lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: temp739 at yahoo.com (Pseudo Nym)
Subject: Re: hushmail.com, is this true?

I had forgotten about the Sarbanes Oxley Act, however
there are two things I think invalidate it under these
circumstances.

S.O. was made to prevent Enron-type fraud in
companies.  I'm pretty sure it says that corporations
have to keep *business* to *business* and
*inter-office* messages intact for a certain period of
years so that if they were ever investigated by the
SEC, they will be required to cough up that
information as opposed to shredding it on the spot.  I
think it would end up being unconstitutional if S.O.
said every business in the US was required to keep
tabs on its own customers...

Now also, a quick whois on hushmail.com shows it is
located in Canada.  That's self-explanatory.

As for hushmail getting pwned and not knowing who did
it: they're claiming not to be able to associate IP
addresses to email addy's, they're not claiming not to
keep logs at all.  Not logging their own legitimate
email customers wouldn't prevent them from doing
forensics to track down someone who cracked into the
site.

Someone also posted about mixmaster.  I know about
mixmaster.  I'm looking for something to reccommend to
a non-technical friend as a means of two-way
communication.

This discussion is getting long enough that people
aren't bothering to read where the conversation
started when creating new posts.  I saw someone just
posted a Q&A from the FAQ at hushmail and thought he
solved everything.  Read the entire thread before
posting.

The tally is now up to 1 person who knows hushmail
staff and 1 person who used to *be* hushmail staff and
both are supporting hushmails claims.  Anyone else?


--- "J. Oquendo" <sil@...iltrated.net> wrote:

> 
> > They can't force you to produce information you
> can prove you don't have...
> 
> Actually, I believe the Sarbanes Oxley Act requires
> companies keep records
> for a period of time. Not sure the entire specifics
> of this but I'm sure
> if you wanted to quote me on this you could
> (http://tinyurl.com/542n3)
> 
> Outside of this argument (records), I'm willing to
> be for security
> purposes though, Hushmail is keeping tabs on who is
> doing what. That would
> be logical provided that they are security based and
> I would hope would
> keep tabs on connections should someone infiltrate
> their network.
> 
> "Gee we were pwned but we don't know by whom because
> we don't keep records
> or tabs on ANYONE!"
> 
> Sound kosher? I doubt they're not keeping tabs on
> someone. Aside from
> this, just because they are keeping tabs on
> someone's account information
> (regarding the IP connections they are coming from),
> it becomes a
> different story when an account is being accessed by
> proxies all over the
> world. Hell with all the botnet machines around, a
> lawyer defending
> someone on trial could throw this into the mix due
> to the fact that it
> would be difficult to pinpoint so and so due to the
> fact that so many
> connections have been made from differing locations.
> 
> Of course the lawyer would have to have enough of a
> clue to do so, but
> even then with so much crapaganda from the US
> government, hell any
> government for that matter, and due to the fact
> governments have deeper
> pockets than anyone, a defendant would get pounded
> with other crappy
> technicalities.
> 
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> J. Oquendo
> GPG Key ID 0x51F9D78D
> Fingerprint 2A48 BA18 1851 4C99
> 
> CA22 0619 DB63 F2F7 51F9 D78D
>
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
> 
> sil @ politrix . org    http://www.politrix.org
> sil @ infiltrated . net http://www.infiltrated.net
> 
> "How a man plays the game shows something of his
> character - how he loses shows all" - Mr. Luckey
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ