on or is delivered by our
servers. That means that there is no guarantee that we will not be
compelled, under a court order issued by the Supreme Court of British
Columbia, Canada, to treat a user named in a court order differently,
and compromise that user's privacy. (emphasis added)
In an earlier conversation, Smith told THREAT LEVEL that using the Java
applet would not help a person targeted by law enforcement.
The extra security given by the Java applet is not particularly
relevant, in the practical sense, if an individual account is
targeted.
The site also recommends that anyone engaged in illegal behavior or
"activity that might result in a court order issued by the Supreme Court
of British Columbia" not rely on Hushmail to hide their activities.
As for other encrypted email solutions, Hushmail has this to say about
GnuPG and PGP Desktop.
PGP Desktop and GnuPG are not web-based services. They install
as software on your computer. Installed software is different
from a web-based service in that you don't rely on the owner
of the website to run the software correctly. You take on that
responsibility yourself. If used correctly, both PGP and GnuPG
can provide an extremely high level of security. When choosing
your security solution, carefully weigh the convenience and
ease-of-use of Hushmail against the inherent limitations of
a web-based service.
Hushmail's CTO Brian Smith deserves credit for his candor and his
continued frank responses to THREAT LEVEL. I would like to stress that
we are not reporting that Hushmail is a scam of any sort. We are simply
reporting that the company can and does turn over emails when given a
court order, regardless of which Hushmail flavor a person may use --
something that the company did not clearly disclose to its customers.
Original article: http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html#previouspost
By Ryan Singel
November 19, 2007 2:08:23 PM
Categories: Crime, Hacks and Cracks, Privacy
http://blog.wired.com/27bstroke6/2007/11/hushmail-to-war.html#previouspost
Hushmail, the web's leading provider of encrypted web mail, updated its
explanation of its security model, confirming a THREAT LEVEL report that
the company can and will eavesdrop on its users when presented with a
court order, even if the targets uses the company's vaunted Java applet
that does all the encryption and decryption in a browser.
As THREAT LEVEL reported earlier this month, Hushmail provided 12 CDs of
emails in June to U.S. officials targeting steriod manufacturers. But
Hushmail promises users that "not even a Hushmail employee with access
to our servers can read your encrypted e-mail, since each message is
uniquely encoded before it leaves your computer."
Hushmail responds only to court orders from the Supreme Court of British
Columbia that target specific, named accounts, according to Hushmail's
CTO Brian Smith. In the steriod case, the Drug Enforcement Agency used a
mutual legal assistance treaty to get a Canadian court order, according
to court documents.
But when the company gets a court order, "we are required to do
everything in our power to comply with the law," according to an updated
explanation of Hushmail's security.
That everything seems to include sending a rogue Java applet to targeted
users that will then report the user's passphrase back to Hushmail, thus
giving the feds access to all stored emails and any future emails sent
or received.
The Canadian email provider offers two options for its users. One method
works nearly identically to typical webmail, with the exception that the
company's Encryption Engine, encrypts and decrpyts messages that go to
or from other Hushmail users (or to people who use PGP or GPG running on
their own computers). In that service, Hushmail's servers briefly see
the passphrase that unlocks a user's emails, but normally does not store
it.
A second option sends the Encryption Engine to a user's browser as
a Java applet. That method, where the encryption and decryption of
email is done in the browser and the passphrase never leaves the user's
computer, was widely presumed to be much safer than the webcentric
version.
But Hushmail's update of their website and a statement made to THREAT
LEVEL by Smith make clear that Hushmail will compromise that applet when
served with a court order.
When one Hushmail users sends an email to another Hushmail user, the
body and attachments of that email are kept on our server in encrypted
form, and under normal circumstances, we would have no access to that
data. However, since Hushmail is a web-based service, the software
that performs the encryption either resides on or is delivered by our
servers. That means that there is no guarantee that we will not be
compelled, under a court order issued by the Supreme Court of British
Columbia, Canada, to treat a user named in a court order differently,
and compromise that user's privacy. (emphasis added)
In an earlier conversation, Smith told THREAT LEVEL that using the Java
applet would not help a person targeted by law enforcement.
The extra security given by the Java applet is not particularly
relevant, in the practical sense, if an individual account is
targeted.
The site also recommends that anyone engaged in illegal behavior or
"activity that might result in a court order issued by the Supreme Court
of British Columbia" not rely on Hushmail to hide their activities.
As for other encrypted email solutions, Hushmail has this to say about
GnuPG and PGP Desktop.
PGP Desktop and GnuPG are not web-based services. They install
as software on your computer. Installed software is different
from a web-based service in that you don't rely on the owner
of the website to run the software correctly. You take on that
responsibility yourself. If used correctly, both PGP and GnuPG
can provide an extremely high level of security. When choosing
your security solution, carefully weigh the convenience and
ease-of-use of Hushmail against the inherent limitations of
a web-based service.
Hushmail's CTO Brian Smith deserves credit for his candor and his
continued frank responses to THREAT LEVEL. I would like to stress that
we are not reporting that Hushmail is a scam of any sort. We are simply
reporting that the company can and does turn over emails when given a
court order, regardless of which Hushmail flavor a person may use --
something that the company did not clearly disclose to its customers.
Original article: http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html#previouspost
