[ExI] hacked email

Will will.madden at gmail.com
Tue Nov 25 15:14:05 UTC 2014

If you have a dozen or so members, you need to solve for the weakest (least technical) link in the chain, so assume that link is pretty weak.

If you have a budget, buy everyone a cheap barebones laptop and install Ubuntu or a similar free linux distribution.  Encrypt the hard drive at root, and ensure everyone uses a complex / high entropy password.  Use the thunderbird email client with the enigmail/pgp extension and configure the client so all messages are encrypted and signed.  This is ‘relatively' safe.

A more practical solution would be to use a service like: https://protonmail.ch, and you’ll be supporting a worthy project as well in doing so.  
On November 25, 2014 at 7:51:25 AM, Michael LaTorra (mlatorra at gmail.com) wrote:

I am certainly no expert, but I'll toss this idea out anyway: use a physical one-time pad. The pad lists one code per page. The pages are numbered. Everyone in your secure circle gets a copy of the pad. Use a numbered code page once, then destroy the page. In your message, you give the page number. If the reply does not include the proper code, it's been compromised.

Mike LaTorra

On Nov 25, 2014 7:00 AM, "spike" <spike66 at att.net> wrote:
Security hipsters, I need some advice or ideas.  We have a group of family history researchers, about a dozen of us who work together, share photos, family lore, findings from DNA and so forth.  Recently one of our circle went off her meds and did a lot of damage by hacking into another member’s email and writing messages to the other members with a false From line, all with carefully calculated malice.  It has us really freaked, because this cousin is very unpredictable and has a lot of brains and a lot of ill will, with more internet protocol savvy than the rest of us combined (she is a computer security expert.)


I am thinking of a way to write some kind of code word or something into our email such that it would be evidence the message is from who it says.  Is there a standard way of doing this?  We can exchange the code word via phone so if the party in question has access to our email, it wouldn’t be intercepted.  Ideally it would be some kind of rotating code, different with each message but derived by some kind of externally-accessible information, not easily guessed.  An example would be the F10.7 cm radiation average from the sun on a given day.  That could be looked up each day and put in the email message somewhere.  Archives exist, so we could even go one year back.  Ideally we would want a code that changes by the hour.  Ideas please?  What do you security guys do to verify a sender?


I don’t think my email has been compromised, so posting here or privately is OK.



extropy-chat mailing list
extropy-chat at lists.extropy.org

extropy-chat mailing list  
extropy-chat at lists.extropy.org  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20141125/e9575dac/attachment.html>

More information about the extropy-chat mailing list