Feeds

Website combines spam with encryption

Hide your secrets in rubbish

  • alert
  • submit to reddit

Security for virtualized datacentres

At last! A positive use for spam.

A website has been set up, called Spam Mimic, where users can embed encrypted messages in spam in order to disguise the fact confidential data is been exchanged.

Steganography, or the technique of burying encrypted text in other files, such as pictures, in order to disguise the fact confidential messages are been exchanged, is almost as old as cryptography itself.

However using spam to achieve this gives the idea an interesting spin. Spam Mimic gives access to a short program that will encrypt a short message into spam and back again - the sentence outputs vary depending on the message being encoded.

The site explains why spam is a better method to hiding messages than pictures or movie clips.

"There is tons of spam flying around the Internet. Most people can't delete it fast enough. It's virtually invisible."

The site adds "real spam is so stupidly written it's sometimes hard to tell the machine written spam from the genuine article", an argument we find it very hard to disagree with.

Here's how it works: go to the site and choose 'encode' from the menu, and type in a short message into the text box and press enter. This generates a secret message buried in spam, which you can then be cut and pasted into an email client.

The person receiving the message can use the site's decode option to recover the original message.

The site also has a higher purpose - forcing government surveillance systems, such as Echelon, to scan through Terabytes of spam on the off chance that some of them may contain encrypted messages of interest to the authorities. These are the kind of ideas behind the 1999 Jam Echelon Day, explained in more detail here.

We're not sure how strong the encryption engine behind the site is. Also to use the service you would have to agree with someone in advance about either the email a spam encrypted message would come from or its subject line.

All in all, we think it's an interesting idea rather than useful to, say, civil right activists, who might want to disguise their use of encryption from security agencies. That said, the idea that activists might instead be arrested for sending unsolicited commercial email is unlikely...®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.