What The Most Secure Email In The Universe Would Look Like

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
What the most secure e-mail in the universe would look like? Hint: It's not AOL.

Say you wanted to send an email more secure than any message that had ever been transmitted in human history, a message with absolutely no chance of being intercepted. How would you do it? You may have encrypted your message according to the highest standards, but encryption doesn’t guarantee secrecy.
Click to expand...
 
Pfft! They obviously don't understand how to make a system secure. I've developed this amazing diagram that can act as part of a deployment plan to help people secure their e-mail.

2wp111g.gif
 
Outside of Uncle Google's wonderful diagram, I figure the most secure e-mail server is one you run yourself with SSL throughout. I'm considering of running my own instant messaging server via OpenFire and e-mail server via hMailServer in the very near future. Not out of paranoia or fear the NSA is watching me, but just to have more control over what gets sent to me especially limit the amount of spam sent to me.
 
octoberasian said:
Outside of Uncle Google's wonderful diagram, I figure the most secure e-mail server is one you run yourself with SSL throughout. I'm considering of running my own instant messaging server via OpenFire and e-mail server via hMailServer in the very near future. Not out of paranoia or fear the NSA is watching me, but just to have more control over what gets sent to me especially limit the amount of spam sent to me.
Click to expand...

I've found that the best way to control spam is with two mailboxes. One you give to websites (ie: logins, stores, etc.) and one you give to humans.

It's worked wonders on my spam life.
 
CreepyUncleGoogle said:
Pfft! They obviously don't understand how to make a system secure. I've developed this amazing diagram that can act as part of a deployment plan to help people secure their e-mail.
Click to expand...

The NSA can still...

-install a grain-of-rice-size device in any of the cables going to either of the PCs which leaks information when remotely illuminated with radar usually without your knowledge. i suppose this could be mitigated sometimes, but...

-intercept your equipment before/as you purchased it; install a small on-board component that appears as though it is OEM under all but the closest inspections [ if they dont already have an attack on the real OEM firmware...]; the device roots your system and provides remote access or data exfiltration via GSM , IP, or any available wifi [which, thanks to ISPs, there is usually *some* unprotected wifi signals available everywhere throughout most larger towns in the US]. Or, they just figure out your physical location, and point a big antenna at it from somewhere else.

-without your knowledge, install some monitoring equipment on your buildings exterior power hookup and possibly, greatly depending on environmental factors, they could possibly determine which keyboard keys you press.

it is thought that the NSA does this; it is unknown under what conditions, and what information they are able to recover. but the technique has been demonstrated academically, and it was possible to recover key strokes, so... just cutting your internet cable isnt even enough anymore if someone was actively trying to find that secure email you were writing.

but then, if no one was looking, you could just sign into yahoo mail and send it cleartext... oh the good ole days.
 
Johns Hopkins University cryptology expert Matthew Green told Defense One, referring to the recent revelations that the NSA had given security industry provider RSA multiple encryption tools. “All of this discussion about quantum crypto is moot if someone puts a back door into the hardware responsible for performing the encryption.”
Click to expand...
One of the most important parts of the article
 
By Ghost6303;
-install a grain-of-rice-size device in any of the cables going to either of the PCs which leaks information when remotely illuminated with radar usually without your knowledge.
Click to expand...

Really Ghost, where do you come up with this?
Whatever, I'll play, you knew I would anyway.

I suppose if your not a US Citizen and if you are an intelligence target, then yes, the NSA could use several methods to intercept, capture, and or manipulate data on your system or physically compromise the integrity of your security mechanisms.

In other words, they could do their job and spy on you.
 
Then again, if you are a US Citizen and you are under investigation the FBI can get a warrant and just come take your shit. Or the FBI can decide to ask the NSA to spy on you, for the FBI, and the NSA can get the warrant.
 
By Ghost6303;
-install a grain-of-rice-size device in any of the cables going to either of the PCs which leaks information when remotely illuminated with radar usually without your knowledge.
Click to expand...

Ghost6303, you were making this shit up right? Humor?
 
pen & paper

try to take it off my person without a warrant, see what happens

joking

or not

maybe
 
Aardvark, how does the saying go?

"If more then one person knows a secret then it's not a secret anymore."
 
lcpiper said:
Aardvark, how does the saying go?

"If more then one person knows a secret then it's not a secret anymore."
Click to expand...

I buried waterproof paper in Alaska. You'll never find it.

The key is in Aruba.

Joking.

Or not.

Maybe.
 
ghost6303 said:
The NSA can still...

-install a grain-of-rice-size device in any of the cables going to either of the PCs which leaks information when remotely illuminated with radar usually without your knowledge. i suppose this could be mitigated sometimes, but...

-intercept your equipment before/as you purchased it; install a small on-board component that appears as though it is OEM under all but the closest inspections [ if they dont already have an attack on the real OEM firmware...]; the device roots your system and provides remote access or data exfiltration via GSM , IP, or any available wifi [which, thanks to ISPs, there is usually *some* unprotected wifi signals available everywhere throughout most larger towns in the US]. Or, they just figure out your physical location, and point a big antenna at it from somewhere else.

-without your knowledge, install some monitoring equipment on your buildings exterior power hookup and possibly, greatly depending on environmental factors, they could possibly determine which keyboard keys you press.

it is thought that the NSA does this; it is unknown under what conditions, and what information they are able to recover. but the technique has been demonstrated academically, and it was possible to recover key strokes, so... just cutting your internet cable isnt even enough anymore if someone was actively trying to find that secure email you were writing.

but then, if no one was looking, you could just sign into yahoo mail and send it cleartext... oh the good ole days.
Click to expand...

In the post you quoted, there was a very cleverly hidden joke. I think it slipped past your notice when you read it. :p
 
MyKolab is based in Switzerland with strict privacy laws. US email providers have shutdown their services, because government agencies pressured them to disclose info. I'm sure there's a backdoor in iOS or Android phones, too.
fixedmy7970 said:
...and make sure to remove and microphones and speakers from the computers...
Click to expand...

and laptop webcams
 
Spidey329 said:
I've found that the best way to control spam is with two mailboxes. One you give to websites (ie: logins, stores, etc.) and one you give to humans.

It's worked wonders on my spam life.
Click to expand...

Hasn't worked for me so far, and that's keeping 6 different e-mail addresses for ten years now: Primary for important stuff (bills, etc.), secondary for family, a third for social media, a fourth for online gaming, a fifth for e-Bay and Paypal, and a sixth for junk mail. No matter what, junk mail and spam still finds some goddamn way to get through to the other five. For example, for my mom's e-mail that she only uses for bills, two years after setting it up and she gets spam mail from websites I've never heard of especially contest websites. The only websites that have her e-mail address are sites like Southern California Edison, AT&T, SoCal Gas Company, T-Mobile, and her banks. So, how did spam get sent to that?

Someone somewhere is getting a list of e-mail addresses from websites and selling them, even if their privacy policies say they won't do it.

Worst still is that certain websites, even legitimate sites such as gaming sites used by MMOs (ESO for example) will not accept e-mails or send password reset e-mails to websites that aren't from Gmail, Outlook/Hotmail, or Yahoo, or other big name e-mail servers. I have my own domain name that has e-mail addresses attached to them but even then they don't consider it a valid server in their eyes. Hopefully, once I host my own server, it shouldn't be the case and I can be a bit more robust in the spam e-mail filtering than what G-mail or Outlook/Hotmail can offer.
 
I think I get more spam for my personal email than my other email address with hundreds of sign ups on sites. Why? Because family members set me up with spam. I got a "win a free iPad" email from my aunt. WTF? Then, my dad sends me a "win a free laptop" with the model number of a phone, WTF? You know those stupid emails you get from family or grandma where it includes some stupid joke? Well, they end up sending that stuff to like 30 email addresses. I know that crap signs you up for spam.
 
i use everyone.net email service and now and then i get a few spam and then poof, never see them again!
 
You must log in or register to reply here.
Back
Top