Secure online comms not checked by GCHQ

[NorthernRaider]

http://www.techweekeurope.co.uk/comment/...kype-71410

[mikebratcher69]

I have a secure encrypted email via hushmail.com

[Paul]

Some talk about securing your email via Secure Sockets Layer (SSL) [apparently hacked in 2011 see google], and software encryption but the bottom line is you are 'squirting' your message along a phone line, via telephone exchanges, and through any number of servers or satellites.
VIOP via skype is meant to be secure but it's real time so all you need to do is parallel jack across a phone line to a laptop and you see and hear everything. Same can happen if you are using any online encryption service. Catch your transmission between you and the encryptor and they own you.

Besides encryption just draws attention to you and most encryption software has been cracked or has a back door built in by the designer.
Consider the panic about PGP. The US government went ballistic when it first came out banning it from sale outside of the USA. Suddenly they went quiet about it. Why? Because they found a way to break the code.
Hush mail was apparently hacked for the feds back in 2007. Google it and see for yourself.

Ultimately if you want to encrypt messages it's better to use old spy methods like book cipher than rely on software systems.

[Stokey]

(12 April 2012, 21:52)Paul Wrote: Ultimately if you want to encrypt messages it's better to use old spy methods like book cipher than rely on software systems.

Totally agree with Paul here, For many years i worked in IT Security, and I was actually the account manager that introduced PGP to the UK Market place, And i can tell you on good authority ALL Commercial Encryption software has backdoors that intelligence agencies have the keys to access.

Generally the only Encryption software that hasnt released the keys to govt agencies are the open licence or GNU software, But then again would you trust encryption to any product thatwas open source anyway?

Hushmail isnt a secure PKI ( Public Key Infrastucture ) anyway because the encryption and certs are held on different servers, and anyone worth his/her salt within security would simply camp on your IP and packet sniff anyway.

To be secure, you would need to go back to basics and create your own cipher, But the truth be told, If you had information that confidential, why would you entrust it to an open infrastructure that has as much security as a toffee fireguard.

[cryingfreeman]

Chaps, there is no such thing as anything secure online. Read the BEST article on the web on this subject and be stunned: http://cryptogon.com/?p=624

[Stokey]

(12 April 2012, 22:12)cryingfreeman Wrote: Chaps, there is no such thing as anything secure online. Read the BEST article on the web on this subject and be stunned: http://cryptogon.com/?p=624

Excellent article

[Paul]

(12 April 2012, 22:12)cryingfreeman Wrote: Chaps, there is no such thing as anything secure online. Read the BEST article on the web on this subject and be stunned: http://cryptogon.com/?p=624

Nice find.
Much more depth than my humble offering and I happily rest my case on the back of that article.
Good job there are still printed books out there.
Just don't download them onto your kindle first as the eye in the sky will know what book you're using.
Obvious when you think about it.

[Scythe13]

I've not got anything to hide, so I'm not bothered. But it's when food gets confiscated and the alike, that's when I'm bothered.

The thing that annoys me the most is the principle!