Full Disclosure mailing list archives
Re: Re: hushmail.com, is this true?
From: Pseudo Nym <temp739 () yahoo com>
Date: Wed, 26 Jan 2005 09:37:47 -0800 (PST)
I had forgotten about the Sarbanes Oxley Act, however there are two things I think invalidate it under these circumstances. S.O. was made to prevent Enron-type fraud in companies. I'm pretty sure it says that corporations have to keep *business* to *business* and *inter-office* messages intact for a certain period of years so that if they were ever investigated by the SEC, they will be required to cough up that information as opposed to shredding it on the spot. I think it would end up being unconstitutional if S.O. said every business in the US was required to keep tabs on its own customers... Now also, a quick whois on hushmail.com shows it is located in Canada. That's self-explanatory. As for hushmail getting pwned and not knowing who did it: they're claiming not to be able to associate IP addresses to email addy's, they're not claiming not to keep logs at all. Not logging their own legitimate email customers wouldn't prevent them from doing forensics to track down someone who cracked into the site. Someone also posted about mixmaster. I know about mixmaster. I'm looking for something to reccommend to a non-technical friend as a means of two-way communication. This discussion is getting long enough that people aren't bothering to read where the conversation started when creating new posts. I saw someone just posted a Q&A from the FAQ at hushmail and thought he solved everything. Read the entire thread before posting. The tally is now up to 1 person who knows hushmail staff and 1 person who used to *be* hushmail staff and both are supporting hushmails claims. Anyone else? --- "J. Oquendo" <sil () infiltrated net> wrote:
They can't force you to produce information youcan prove you don't have... Actually, I believe the Sarbanes Oxley Act requires companies keep records for a period of time. Not sure the entire specifics of this but I'm sure if you wanted to quote me on this you could (http://tinyurl.com/542n3) Outside of this argument (records), I'm willing to be for security purposes though, Hushmail is keeping tabs on who is doing what. That would be logical provided that they are security based and I would hope would keep tabs on connections should someone infiltrate their network. "Gee we were pwned but we don't know by whom because we don't keep records or tabs on ANYONE!" Sound kosher? I doubt they're not keeping tabs on someone. Aside from this, just because they are keeping tabs on someone's account information (regarding the IP connections they are coming from), it becomes a different story when an account is being accessed by proxies all over the world. Hell with all the botnet machines around, a lawyer defending someone on trial could throw this into the mix due to the fact that it would be difficult to pinpoint so and so due to the fact that so many connections have been made from differing locations. Of course the lawyer would have to have enough of a clue to do so, but even then with so much crapaganda from the US government, hell any government for that matter, and due to the fact governments have deeper pockets than anyone, a defendant would get pounded with other crappy technicalities. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D
sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: hushmail.com, is this true? (Libraries, The Patriot Act, Forcoing Issues Etc.) (RAL for some), (continued)
- Re: hushmail.com, is this true? (Libraries, The Patriot Act, Forcoing Issues Etc.) (RAL for some) Steve Kudlak (Jan 26)
- Re: hushmail.com, is this true? (Libraries, The Patriot Act, Forcoing Issues Etc.) (RAL for some) Valdis . Kletnieks (Jan 26)
- Re: hushmail.com, is this true? james edwards (Jan 25)
- Re: hushmail.com, is this true? Ron (Jan 25)
- Re: hushmail.com, is this true? james edwards (Jan 25)
- Email Privacy (was hushmail.com, is this true?) J.A. Terranson (Jan 25)
- Re: Email Privacy (was hushmail.com, is this true?) Etaoin Shrdlu (Jan 25)
- Re: Re: hushmail.com, is this true? Pseudo Nym (Jan 26)