Results 1 to 4 of 4

Thread: monitoring a 'drop box'

  1. #1
    Junior Member
    Join Date
    Jan 2009
    Location
    US Northeast
    Posts
    2

    monitoring a 'drop box'

    what is the general consensus here of this technique for privacy (not anonymity) when there can be a delay in your message being read?

    "Uninterceptable electronic messages"
    http://thesleeperagent.blogspot.com/...-for-2009.html

    http://jimthompson.org/wp/2006/04/29...ual-dead-drop/
    Webmail account if you had full SSL session encryption not just SSL-secured login and you can attach files too.

    It still would circumvent the SMTP and email header traffic monitoring.
    Actually is there anyway this can be monitored?

    I'm sure the big webmail providers yahoo, hotmail, gmail have some sort of monitoring of this? Anyone?

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well,

    I would guess that if you have an e-mail account that is accessed from different places/providers and never actually sends any mail it would tend to stand out, particularly if it was growing in size (due to the saved drafts).

    If you were going to get it to work you would have to create innocuous "normal" traffic to avoid appearing abnormal. I would probably go to shopping and software providers sites and check the boxes to get e-mail notifications.

  3. #3
    Junior Member
    Join Date
    Jan 2009
    Location
    US Northeast
    Posts
    2

    uninterceptable

    Quote Originally Posted by nihil View Post
    Well,
    create innocuous "normal" traffic to avoid appearing abnormal.
    nihil,
    agreed.
    To keep things uninterceptable setup accounts at a half dozen of sites and then snail mail a list of sites to your colleague with instructions to only use each registered account once for 3 messages only. Delete each draft message once it is read by the other party.

    Delete the account 2 days of receiving the last message, and then use the next registered account at another website on the list.
    Even if you choose not to use GnuPG encryption you still will have SSL during transfer to a private message box that won't leave that server.

    When you are setting up these email accounts you could also send innocuous emails to things asking dumb customer questions about a product so you have sent emails in your SENT box. And like you said also sign up for a couple of email lists for things like airline deals of the week or something or some club events weekly mailing list in Las Vegas.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Come to think of it, the best source of regular incoming mail is to sign up with a few jobfinding sites and opt for e-mail notification.

    Also, quite a few people i know have "disposable" e-mail accounts that they use for registering with websites and the like, so a small volume of outgoing mail is not uncommon, provided that you have the other traffic.

Similar Threads

  1. Iptables Script / Tutorial
    By str34m3r in forum The Security Tutorials Forum
    Replies: 16
    Last Post: September 25th, 2006, 02:20 AM
  2. Security management - setting up audit and account
    By tenzenryu in forum The Security Tutorials Forum
    Replies: 7
    Last Post: July 11th, 2005, 03:57 AM
  3. Firewall log
    By coderecycle in forum Newbie Security Questions
    Replies: 4
    Last Post: October 3rd, 2004, 06:02 PM
  4. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  5. Firewall Machine not connecting to port443
    By Natasha69 in forum *nix Security Discussions
    Replies: 1
    Last Post: November 8th, 2002, 09:45 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •