Main Menu

Hushmail: a personal security ramble

I noticed that Orly Taitz published an article this morning asking her readers to gather some information for her, and to send it by email. The email address is one that I hadn’t noticed for her before, at hushmail.com.

I first looked at Hushmail perhaps 10 years ago and even signed up for a trial. What was interesting about the service is that they provided end-to-end encryption of emails. Back then they provided more technical information on how the system worked than is readily apparent today, but it was pretty cool as I recall. Today, the system seems to be geared towards commercial customers–they will even sign HIPAA business associate agreements with health care providers.

Email privacy is a hot topic nowadays in the wake of revelations of the US Government reading everybody’s communications, even some encrypted ones. Even though encryption can be broken in time with brute force, that’s not economical in the general case. Effective snooping requires cheating, and how that’s accomplished is the subject of a fascinating article “How to Design — And Defend Against — The Perfect Security Backdoor” by Bruce Schneier published at Wired Magazine, and on his blog.

Using the insights from Schneier’s article, I find Hushmail a poor option because their system is secure only insofar as you can trust Hushmail. A proprietary system has fewer eyes on how it works, and a powerful government agency can sneak, threaten or bribe its way in.

On the heels of the shocking news that our emails are vulnerable, we learn that some of our personal hardware may be vulnerable too. Some models of the D-Link wireless routers have an intentional back door that allows an unauthenticated user to changes its settings (article at InfoWorld) and route your traffic somewhere to be read by others.

I’m not much worried about my emails being read. The NSA is about the only bunch that might read them, and I don’t put anything in emails they would care about, or don’t already know. In fact, I don’t know anything they would care about, or don’t already know.  If the NSA wants RC’s identity, then I’m sure there are easier ways to get it than by sniffing my email.

What worries me far more is the security my mobile devices. I have an iPhone secured by a puny 4-digit PIN. Lots of mobile phone users don’t even bother to lock their phones. My phone has all of my contacts and emails. It also has all of my passwords and credit card information, but that’s separately encrypted. One of the things I like about Windows RT 8.1 is that all information on the device is encrypted by default.

I’m beginning to store more and more sensitive information (health insurance cards, medical history, credit card numbers, passwords, passport images and such) in the cloud. Indeed, I have so many cloud thingies, it’s hard to keep up with them all. Such information can be encrypted before storing in the cloud, provided the encryption technology is trusted which takes us back to Schneier’s article.

Further reading:

, , , , , , ,

11 Responses to Hushmail: a personal security ramble

  1. avatar
    Dr. Conspiracy October 24, 2013 at 2:46 pm #

    By the way, I recommend Rachel Maddow’s latest piece on John McAfee, the developer of the first commercial anti-virus program. You won’t get why I made the suggestion, and how it ties in a little bit to Obama controversy until the very end.

  2. avatar
    misha marinsky October 24, 2013 at 5:39 pm #

    Ethay oastcay isway earclay orfay ourway anplay.

  3. avatar
    Dr. Conspiracy October 24, 2013 at 8:13 pm #

    While I was writing the article, I read up on my own security options. All of my PCs (including the Surface RT) support Microsoft BitLocker encryption and I have created a BitLocker encrypted thumb drive to carry around with the secret stuff on it. (TrueCrypt won’t run on the Surface RT.)

    I’ve been using Microsoft SkyDrive for cloud storage. I found out that any computer running SkyDrive exposes its local hard drives to the SkyDrive service, and that you can access them from the SkyDrive web site. That’s a little scary, and very convenient. Recall that Microsoft is one of those companies that cooperated with the NSA to make Hotmail, Outlook and SkyDrive content available with out warrants.

  4. avatar
    The European October 25, 2013 at 11:49 am #

    I think Poe’s version “Hidden in plain sight” is still the best.

    Try this

    http://sourceforge.net/projects/steganonet/

    (there are different utilities available on the net. Some use pngs and are able to hide any other document, even other pictures. Impressive.)

  5. avatar
    Sef October 25, 2013 at 11:57 am #

    For those unaware of it might I suggest that you peruse the excellent IT security podcasts on http://twit.tv/show/security-now .(I hope no one considers this a potted meat product.) The other shows on twit.tv are also excellent.

    If you have a Samsung SmartTV there is “an app for that”. Also one for Android.

  6. avatar
    Kiwiwriter October 25, 2013 at 2:34 pm #

    The thing is…the NSA and the CIA DON’T have to listen to everybody’s phone calls, etc.

    All they need is that their opponents and the tinfoil hat-wearers BELIEVE that the NSA and CIA can do so. That fear alone makes them afraid of doing some of the more scary things that they mumble about.

    You notice that they constantly whine for SOMEONE ELSE to go out and shoot Obama, Hillary, Biden, Holder, Kim Kardashian, whoever. In their deep paranoia, fear, insecurity, and inability to be responsible for any of their own deeds, misdeeds, or failings, they know that if they actually cross the line and cause chaos…they’ll get a visit from the Secret Service, followed by an investigation, followed by a trial, followed by a term in a federal prison with a bunch of thugs named “Bubba” who will re-name the Birther “Mary.”

    For all their tough rhetoric and prattle about martyrdom, they’re not really capable of being martyrs…so the government can use their paranoia against them. If they believe their phone calls are being monitored, they won’t use the phone to actively plan sedition…and they won’t be too effective planning sedition with carrier pigeons.

    It’s a bit like Tom Clancy once wrote…to establish a blockade of an enemy country, you need to do two things: deploy a submarine…and issue a press release. The latter is more important than the former. If people think the coast is blockaded, they will not challenge it.

  7. avatar
    justlw October 25, 2013 at 8:43 pm #

    You can now go beyond the “puny 4-digit PIN” on the iPhone. When I upgraded to iOS 7, it gave me the option to go to a full-on alphanumeric password.

    I decided to do that, but I also traded off some security at the same time by choosing to extend the idle time before password locking kicks in.

  8. avatar
    The Magic M October 26, 2013 at 4:09 am #

    justlw: You can now go beyond the “puny 4-digit PIN” on the iPhone. When I upgraded to iOS 7, it gave me the option to go to a full-on alphanumeric password.

    My WiFi router came with a 4-digit password and unfortunately the software makes it appear as though you could only enter another 4-digit password. I was able to enter a long alphanumeric password without a problem, but I don’t know how many non-tech savvy people get this wrong and leave their system in a weakly protected state.

    Dr. Conspiracy: All of my PCs (including the Surface RT) support Microsoft BitLocker encryption

    Why would I trust Microsoft with not having a backdoor?

    The European: Try this

    http://sourceforge.net/projects/steganonet/

    Steganography is nice, but I think that’s mostly needed in cases/countries where the issue is to hide that you have anything encrypted at all because you might get jailed until you give out the password.
    I’m not that paranoid about my government (yet).

    Dr. Conspiracy: (TrueCrypt won’t run on the Surface RT.)

    I used DriveCrypt Plus Pack on my old PC including the external drives until I accidentally wrecked one of them.
    I think by now they also offer a version that allows you to run a “stealth” installation of Windows that is overwritten by an innocuous one when you enter the proper password. The intention is that when someone forces you to enter your password, you enter the other one and the system then boots up an instance that has nothing incriminating on it (while overwriting the actual one in the background).
    So “password = abcd => boot the Windows you work with, password = xyz => boot the ‘innocent’ version and kill the working version”.
    I’m not sure if this is detectable so far.

  9. avatar
    ZixiOfIx October 28, 2013 at 4:31 am #

    I don’t have anything worth looking at, but it is a matter of principal. I have a computer full of vintage sewing and embroidery patterns; plans and lessons for school; and old recipes. They’re mine, though, not anyone else’s, so I encrypt them and run Linux.

    My concern with any PC product is that there could easily be back doors and other serious security vulnerabilities which I don’t, and in fact can’t know about. The best programmer in the world, if he/she is unable to see the source code, can make no promises about how secure the data is.

    Eric Raymond, in his book, The Cathedral and the Bazaar, about Linux and open source, coined the term, “Linus’ Law”, after Linus Torvalds, the main force behind the development of the Linux operating system.

    Linus’ Law is “given enough eyeballs, all bugs are shallow”. It expands to read, “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone”.

    In other words, when everyone can see the code, back doors and other serious vulnerabilities are much less likely, because someone, somewhere, will see the issue and speak up. In the Linux world, there is a certain pride in being able to claim that you’ve found a bug or other issue.

    There was an attempt to install a back door in the Linux OS in 2003, and it was caught using just this method – someone reading the code saw it and reported it.

    From Slashdot: The Linux Backdoor Attempt of 2003^

    Because no one can see the totality of the source code for Windows, I do not consider it safe.

    Similarly, because I can’t see how Hushmail is run, I don’t assume it is safe -or at least any more safe than any other mail program or provider.

  10. avatar
    Dr. Conspiracy October 28, 2013 at 8:23 am #

    Schneier’s point in the article that I linked is that open source is not insurance against the insertion of malicious code because the code change can be subtle. I see it as the risk between the NSA reading my stuff or some Romanian hacker.

    ZixiOfIx: Linus’ Law is “given enough eyeballs, all bugs are shallow”. It expands to read, “Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix will be obvious to someone”.

  11. avatar
    The Magic M October 28, 2013 at 9:24 am #

    Dr. Conspiracy: I see it as the risk between the NSA reading my stuff or some Romanian hacker.

    Besides, I would assume the NSA has better things to do than expose their backdoors for a one-time snooping attack on my system (just think how many backdoors were exposed and therefore “scorched Earth” after Stuxnet had run, you can do most of this stuff just a single time).

    ZixiOfIx: Because no one can see the totality of the source code for Windows, I do not consider it safe.

    Just remember how many vulnerabilities were discovered when (parts of) the Windows 2000 source were leaked.

    ZixiOfIx: In other words, when everyone can see the code, back doors and other serious vulnerabilities are much less likely, because someone, somewhere, will see the issue and speak up.

    Which of course is, by Linus’ Law, proportional to the number of users/developers. Tools with popularity some orders of magnitude smaller than Linux may still be vulnerable (or poorly executed; just the other day I patched our installation of a third party tool where SQL injections in one subroutine were not prevented by binding – as in all other subroutines – but by casting all variables to integer, causing a problem because some values were too large for the integer size on that system).