lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dbounds at intrusense.com (Darren Bounds)
Subject: hushmail.com, is this true?

I think he's more concerned about whether or not Hush logs information 
that would allow an IP address to be directly tied to an email 
account/address.

As a former Hush developer I'll say that unless things have changed, 
the answer is 'no'. The only way I can think of that would have allowed 
any sort of match is to compare the last access times on the mailbox 
folders with the Apache logs.  Hardly admissible in court.


Darren Bounds
Intrusense, LLC.



On Jan 25, 2005, at 10:46 AM, Atte Peltomaki wrote:

>> I was asking for anyone with evidence or experience
>> dealing with hushmail.  You seem to have neither.
>>
>> Can anyone verify hushmail's claims or provide some
>> recounting of events that would seem to bolster their
>> claims?
>>
>> --- Andrew Smith <stfunub@...il.com> wrote:
>>
>>> To me this suggests that, unlike most web based
>>> e-mail providers such
>>> as hotmail, hushmail does not send the user's I.P
>>> address in the
>>> headers of the e-mail address, but hushmail still
>>> logs IP addresses.
>
> What seems to be the problem to cause this great distress? It has been
> concluded that hushmail.com does not include sender's IP address in the
> mail headers. Register an account and send a mail to yourself to find
> out, or are you asking us to do it for you?
>
> -- 
>  ____________
>  \   ______//     Atte Peltom?ki - Atte.Peltomaki@...ecure.com
>   \  \\____           	 IT Engineer - IT Server Team
>    \   __//    F-Secure Corp. PL 24, FIN-00181 Helsinki, Finland
>     \  \\     Tel: +358 9 2520 0700,     direct: +358 9 2520 5423
>      \ //                   http://www.F-Secure.com
>       \/         Integrated Solutions for Enterprise Security
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ