FEDS have access to HUSHMAIL READ

jh1 · Oct 8, 2007

If anything convinces everyone that Hushmail is on the up and up it should be this:

https://www.hushmail.com/services-downloads?

All of their source code available for download. You can compile that yourself and never use any precompiled code from them. Open Source programs - especially when it comes to security software - is torn apart by security researchers looking for holes and vulnerabilities.

Mavafanculo · Oct 8, 2007

jh1 said:
If anything convinces everyone that Hushmail is on the up and up it should be this:

https://www.hushmail.com/services-downloads?

All of their source code available for download. You can compile that yourself and never use any precompiled code from them. Open Source programs - especially when it comes to security software - is torn apart by security researchers looking for holes and vulnerabilities.

This is getting towards the "crypto community oversight access to Hushs source and implementation of PGP" --

BUT..... to play skeptic and Devils advocate: - >

1) is the source included for the "DLL wrapper on the java applet" - if not, this binary would be a safe haven possibility for a backdoor or a sidedoor

2) same as #1 for the downloadable " Java libraries for communicating with the Hush Key Servers " source included?

3) if ALL source is included, then reviewed, and deemed clean by peer review or Audit Letter, and then the resulting executables compiled from that source code are compared and identical to the executables deployed in the applets downloaded each time you access Hush, then its all good (and the keylogger was the likely failure point)

-> as far as users compiling all the components from all the source and using that instead of what Hush downloads to you, even if technically do'able (not sure) because of all the languages involved and the tech expertice neccessary, this would be practical for about 0.00000001% of the Hushmail users.

I suppose a safe setup would be having a trusted independent crypto organization do the review and compile and then you'd download the executable from their site. sort of an escrow for the trustworthy executables.

But all in all, Occam would say this likely leaves Keylogger as the likely failure point IF the conditions above are met

It all boils down to independent review and then being sure you are using what was independently reviewed.

slat1 · Oct 8, 2007

If anyone thought there was such a thing as "secure email" they are a bit naive!

jh1 · Oct 8, 2007

slat1 said:
If anyone thought there was such a thing as "secure email" they are a bit naive!

Sorry Bro... you're gonna have to qualify that statement. That's way broad of a statement.

Email can be secure, you have to handle it properly.

slat1 · Oct 8, 2007

jh1 said:
Sorry Bro... you're gonna have to qualify that statement. That's way broad of a statement.

Email can be secure, you have to handle it properly.

It may be safe from Joe Schmoe but the Feds can crack that shit in a second if they want to do it.
In other words. If you raise a Red Flag they will access secure email just as quickly as regular.
I also mentioned in another thread being at the AVN Awards and walking past the Consumer Electronics Convention.
At the entrance there was a huge screen that was showing everyones email log in and password. The password would have a star or two covering random letters.
The point was if you logged in at any hotel they cracked that shit in seconds and had it up on a scrolling screen.
There were more then a few "secure" addresses up there!

jh1 · Oct 8, 2007

slat1 said:
It may be safe from Joe Schmoe but the Feds can crack that shit in a second if they want to do it.
In other words. If you raise a Red Flag they will access secure email just as quickly as regular.
I also mentioned in another thread being at the AVN Awards and walking past the Consumer Electronics Convention.
At the entrance there was a huge screen that was showing everyones email log in and password. The password would have a star or two covering random letters.
The point was if you logged in at any hotel they cracked that shit in seconds and had it up on a scrolling screen.
There were more then a few "secure" addresses up there!

Nah... that's not correct rob....

Encryption when implemented properly is a road block even for the highest levels of our government. At the very least it is not trivial.

jh1 · Oct 9, 2007

Something of importance to note here.

The feds will always be able to get your email headers revelaing your IP address, then subpeona to reveal the owner of that IP address and then install a keylogger as I beleive they did in this case - therefore exposing your encypted emails because they have your passphrase.

T.OR or another truely secure privacy proxy can prevent the feds from ever getting to the point of indentifying you or your physical location, preventing the possibility of a keylogger, preventing the possibility of a decrypting your emails, preventing indictment.

If Osoca had used T.OR the entire chain of events outlined in the indictment would have fell apart from the get go - because it began with the feds getting his IP from his email headers - everything else was reliant upon that key peice of information.

Obviously, if I was trying to avoid such situations - I'd take even more steps to secure my identity. But that was key to this indictment....

BIGBUCK$ · Oct 9, 2007

feds have access to anything they want. accept it already.

jh1 · Oct 9, 2007

jh1 said:
Something of importance to note here.

The feds will always be able to get your email headers revelaing your IP address, then subpeona to reveal the owner of that IP address and then install a keylogger as I beleive they did in this case - therefore exposing your encypted emails because they have your passphrase.

T.OR or another truely secure privacy proxy can prevent the feds from ever getting to the point of indentifying you or your physical location, preventing the possibility of a keylogger, preventing the possibility of a decrypting your emails, preventing indictment.

If Osoca had used T.OR the entire chain of events outlined in the indictment would have fell apart from the get go - because it began with the feds getting his IP from his email headers - everything else was reliant upon that key peice of information.

Obviously, if I was trying to avoid such situations - I'd take even more steps to secure my identity. But that was key to this indictment....

I missed the money on this. As the investigators always say - follow the money.

They would have identified this guy via the greendot money transfers eventually as well.

ironclaw · Oct 9, 2007

BigGuyPHX said:
I am so fucking sick of this bullshit!!! I will not live in fear!!! If you fuckers are reading this you can lick my steroid taking ass!!! I will not live in fear!!! This is MY body not yours and I WILL do with it as I want to!!! I will not live in fear!!! Read my email, listen to my cellphone calls, take pictures of me running red lights and I STILL WILL NOT LIVE IN FEAR!!!

FUCK YOU AND HAVE A NICE DAY!!!

BigGuyPHX

FUCKING A: I second that motion. the feds and any other LE can kiss my fucikng ass too. Get a fucking life and leave us hard working law abiding citizens who only live for one thing: Getting a good workout in after work and going home and taking care of our kids and families. Fuck ya'll, other than ordering a few cycles here and there for personal use, we don't bother anyone. So, if it's such a fucking crime to feel good about yourself, have good workouts, and look good in tight tee shirts, then for all means.... come fuck with me you cocksuckers.

FEDS have access to HUSHMAIL READ

jh1

New member

Mavafanculo

New member

slat1

New member

jh1

New member

slat1

New member

jh1

New member

jh1

New member

BIGBUCK$

New member

jh1

New member

ironclaw

MVP

Similar threads