Oh...this post was connected to my previous one.
Sorry...my ideas along these lines are still a little foggy but I'll try to articulate.
Basically, let's assume someone with some resources has cracked your email and wants to monitor what you send and receive. let's also assume they don't want you to know it. Let's assume they also are not particularly thrilled about having hotmail know what they're up to (if needs be they can obtain a warrant, etc..., but this is clearly less than desirable compared to more direct techniques). It seems fairly easy to me to (for instance) create a bot that duplicates all of the email and resends it to your hotmail account so that when you log in everything looks fresh and new. (There are probably easier ways to do this via direct hacks of hotmail).
Is there some way to make it evident that someone has opened your email?
Right now, I can't think of anything you could do aside from suggesting that hotmail (or whoever) offer some kind of encryption service.
BUT, it occurs to me that you might be able to have gmail forward your mail to hotmail via some intermediate application you've set up that takes the timestamp and whatever and creates a hash.
Now your 'observer' of course could possibly go over to hotmail and try the same tricks, but this might be harder...the forwarded emails might not last very long. this might require a pretty heavy hack into gmail or else a subpeona, in which case they are much closer to the surface than before...'they' need more resources and possibly subject themselves to the legal system, which they probably still want to avoid.
-TD
From: cypherpunk <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Email Certification? Date: Wed, 27 Apr 2005 11:14:50 -0700
On 4/27/05, Tyler Durden <[EMAIL PROTECTED]> wrote:
> Hum.
>
> Can anyone figure out a way to determine if one's hotmail, etc...has been
> looked at or not?
By whom? Someone at hotmail, or someone who got your password and logged in as you?
Hotmail shows mail that has already been viewed in a different color than mail you haven't looked at yet. So it would be obvious if someone else logged in as you and read your email. But of course there is no way to know what insiders are doing. Maybe you could explain your attack concept more clearly.
> The only thing my limited mind can think of sounds superficially like it
> won't work:
>
> Use a gmail account to forward all email to some routine that time-stamps
> and then hashes the message+timestamp and then sends the email on to the
> hotmail account.
What would this accomplish? That is, what attack would it make more difficult? Are you worried that someone is intercepting your email en route to hotmail, reading and delaying it, then passing it on? And you hope to detect the unwarranted delay?
CP
