Feeds

Website combines spam with encryption

Hide your secrets in rubbish

  • alert
  • submit to reddit

SANS - Survey on application security programs

At last! A positive use for spam.

A website has been set up, called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact confidential data is been exchanged.

Steganography, or the technique of burying encrypted text in other files, such as pictures, in order to disguise the fact confidential messages are been exchanged, is almost as old as cryptography itself.

However using spam to achieve this gives the idea an interesting spin. Spam Mimic gives access to a short program that will encrypt a short message into spam and back again - the sentence outputs vary depending on the message being encoded.

The site explains why spam is a better method to hiding messages than pictures or movie clips.

"There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible."

The site adds "real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article", an argument we find it very hard to disagree with.

Here's how it works: go to the site and choose 'encode' from the menu, and type in a short message into the text box and press enter. This generates a secret message buried in spam, which you can then be cut and pasted into an email client.

The person receiving the message can use the site's decode option to recover the original message.

The site also has a higher purpose - forcing government surveillance systems, such as Echelon, to scan through Terabytes of spam on the off chance that some of them may contain encrypted messages of interest to the authorities. These are the kind of ideas behind the 1999 Jam Echelon Day, explained in more detail here.

We're not sure how strong the encryption engine behind the site is. Also to use the service you would have to agree with someone in advance about either the email a spam encrypted message would come from or its subject line.

All in all, we think it's an interesting idea rather than useful to, say, civil right activists, who might want to disguise their use of encryption from security agencies. That said, the idea that activists might instead be arrested for sending unsolicited commercial email is unlikely...®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.