Feeds

Website combines spam with encryption

Hide your secrets in rubbish

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

At last! A positive use for spam.

A website has been set up, called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact confidential data is been exchanged.

Steganography, or the technique of burying encrypted text in other files, such as pictures, in order to disguise the fact confidential messages are been exchanged, is almost as old as cryptography itself.

However using spam to achieve this gives the idea an interesting spin. Spam Mimic gives access to a short program that will encrypt a short message into spam and back again - the sentence outputs vary depending on the message being encoded.

The site explains why spam is a better method to hiding messages than pictures or movie clips.

"There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible."

The site adds "real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article", an argument we find it very hard to disagree with.

Here's how it works: go to the site and choose 'encode' from the menu, and type in a short message into the text box and press enter. This generates a secret message buried in spam, which you can then be cut and pasted into an email client.

The person receiving the message can use the site's decode option to recover the original message.

The site also has a higher purpose - forcing government surveillance systems, such as Echelon, to scan through Terabytes of spam on the off chance that some of them may contain encrypted messages of interest to the authorities. These are the kind of ideas behind the 1999 Jam Echelon Day, explained in more detail here.

We're not sure how strong the encryption engine behind the site is. Also to use the service you would have to agree with someone in advance about either the email a spam encrypted message would come from or its subject line.

All in all, we think it's an interesting idea rather than useful to, say, civil right activists, who might want to disguise their use of encryption from security agencies. That said, the idea that activists might instead be arrested for sending unsolicited commercial email is unlikely...®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.