| Re: Ping victor |
EasyNews, UseNet made Ea .. |
| HMS Victor Victorian (victorvictorian@hushunomail.com) |
2011/09/25 09:43 |
Path: news.nzbot.com!spool1.sonic-news.com!pull-news.sonic-news.com!s05-b27.iad!npeersf02.iad.highwinds-media.com!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news-in-01.newsfeed.easynews.com!easynews!core-easynews-01!easynews.com!en-nntp-05.dc1.easynews.com.POSTED!not-for-mail
From: HMS Victor Victorian <victorvictorian@hushunomail.com>
Newsgroups: alt.fan.utb.naughty-boy
Subject: Re: Ping victor
Message-ID: <bqiu771psq6ablch0b60q2isvqt3adrq4t@4ax.com>
References: <4e7a4ec4$0$5505$c3e8da3$eb767761@news.astraweb.com> <pfmk77ts8kfqjjd3vjbioqe809eh9nfh3i@4ax.com> <20110924211510.EC9428145C@fleegle.mixmin.net>
X-Newsreader: Forte Agent 4.2/32.1118
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Lines: 331
X-Complaints-To: abuse@easynews.com
Organization: EasyNews, UseNet made Easy!
X-Complaints-Info: Please be sure to forward a copy of ALL headers otherwise we will be unable to process your complaint properly.
Date: Sun, 25 Sep 2011 09:43:08 -0600
Xref: news.nzbot.com alt.fan.utb.naughty-boy:4662
X-Received-Date: Sun, 25 Sep 2011 15:43:09 UTC (s05-b27.iad)
On Sat, 24 Sep 2011 22:15:10 +0100 (BST),
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA512
>
>HMS Victor Victorian wrote in alt.fan.utb.naughty-boy on Wednesday 21
>September 2011 17:42 in Message-ID: <pfmk77ts8kfqjjd3vjbioqe809eh9nfh3i@4ax.com>:
>
>> On 21 Sep 2011 20:53:28 GMT, "'C-O,Z*-M.O S+" <me@who.com> wrote:
>>
>>> Dear Victor
>>> I do hope I can enrol you onto my ad hock security pgp-training course!
>>>
>>> I understand it is a non-urgent project but none the less, believe it
>>> would be worthwhile to add the new skills to your armoury
>>> Yours faithfully
>>> Cos
>>
>> Dear Cosmos,
>>
>> You are my last letter for this evening. How very curious that I also
>> had an individual heretofore unknown to me write me at my addie with a
>> very detailed request for the same.
>
>'Twas I, I believe.
>
>> Have I missed something? Happens, you know!
>
>I believe Cozmos is mistaken when he states that this is 'non-urgent' as
>so-called 'lawful access' legislation coming down the pipe in Canada will
>completely gut Hushmail's already-questionable security model.
>
>In my view, Hushmail has been in the doghouse since 2007, when the DEA's
>"Operation Raw Deal" went down.
>
>As you may recall from my message, the U.S. Drug Enforcement Administration
>(DEA) managed to obtain some 12 CDs worth of decrypted email between one
>Tyler Stumbo, his Chinese bulk steroid supplier, as well as various
>customers of Stumbo's.
>
>Stumbo and his associates believed that because Hushmail was headquartered
>in Vancouver, B.C., it was beyond the reach of American law-enforcement.
>Nominally, this is true -- warrants issued by U.S. courts are of no force
>nor effect in Canada -- however, they did not take into account the
>existence of the Mutual Law Enforcement Assistance Treaty (MLAT).
>
>Furthermore, Stumbo and his various associates swallowed -- hook, line and
>sinker -- the outright lies then made by Hushmail that:
>
>* Even their own staff couldn't read their customers' email;
>
>* That no IP address logging was carried out so as to map IP addresses to a
> particular Hushmail account holder;
>
>* That, if the authorities were to subpoena a Hushmail account holder's
> messages, all they would receive in response were PGP encrypted messages.
>
>These claims are documented in copies of Hushmail's FAQ as archived by the
>Internet Archive's Wayback Machine.
>
>As can be seen from their own FAQs, Hushmail flat-out lied to their own
>customers -- no surprise here, for if their customers knew the truth, they
>wouldn't have used Hushmail in the first place, but rather explored more
>secure alternatives.
>
>The supreme irony here is that, by 2007, secure alternatives (in the form of
>nymservers and remailers) had been in existence for a dozen years or more.
>Had Stumbo, his Chinese suppliers and customers made proper use of these
>tools, many of them -- including Stumbo himself -- would likely not be
>rotting in jail cells right now.
>
>- From the Hushmail FAQ dated 2001-06-25 as saved by the Internet Archive
>(Wayback Machine):
>
> 34. Does HushMail have a "back door" that can be accessed by government
> agencies?
>
> No. Email, which includes attachments, sent between Hush users is
> completely encrypted.
>
>
> 35. What if my message is subpoenaed?
>
> Hush will answer valid, court-issued subpoenas. However, if the mail
> is fully encrypted, the subpoenaed version will not resemble the
> original text version.
>
>You can see here that Hushmail are implying that encrypted data will be
>supplied in response to a subpoena; a later revision of Hushmail's FAQ
>explicitly makes this claim.
>
> 49. Does HushMail have access to my private keys?
>
> Hush never actually possesses the private keys of any of its
> users. Private keys are created on the local machines of Hush
> users when they create their accounts, and are symmetrically
> encrypted, one key for both encryption and decryption with
> individual Hush user passphrases. Then, the encrypted private
> keys are sent to the Hush server and are stored there. Further,
> a secure one-way hash of each individual user's passphrase is
> generated on the user's local machine. The one-way hash is,
> then, stored on the Hush server. This one-way hash can only be
> derived from an individual passphrase, but the passphrase
> cannot be recovered from the one-way hash.
>
> When a Hush user logs on to www.hushmail.com and enters their
> passphrase, the passphrase is hashed in the same way, and the
> one-way hash is sent to the Hush server for authentication.
> Passphrases are never sent to the Hush server, so Hush never
> has access to them, nor can Hush retrieve them. For example,
> after an individual passphrase has been authenticated, the
> Hush server sends the user's browser (Netscape ™/Internet
> Explorer ™) the encrypted private key. The private key is
> then, decrypted, locally, using the Hush user's passphrase.
> At that point, the user can read their messages.
>
>
> 57. Does Hush track IP addresses of visitors or address holders?
>
> No.
>
> 58. Do you keep logs of IP addresses of people logging in?
>
> No.
>
> * * *
>
>As can be seen from a later revision of the FAQ in February 2002, Hushmail's
>stance on what they could/would provide if presented with a subpoena is even
>more explicit.
>
>Also notice the change to their IP logging policy -- from a strict "no logs"
>policy to a policy of, "We keep logs, but not so as to affect your anonymity."
>Another blatant lie, as the Stumbo case amply demonstrates.
>
>- From Hushmail's main FAQ February 2002:
>
> 37. Does HushMail have a "back door" that can be accessed by government
> agencies?
>
> No. Email, which includes attachments, sent between Hush users is
> completely encrypted.
>
> 38. What if my message is subpoenaed?
>
> Hush, like any company or individual, is legally bound to respond
> to court-issued subpoenas. However, because not even Hush can access
> the encryption keys of individual users, in the case of a subpoena
> Hush would only be able to provide the encrypted (coded) version of
> the transmitted email.
>
>Unlike the earlier FAQ entry on subpoenas, this is unambiguous; they're not
>skirting the issue, but rather confronting it directly. Hushmail, essentially,
>was pledging here not to rat-out their customers to the authorities.
>
>This, and the IP logging policy reproduced below, was likely what Tyler
>Stumbo and many others relied-upon when they decided to choose Hushmail for
>their privacy needs.
>
>Hushmail's failure here was to store the users' private half of the PGP key-
>pair; if they didn't store the private half, then they would have HAD no way
>to decrypt the users' messages. This is the way nymservers currently operate;
>they only have the public half of the users' PGP keypair, so they CANNOT be
>forced to decrypt a users' messages.
>
>- From Hushmail's Technical FAQ February 2002:
>
>
> 18. Does Hush track IP addresses of visitors or address holders?
>
> Hushmail.com does log IP addresses to analyze market trends and
> gather broad demographic information for aggregate use. However,
> HushMail.com will never log your IP address in such a way that it
> can be associated with your HushMail email address or identity.
> The procedure does NOT affect the anonymity of the user at any
> stage.
>
> 19. Do you keep logs of IP addresses of people logging in?
>
> Hushmail.com does log IP addresses to analyze market trends and
> gather broad demographic information for aggregate use. However,
> HushMail.com will never log your IP address in such a way that
> it can be associated with your HushMail email address or identity.
> The procedure does NOT affect the anonymity of the user at any
> stage.
>
> Hushmail FAQ 2002-02-03 as saved by the Internet Archive (Wayback Machine).
>
>Source: http://web.archive.org/web/20010215032439/http://www.hushmail.com/about_hushmail/faq/#gq34
>
> * * *
>
>If Hushmail had lived up to their promises as outlined in their FAQs, Stumbo,
>his suppliers, and his associates would have had nothing to worry about --
>but that's not what happened -- not by a long-shot.
>
>Stumbo and his associates failed to anticipate four things:
>
>1) The existence of a Mutual Law-Enforcement Assistance Treaty (MLAT)
> between the U.S. and Canada (among other countries).
>
>Under the provisions of MLAT, the U.S. government (or one of its various
>agencies, like the DEA) can request that the Canadian government order the
>courts to issue a search warrant valid in Canada to provide any information
>the U.S. government or one of its agencies is seeking. That is how they got
>around the jurisdictional issues.
>
>2) Because Stumbo and his associates all used Hushmail, this provided the
> authorities with "one stop shopping" as it were -- it made their jobs so
> much easier than it would have otherwise been if they had been forced to
> go after email service providers in any number of foreign jurisdictions.
>
>3) Because their email was encrypted, and they believed it was impervious to
> police scrutiny, they were rather more candid, and far less circumspect
> than they perhaps might otherwise have been, if they thought their emails
> were subject to scrutiny by the authorities.
>
>4) The final (not to mention fatal) flaw lies in the design of the Hushmail
> service itself. This fatal flaw in Hushmail's design was in violating one
> of the cardinal design principles of public key cryptography -- namely
> the separation of public and private halves of the key pairs.
>
>To understand what I mean, you have to know a little about the history of
>cryptography, and /why/ public-key cryptography was developed. The age-old
>problem plaguing cryptography since before the days of Julius Caesar was
>that of key distribution. You can think of a key as a type of password, i.e.
>a means to encrypt (and later decrypt) a message. So, in other words, the
>same password (or key) is used to encrypt the message on the sender's end,
>and decrypt the message on the receiver's end.
>
>Sending an encrypted message is easy; the problem is, how do you get the key
>to decrypt the message to the intended recipient of the message? Therein
>lies the rub. If you send the key along with the message, anyone who
>intercepts the message also gets possession of the key to decrypt it, thus
>defeating the point of using encryption in the first place.
>
>Because of this problem, until about 20 years ago, cryptography largely
>remained the province of governments. Keys were distributed by diplomatic
>couriers -- like the ones you see in movies with briefcases chained to their
>wrists.
>
>Around 1970, Ellis and Cocks who worked for the ultra-secret GCHQ (the U.K.
>analog to the American NSA) developed what they characterised as 'non-
>secret' encryption, which later was independently re-discovered by Martin
>Hellmann, and Whitfield Diffie.
>
>Public key cryptography solved the key-distribution problem by breaking a
>encryption key into two independent, but related, halves: a public half, and
>a private half. The public half, as the name implies, could be distributed
>publicly, while the private half had to remain a closely guarded secret.
>
>The public key is used to encrypt messages, while the private half is used
>to decrypt them.
>
>Where Hushmail screwed the pooch was in retaining BOTH halves of the PGP
>keypair, for their users. Now mind, the secret key is protected by a pass-
>phrase, and Hushmail did warn users to choose a secure passphrase. In fact,
>they recommended Diceware, which is an excellent method to generate secure
>passphrases. (See: http://www.diceware.com/ for details.)
>
>The problem is, having possession of the secret key means that all that is
>required for your security to evaporate is for Hushmail to capture the pass-
>phrase. Apparently they accomplished this by modifying their much-vaunted
>Java applet -- regular customers got the non-modified applet, while those
>named on a warrant got an applet modified so as to capture the passphrase.
>(I'm sure that those of you who are Hushmail users are familiar with the
>fact that a fresh copy of the Hushmail Java applet is downloaded to your
>computer each time you login.)
>
>For those not using the Hushmail Java applet, the secret key was decrypted
>on a Hushmail server, making the decrypted private key available for capture.
>
>With the secret key and your passphrase, decryption of your stored email is
>trivial. That, in a nutshell, is how Tyler Stumbo, his Chinese suppliers and
>his associates were all undone.
>
>It's a bit like locking up your valuables in an apparently solid looking
>safe, only later to find out that the safe was actually made of papier-mâché,
>and was sliced-open with a box-cutter.
>
>Hushmail users are essentially trading convenience for security, as Stumbo
>and his associates found out much to their chagrin. If Stumbo had used
>another email provider, used PGP/GPG, and took steps to conceal his IP
>address, he might possibly not be serving time today for trafficking in
>steroids.
>
>As I alluded to at the beginning of this message, legal changes will be
>coming down the pipe in Canada that will make it easier for law-enforcement
>to get information without having to get a warrant from the courts. This was
>expected to be tabled in Parliament as part of the government's massive anti-
>crime omnibus bill. Thankfully, when the omnibus bill was tabled September
>20th, lawful access was nowhere to be seen -- but that doesn't mean that it's
>off the table, entirely. Police have been lobbying hard for this type of
>power for more than 10 years now, and I don't expect the pressure from them
>to let-up anytime soon.
>
>As Hushmail is headquartered in Canada, it will be subject to such
>legislation if and when it is passed. Even for non-Canadian users of Hushmail,
>this will prove to be ominous, as proposed changes to MLAT may allow even
>foreign police forces to get the same information as Canadian police all
>without requiring a warrant, or even evidence that a crime has been committed.
>
>
>> Sincerely,
>> V
>> God Save the Queen.
>> God Bless the Prince of Wales.
>> God Preserve the Windsors.
>> Rule Britannia!
>
>Baal <Baal@Usenet.org>
>PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x1E92C0E8
>PGP Key Fingerprint: 40E4 E9BB D084 22D5 3DE9 66B8 08E3 638C 1E92 C0E8
>Retired Lecturer, Encryption and Data Security, Pedo U, Usenet Campus
Dear Baal,
If my correspondent was indeed you, then you've misrepresented
yourself by signing your name "C", a detail I had unfortunately
overlooked earlier. Once again, you provide a wealth of information
regarding the issue at hand ... and I appreciate your efforts on my
behalf.
Most Sincerely Yours,
V
God Save the Queen.
God Bless the Prince of Wales.
God Preserve the Windsors.
Rule Britannia!
|
| Follow-ups: | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 |
|
|