Slashdot Mirror
Security Through Obscurity - Spam Mimic
ragnar! writes "Ingenious. Not just strewing spam-speak between the words of your message, actually does some kind of character/word -> phrase conversion.
Interesting concept - check out Spam Mimic." I tested it out - looks pretty darn cool.
Dear E-Commerce professional ; This letter was specially selected to be sent to you . This is a one time mailing there is no need to request removal if you won't want any more ! This mail is being sent in compliance with Senate bill 2216 , Title 6 ; Section 306 . THIS IS NOT MULTI-LEVEL MARKETING ! Why work for somebody else when you can become rich inside 75 MONTHS ! Have you ever noticed most everyone has a cellphone & people love convenience ! Well, now is your chance to capitalize on this ! We will help you use credit cards on your website plus process your orders within seconds . You can begin at absolutely no cost to you ! But don't believe us . Prof Ames of Missouri tried us and says "I've been poor and I've been rich - rich is better" ! This offer is 100% legal . We IMPLORE you - act now ! Sign up a friend and your friend will be rich too . Best regards . Dear Sir or Madam , Especially for you - this hot news ! This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 2216 , Title 1 ; Section 302 . This is not a get rich scheme ! Why work for somebody else when you can become rich as few as 64 days ! Have you ever noticed people will do almost anything to avoid mailing their bills & people love convenience . Well, now is your chance to capitalize on this . We will help you turn your business into an E-BUSINESS & deliver goods right to the customer's doorstep ! You are guaranteed to succeed because we take all the risk . But don't believe us ! Prof Ames who resides in North Dakota tried us and says "Now I'm rich many more things are possible" . We assure you that we operate within all applicable laws ! We beseech you - act now ! Sign up a friend and you'll get a discount of 20% ! Cheers .
... you could use anonyomous remailer and fill target's name in the BCC field.
No way they're gonna be able to tell that you mailed just one person.
Either way, Spam encoding works.
There certainly is a faction of people out there that could find this useful... Many people don't bother with encryption in email simply because they dont regularly need to send anything of importance via email. In fact, I can't think of a single casual email user who uses encryption of any kind. And most of those users share some kind of account with someone-- be it an AOL account with parents or a dialup ISP account with roommates. In these cases-- and trust me, there are many-- having something quick and trivial to distract the wandering eyes of others is nice.
Not everyone considers their e-mail top secret enough bother with actual encryption. It is for those kind of people that this might be useful every now and then.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
security though obscurity Does Not McGurk!!!
Just think...for all those passive/agressive 5up3r-1337 h4x0r5 out there that can never seem to find a girlfriend, this is the perfect answer!!! You can serenade her with spam! Entice her with your smooth and witty turn of phrase..."limited time offer" becomes "I pledge my undying love to you and your fuzzy knee socks!" "Senate bill 1234, title 6" becomes "let me cover you in chocloate syrup and write out the entire source of my new killer r00t k1t on your nether regions in portable ANSI C!"
The possibilities are almost endless....
== That terrible green-green grass, and violent blooms of flower dresses, and afternoons that make me sleepy.==
Actually, really running spam through spammimic shows a major flaw in their description of why people should use it. Their "encryption" is symmetric, so all NSAFBICIA has to do to check whether a message is spam or something encoded by this sysem is run it through the system...if it isn't spammimic encoded spam, it seems to get a "(Sorry cannot decode)" error message. Of course I only tried this with one piece of spam, but it seems like it'd be consistent.
Obviously one can try 0xa1a2a3 0x123456 or output of any encryption algorithm with this. Which makes the original encrypted message look like spam. If it's intercepted, it is still encoded. Thus additional security is gained.
sinan
Now, we have SPAMGANOGRAPHY to hide the meaning of life from Echelon....
--
I think you'll find that with 70s technology, it would be pretty much impossible to analyze natural speech well enough to pick up certain words from a conversation. Whatever Echelon is, it's not an automatic eavesdropping machine.
Can everybody please post examples for how their short message was ballooned into wordy spam? I just got a new mouse with a scroll wheel and I'd like to try it out.
Oh, you've done that already. Thanks.
...and I got:
I really like this direct marketing thing. I failed in life as a salesperson, but I belive everyone loves my ideas so they will buy my crappy ideas if I send this stuff out in volume. Come on, send me the cash. I am broke because I invested in all these pyramid schemes that I thought would work, and that penis enlargement? It did not help. Hell when I signed up for those XXX sites all they gave me was a link to goats.cx. Come on buy my crap and help out a poor spammer!
Try to hack my 31337 firewall!
Actually, SPAMming coded messages to thousands of people has the benefit of obscuring which one of them is the intended recipient. Analyzing where the data goes and when is an important part of breaking codes, as anyone who's read Cryptonomicon (and who here hasn't?) should know. So encoding messages in junk mail and sending them to thousands of people is an excellent scheme for getting secrets to the people who need them. You can even send a copy to the head of the CIA directly, and he or she will probably throw it out :-)
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
--
This is a good method of steganography, but if it pretends to be good encryption by itself, that's bull.
What would really work well is a random spam generator that takes any random stream of bytes as input. Then you do the following:
Plaintext -> PGP/GPG -> cyphertext ->SpamMimic -> cyphertext which looks like spam
Then, it would be secure and would not attract attention. There are some interesting pitfalls tho:
o It could be deleted by a computer rejecting spam based on a text signature
o Your friend would have to know ahead of time to expect your message or he'd delete it. Of course, then he could no longer ignore any of his spam. If he automates the process, this could be avoided because normal spam would not decrypt to anything and the checksum would fail and it would be tossed automatically.
o Somebody could invoke an anti spam law to sue your ass when you were simply sending them a message. Then, you'd have to prove it wasn't spam.
Vidi, Vici, Veni
The codec was (re)designed so that most actual spam would decode into a message, even if it was gibberish? Would certainly improve the steganography aspect, I think.LI>
The codec was (re)designed so as to be irreducibly computationally expensive to decode messages, thus making scanning difficult, but on a modern machine decoding
Admittedly I'm not an expert on spamming methods, but it seems to me like most spam appears to be addressed to one recipient anyway, so I don't think the 'one recipient therefore fake spam' correlation holds, as some have suggested.
Honestly, if these ideas were to be implemented (well, the first two, anyway), I don't think they would need to open source the program. That is, one could just as easily be made up with those goals in mind, since a complete rewrite would be necessary anyway.
To me, this seems like a potential way to produce 'ubiquitous encryption.' If the codec was remade so that it was computationally expensive and regular spam decodes without errors, then it would dramatically improve the percentage of encrypted mail.
Or, better yet, since regular spam would decrypt to 'gibberish,' why not have the decrypted output be code for use with an actual cypher? Suddenly I imagine a PGP->Spam encoder and decoder...imagine, every spam message is potentially a PGP message! That'd really mess up carnivore/echelon. It'll probably never happen, though. But the possibility is certainly tantalizing...
This idea is essentially stenography.
They're taking your email, and encoding it to look like spam. Hence, evesdroppers will filter it out as junk instead of examining it. (Or evesdroppers will be forced to pay attention to spam.)
This is very similar to stenography--hiding information in a way that you can't prove that it's there unless you already know how to decrypt it.
Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a
little less time on other mails.
Unless, of course, they can convince the general public that now, not only is spam annoying, it's actually a threat to national security -- nay, an open INVITATION to have a middle eastern terrorist bomb the public library in your home town. This could be the end of legal spam!
And if it's not, then we get cool steganography! Either way, we win!
('course, if they can get the public to buy that, they can get the public to buy pretty much anything, and we might be in big trouble.)
--
Tweet, tweet.
Yet again Slashdot is a day late and a buck short. You guys should start reading memepool more often. They featured this story on January 16th -- where the hell were you?
touché !
I've been trying to look at that site since it got mentioned on kuro5hin the other day and every time I've tried it's been down. I don't know if it's a slashdot / kuro5hin effect (does kuro5shin have an effect?) but I'm not entirely certain that that's a real website which actually functions.
Well, I guess other people have used it otherwise it wouldn't keep showing up. Maybe it's just me. I'll go try again.
--
RumorsDaily
Ahh, if only you could mirror CGIs more easily :)
This is a neat idea. But I would bet that one could come up with a statistical model to detect such an encoded message. A human can easily detect that this is not "typical" spam, so with a little work an algorithm could too.
But the trouble with such a system is that you have to build a brand new set of rules to have any sort of security. You can't just generate a new set of keys, you have to build a new grammar and phrasebook for the spam text.
Dear Friend ; We know you are interested in receiving .com on
.com on in it
.com
cutting-edge announcement . If you are not interested
in our publications and wish to be removed from our
lists, simply do NOT respond and ignore this mail !
This mail is being sent in compliance with Senate bill
2116 ; Title 3 ; Section 303 ! This is NOT unsolicited
bulk mail ! Why work for somebody else when you can
become rich within 10 weeks ! Have you ever noticed
nearly every commercial on television has a
in it plus how long the line-ups are at bank machines
! Well, now is your chance to capitalize on this !
We will help you deliver goods right to the customer's
doorstep and decrease perceived waiting time by 150%
. The best thing about our system is that it is absolutely
risk free for you ! But don't believe us . Mr Simpson
of Alaska tried us and says "My only problem now is
where to park all my cars" . We assure you that we
operate within all applicable laws ! We urge you to
contact us today for your own future financial well-being
! Sign up a friend and you get half off . God Bless
! Dear Web surfer , Your email address has been submitted
to us indicating your interest in our briefing ! This
is a one time mailing there is no need to request removal
if you won't want any more . This mail is being sent
in compliance with Senate bill 2616 , Title 1 ; Section
305 . This is different than anything else you've seen
! Why work for somebody else when you can become rich
in 92 DAYS . Have you ever noticed how long the line-ups
are at bank machines plus people love convenience .
Well, now is your chance to capitalize on this . We
will help you turn your business into an E-BUSINESS
plus process your orders within seconds ! The best
thing about our system is that it is absolutely risk
free for you . But don't believe us . Ms Ames who resides
in Montana tried us and says "I was skeptical but it
worked for me" ! We are licensed to operate in all
states ! You have no reason not to act now ! Sign up
a friend and you get half off . Best regards . Dear
Salaryman ; You made the right decision when you signed
up for our directory . If you are not interested in
our publications and wish to be removed from our lists,
simply do NOT respond and ignore this mail . This mail
is being sent in compliance with Senate bill 1626 ,
Title 8 , Section 301 ! This is NOT unsolicited bulk
mail ! Why work for somebody else when you can become
rich inside 56 days . Have you ever noticed nearly
every commercial on television has a
and nearly every commercial on television has a
on in it . Well, now is your chance to capitalize on
this ! WE will help YOU increase customer response
by 170% and decrease perceived waiting time by 120%
. You can begin at absolutely no cost to you . But
don't believe us . Ms Simpson who resides in Ohio tried
us and says "I was skeptical but it worked for me"
. We are licensed to operate in all states . We BESEECH
you - act now ! Sign up a friend and you'll get a discount
of 40% . Thanks ! Dear Friend ; This letter was specially
selected to be sent to you . If you no longer wish
to receive our publications simply reply with a Subject:
of "REMOVE" and you will immediately be removed from
our mailing list . This mail is being sent in compliance
with Senate bill 1619 ; Title 6 , Section 303 . This
is NOT unsolicited bulk mail ! Why work for somebody
else when you can become rich inside 59 WEEKS . Have
you ever noticed nobody is getting any younger and
most everyone has a cellphone ! Well, now is your chance
to capitalize on this ! We will help you sell more
& process your orders within seconds ! You can begin
at absolutely no cost to you . But don't believe us
! Ms Ames who resides in New Jersey tried us and says
"My only problem now is where to park all my cars"
! This offer is 100% legal . Do not go to sleep without
ordering . Sign up a friend and you get half off !
Warmest regards .
Not representing or approved by my company or anybody else.
requires the user to give them the plaintext of every message
i know, it's actually run by the government. that way they can monitor your email before you even send it..
this is just a placeholder till i send back my real sig from the future.
Of course, it also runs the risk of your friend discarding the email because he runs a smart spam filter, too. (BTW, John - YHM).
--
--
E_NOSIG
The biggest problem I have seen with this is that you must use a website to encode/decode the message. Hey, this is no big deal. Anyone can write a program. The best option though would be to actually encrypt the message with your typical encryption scheme, then use a filter to convert the encrypted text into spam or whatever medium you like. The first stage will protect the message. The second stage will conceal the encryption. If the actual filtering process was key based, then only the reciever would be able to determine if the spam was actually spam or concealing another message.
-Restil
Play with my webcams and lights here
Think about it. PGP just turns a message into "gibberish"; a spamified PGP would turn it into (admittedly rather long) halfway intelligible spam messages, only decodable by the recipient.
Now THAT would be cool...
cya
Ethelred
Everyone wants to be Ethelred. Even I want to be Ethelred.
That depends on what you mean by "admits". If you look through the Received: headers, specifically the last non-forged one, it's extremely frequent to find the uu.net IP addrs. For example:
Return-Path: <jcrand1975@implus.at>
Delivered-To: no@spam.com
Received: from ntserver.kvadro.ee (mail.kvadro.ee [213.168.23.75]) by shackman.divisionbyzero.com (Postfix) with SMTP id CEAABB9F48 for ; Sat, 18 Nov 2000 12:12:34 -0800 (PST)
Received: from bungee5 (unverified [63.24.141.248]) by ntserver.kvadro.ee (EMWAC SMTPRS 0.83) with SMTP id ; Sat, 18 Nov 2000 21:25:45 +0200
Date: Sat, 18 Nov 2000 21:25:45 +0200
To: jcrand1975@implus.at
From: jcrand1975@implus.at
Comments: Authenticated sender is <jcrand1975@implus.at>
Reply-To: jcrand1975@implus.at
Subject: New - 15-Million Fresh E-Mail Addresses
Message-Id:
You'll notice the last Received: header points to a 63.* addr. Hello uu.net.
By "major isp's", I was referring to ISP's that serve a lot of private cutomers... AOL, Juno, Qwest, MSN, etc. etc. not spine providers and business-centered ISP's like uu.net and mr.net
Plenty of spam can be traced back to AOL dialup IP addrs, and uu.net owns many of the IP addrs that small ISPs use.
This is not to mention the proliferation of non IP logging relaying SMTP servers from major ISPs, most notably @home. Or all the people running relaying sendmail on their redhat boxen.
Huh. Most of my spam comes from uu.net.
and spoofs the recipient's ID into the From: field,
What's to stop this software from doing the same?
it seems to me that the fake spam would be fairly easy to spot.
It would look just like real spam unless you specifically checked for the type of mangling done by this program (assuming it does leave some kind of fingerprint).
If it looks like spam, but comes from a major ISP, and is delivered to only one person, it is a fairly good guess that it is really a coded message.
No, it's not a good guess. Major ISPs (especially uu.net) send out massive amounts of spam. As for delivered to only one person, most spam forges the To: header, so there isn't any clue in the email itself as to how many people are receiving it. Unless the sniffing system kept a queryable database across all it's nodes, it wouldn't be able to detect the multiple connections from the originating mailserver to it's target mailservers.
Even if there was such a database, the whole point was to make carnivore/echelon apply more logic than just "basic" spam detection. If you make the FBI/NSA have a queryable database of all active tcp connections on the entire internet at all times, then you're achieved your goal.
I'll bet Slashdot offers an even better substrate than spam. Carefully chosen variants of comments about how MS/Microsoft/Microsloth sucks/sux/blows/bites could easily be used to encode a message. Ditto for other "hot words" such as Linux, BSD, JonKatz, Natalie Portman, goatsex, etc. With a little creativity we could probably get something like Spam Mimic working, but with a much more favorable compression ratio. What's even better is that you don't even have to use your own storage. Just post the encoded version to Slashdot and your friend can pick it up any time, while it remains totally indistinguishable from all the other random garbage people (including me) post here.
Slashdot - News for Herds. Stuff that Splatters.
We have an amazing opportunity waiting for you. Because your server has been slashdotted,
we have a special offer just for you at FBNHOSTING.COM. FlyByNite hosting guarantees
uninterrupted web hosting with no possibility of DOS/DDOS/SlashDotting attacks.
Act now! This offer is time limited. Already, your precious users are turning away and surfing
on to your competitor.
W.E. Zell, manager
FBNHOSTING
---
I am a scam artist trying to defraud you of your hard-earned money.
---
THAT would be cool. I'd almost overlook the whole big brother thing if they did that :)
Rader
For anyone wondering, the decoded form of this message is:
"And Bababooey to you all !! !!"
Now we don't have to slashdot the site to decode this.
--
Patrick Doyle
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
new movement.....in order to preserve the quality of Slashdot feedback, every headline must now look like:
SDAFLJQ#$RLWEFQ$FSDFDF#$QVQ $#RFclick SADFAS!FEQWsk3n1443R$:FEMK #VL#$ VJLF34knc rk4jnc#$ C%$@
So i hope to get you all signed up pronto.
that will propose that all Slashdot headlines make some semblance of sense without having to read the external site to see what its talking about.
--
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
The site left me a little stunned. Taking some simple phrase and translating it to a hundred lines of dreck and then being able reverse translate is amazing, and just might accomplish the desired goal of forcing the watcher to scan nearly everything, making the needles in the hay stack that much harder to find.
;-)
On the other hand: Looks like spam; smells like spam; gets tossed out like spam.... Did you get the message? Not yet -- just 300 spams -- trashed em all. *urk*
This reminds me of how Simon Templar talked to his clients in The Saint.
You just came up with an amazing idea. Disguise your emails as Jon Katz rants. That way, nobody would WANT to read your intercepted email.
The problem that I see with this is that it's too easy to intercept in an automated fashion. It doesn't take any secret or anything to be able to determine whether or not the data is there. You simply decode it and you get the hidden message. In fact, if you give it something that isn't an encoded message, it will tell you that it can't decode it. This makes it trivially easy for the carnivore's (et al) to automatically detect this type of obfuscation. They simply have to add a step to their spam filtering code to try deobfuscating before deleting.
The real value would be if this thing would take any garbage and translate it into something - of about equivalant length garbage. Thus it could be coupled with an encryption format that looked like garbage, to effectively obfuscate your communication.
PGP/GPG does not do a good job as the encryption format. It's got these nice, easy to read, headers that show you that it's a GPG encrypted message. What you need is something that will take in what looks for all the world like garbage and spit out the clear text if you got the right key.
This is a great first step, tho.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
I thought that Steganography was the art of being a dinosaur with big heat-dissipating plates and a spiked tail.
- Mike
what like getrich@aol.com or printerink@yahoo.com? I think much spam has from headers which specify a 'major' isp or provider, and also route thru them too.
To work out whether it's sent to more than one person you'd have to keep pretty big logs and compare every mail to every other mail in the logs to see if they're the same. That's increasing the load on a surveillance system even more than just having to process spam.
---
Funny, you'd mention AOL in a context of "major ISP who doesn't send spam"...
Say no to software patents.
(Well not in the implementation listed in this story, but this implementation sucks anyways: who says the site is not run by the NSA? And it doesn't even use https for its encode/decode pages, making it actually easyer to snoop cleartext of any message shrouded this way!)
Say no to software patents.
And, did you use up-to-date maps?
Say no to software patents.
This reminds me of a method to foul up wiretapping in the 1970's, when anyone who ever said the phrase "Peace, Love, etc" had their phone tapped.
Person A, who is being tapped, calls person B, also being tapped. Then person A puts the phone next to a radio with music that would not appeal to the average FBI agent, or a tape loop containing a pro love, anti war message. Then both go away for a weekend, a week etc.
Pity the poor SOB who has to monitor all the tape recorded during that time.
This also assumed that you had a flat rate phone service.
Actually spam people with the message! Encrypt something, than encrypt it again into spam. Send it out to 200,000 email addresses combed from usenet posts, and the real recipient in the mess, and the governments will never be able to find the real recipient.
Or cause them to monitor all traffic to this site and others like it.
This is a manual virus. Copy it to your sig and help me spread!
Come in handy for terrorists. Set up a spam service in libya and not only direct your operatives, you could piss off many americans (And make a few bucks off a few more) in the process.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
A fun form of security is good and all, but they actually have higher aims than that. They want to keep Big Brother busy by forcing him to read spam that might contain whatever naughtiness they're supposed to be watching for.
Their site continues, linking to: Jam Echelon Day and Jam Echelon Day descends into spam farce
Who moderates the meta-moderators?
No, it's pretty much established fact that they Carnivore and Echelon exist for exactly this purpose. How effective they are is questionable. I don't think that's lunatic fringe in any way.
So what you are telling me is that I now can no longer just delete Spam on site? I now have to run it through this SpamMimic to make sure I'm not missing a top-secret message?
ARRRRRRRRRRGGGGGGGH!
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
OK, what will impress me is the analog of those "print_self()" C programs.
I can see it now: in the future, I'll get encoded spam that won't ever decode.
Ultimate!
"Provided by the management for your protection."
Come on, I can't be the only one here who bothered to follow the link and actually read the damn thing.
-Legion
Do they give free t-shirts?
--
--
Stay tuned for some shock and awe coming right up after this messages!
However, since you have to use the same website to send and recieve the message, it would be much eaisier to generates a random spam, and use the hash of that message to store your real text in a database (a dictionary or map) then when you come back with your e-mail to "decrypt" it could rehash the text and retrieve the message you typed in.
My .02 cents
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
Mordred
So. They spend their time decypting our "private" mail, but the just send the spam to a killfile? And this is supposed to stop that? Perhaps a better thing to do would be to convince spammers to encrypt all of their spam. Then the government would have to decrypt all of that too.
(I'm ignoring the obvious jokes about "processing Spam"...)
AF-Design, web development.
No you twit. He means Steganography. Go look it up.
Yes, this MAY help bog down the Carnivore servers (a big if). It can also be used by security agencies to make this a non-viable communication channel for terrorists. All they have to do is post a message on alt.binaries.pictures.goatse.cx from osamadude@terror.org and about 3 milliseconds later good ol' Osama gets flooded with enough REAL spam that the effort in wading through all his new email rapidly outweighs his ability to use this method effectively.
A few months ago when this came out, I was curious as to what it was doing...
An hour of two of playing with tcl and neowebscript, and I'd started to decode messages from it. I'm not a cryptographer, so I seriously doubt the algorithm involved will upset the likes of Carnivore et. al. It is an excellent concept, don't get me wrong, now if they can only improve their algorithm...
And, of course, I've no idea where those scripts are, and I'm actually busy these days, so I probably won't reproduce them anytime soon.
"A goldfish was his muse, eternally amused"
Vs lbh pna ernq guvf, ybt bss abj. Tb bhgfvqr. Syl n xvgr.
He's talking from the context of a Big Brother listening to your e-mail. If you recieve a spam that they don't see anyone else getting, they will run it through just to double check.
You quitting proves that the karma kap worked. The most annoying of the whores shut up. --CmdrTaco
Dear Friend , Your email address has been submitted to us indicating your interest in our publication . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our club . This mail is being sent in compliance with Senate bill 2016 , Title 8 , Section 305 . This is NOT unsolicited bulk mail ! Why work for somebody else when you can become rich within 33 days ! Have you ever noticed nearly every commercial on television has a .com on in it plus most everyone
has a cellphone . Well, now is your chance to capitalize
on this ! WE will help YOU decrease perceived waiting
time by 130% and turn your business into an E-BUSINESS
. You are guaranteed to succeed because we take all
the risk . But don't believe us ! Prof Ames of Massachusetts
tried us and says "My only problem now is where to
park all my cars" ! We are licensed to operate in all
states ! We beseech you - act now . Sign up a friend
and your friend will be rich too ! Thank-you for your
serious consideration of our offer !
How's that secret BIND group doing?
But really folks...what's wrong with PGP?
--
Wooden armaments to battle your imaginary foes!
Brillant ? :) :)
If I were paranoid enough to want to send someone an encrypted mail, and oh.. it can be decrypted.. better hidden in a spammic form.. well.. the very last thing I'd do would be to first post it on a public site to have its "encrypted" result
BEsides, who knows... maybe it's not encrypted at all.. unless you have the encrypting and decryptig software in your machines... there is no need to encrypt it... all they have to do in the site is save it in a database, and associate a randomly generated SPAM.. when someone wants to decrypt it they just recognize it and get the 'answer' out of the database
Anyway, a better idea, and not so complicated would be a perl script than 'encrypt' and 'decrypt' your mail using fortune mods AND a key.
Oh.. and we are all pretty convinced security through obscurity is not security, but this was about privacy through obscurity
Haha ! very funny ! :)
Anyway, seriously, there is plenty of nice information on steganograpy at Fravia
and you may also want to check Stegosaurus
*still laughing*
This would require that anyone trying to search for encrypted messages look at spam more than they do, sure. But the fact that you get so much repetition here makes it fairly easy to discern a message encoded in this way from real spam. Just have your filters look for anything in which certain words are repeated a particular number of times, and it ain't real spam.
Besides, if the NSA/FBI/Ex-wife/whoever wanted to decrypt these messages, they could just go and use the same service the intended recipient would. It isn't typical security through obscurity...obscurity is the ONLY security offered here (it isn't a supplement, like for most things).
Which creates a market opportunity: offshore servers that automatically convert ESMTP input into fake spam. Except that to avoid attracting attention, they'd have to rely on open relays, just like real spamsters. And they'd probably also need to generate some real spam themselves....
__________________
If that's true, this is not a very secure form of encryption. Codebreaking is usually based on searching for the patterns introduced into messages by the linguistic habits of the correspondents. If the encryption key is itself a linguistic pattern, the codebreaker's job is just that much easier. The message is secure only as long as the codebreaker doesn't know which messages are encrypted -- and traffic analysis will tell him that.
__________________
First of all, the text is too static - easily recognizable. In addition, it is a simple CGI only routine, so in its current state you 'private' message could end up in the web logs, or worse, a database, of the operator. Finally, since it is a single decode routine there is obviously only one key. Steganography has potential when using things that are a bit more innocuous, like jpgs. The problem is if someone is surveilling you (ala Carnivore et al.) then steganography isn't a great way to protect yourself.
Marc
A couple of years ago, the New York Times' Cybertimes section had a similar encoder/decoder. In their case, it encoded to a description of a phoney baseball game. If one's going to really encode and send a message, the phoney spam approach seems much more likely to survive scrutiny than several pages of nonsensical baseball coverage. Very cool.
This seems like a great piece of stego, however, this is one proggie that having the source code would help a lot. Not only are there probably more than a few interesting hacks to learn from, it'll help the usefullness of the program. Not only would I not want to have to go to their site every time I wanted to encrypt something with this interesting, plus it would add a bit to the ability to conceal messages as one could use a different substitution method.
Marxism is the opiate of dumbasses
You just spotted the answer to "what's wrong with this picture?" faster than anybody here. Way to go! :)
Information wants to be anthropomorphized.
By "major isp's", I was referring to ISP's that serve a lot of private cutomers... AOL, Juno, Qwest, MSN, etc. etc. not spine providers and business-centered ISP's like uu.net and mr.net
Information wants to be anthropomorphized.
Heh heh. A guy in my office got your encoded message, and shared it with everybody here. :)
Information wants to be anthropomorphized.
Try parsing the meaning of what I was saying, instead of making knee-jerk reactions.
Information wants to be anthropomorphized.
If it looks like spam, but comes from a major ISP, and is delivered to only one person, it is a fairly good guess that it is really a coded message.
The only way to avoid your message being parsed out from somebody who is really looking for it would be to actually spam a few thousand people though the usual spam channels... which means we can all expect lots more messages advertizing pyramid schemes and satelite TV systems in the near future, just so Bin Laden can chat with his pen-pals.
That's just swell.
Information wants to be anthropomorphized.
I would probably continue using PGP (or don't send stuff through email at all you wouldn't want to be known by others).
- I don't care if they globalize against free speech. All my best free thoughts are done in my head.
This is only cool until someone builds the encoder/decoder into an email app that gains popularity.
Then the Spooks this attempts to confound will build its' functionality into their DCS1000's and Echelon apps, putting us right back where we started, except that the spooks will be using a little more processing power and wait a split second longer to see our mail.
This is a nice toy, but not a long term security measure. That's the problem with obscurity- if it has functionality, it can gain popularity. If it gains popularity, the obscurity quickly fades away, rendering it useless.
A host is a host from coast to coast, but no one uses a host that's close
Here's "abc" encoded:
Dear Professional , Your email address has been submitted to us indicating your interest in our briefing ! If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our database ! This mail is being sent in compliance with Senate bill 1621 ; Title 2 ; Section 307 . This is a ligitimate business proposal ! Why work for somebody else when you can become rich as few as 98 DAYS . Have you ever noticed most everyone has a cellphone and more people than ever are surfing the web . Well, now is your chance to capitalize on this ! WE will help YOU decrease perceived waiting time by 200% and turn your business into an E-BUSINESS ! The best thing about our system is that it is absolutely risk free for you ! But don't believe us . Mr Ames of Massachusetts tried us and says "My only problem now is where to park all my cars" ! We are licensed to operate in all states ! We beseech you - act now . Sign up a friend and your friend will be rich too ! Thank-you for your serious consideration of our offer !
Just a tad excessive...
------
Let me give you the lowdown
When you get a message encoded with Spam Mimic, you'll assume it's spam and delete it. Great idea though.
It's brilliant! With a little refinement to the CGI form (ie., reading decoded text in the Encoding box is inconvenient at best), it's good enough to be a commercial service, IMHO.
The other problem is that when Carnivore et al. start to see spam coming from legitimate, otherwise in use e-mail addresses, then they can start sniffing.
I'm sure the algorithm is fairly simple. Maybe ROT13 letters placed as the first character of every third word or something like that. It's terrifyingly effective, too.
Fire and Meat. Yummy.
every time I try a single character change, whether it be deletion, transpose, UC->LC, etc. it tells me "(Sorry, cannot decode)".
Just see: http://bbspot.com/toys/slashtitle/index.html There must be some secret messages in some slashdot articles. If slashdot look alikes can be made that easy. Just take the email address, some subject and some non relevant remark and you are there. Maybe slashdot is one enourmous codebook....
That's what I was thinkg at first, but if you change any part of the text, the decode process fails. Therefore they must be doing a checksum, or MD5, or something that generates a key based on a large body of data.
Just what the world needs,
So they've come up with a couple stupid "spammy" sounding messages. They're adding a few random numbers to it, making an MD5 hash out of it, storing that in a database, along with the message you originally entered. Then when you decode it, they're just getting the hash ( or whatever they're using) and do a lookup in the database to retrieve your original message.
Since when is 3rd-party storage ingenious technology.
Just what the world needs,
Dear Friend ; Especially for you - this red-hot announcement . This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 2216 , Title 9 ; Section 303 ! THIS IS NOT A GET RICH SCHEME . Why work for somebody else when you can become rich as few as 43 weeks . Have you ever noticed most everyone has a cellphone and society seems to be moving faster and faster . Well, now is your chance to capitalize on this . We will help you sell more and SELL MORE . You are guaranteed to succeed because we take all the risk ! But don't believe us . Ms Jones of Washington tried us and says "My only problem now is where to park all my cars" . This offer is 100% legal . We beseech you - act now ! Sign up a friend and you'll get a discount of 10% ! Thank-you for your serious consideration of our offer ! Dear Friend ; This letter was specially selected to be sent to you ! If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our directory . This mail is being sent in compliance with Senate bill 1626 , Title 8 , Section 305 ! This is NOT unsolicited bulk mail ! Why work for somebody else when you can become rich inside 49 DAYS ! Have you ever noticed most everyone has a cellphone plus nearly every commercial on television has a .com on
in it ! Well, now is your chance to capitalize on this
! WE will help YOU sell more and process your orders
within seconds . You can begin at absolutely no cost
to you . But don't believe us ! Ms Anderson who resides
in Massachusetts tried us and says "My only problem
now is where to park all my cars" ! We are a BBB member
in good standing . So make yourself rich now by ordering
immediately . Sign up a friend and you'll get a discount
of 10% . Thanks . Dear Business person ; Your email
address has been submitted to us indicating your interest
in our letter ! We will comply with all removal requests
! This mail is being sent in compliance with Senate
bill 2416 ; Title 6 , Section 303 . Do NOT confuse
us with Internet scam artists . Why work for somebody
else when you can become rich as few as 18 days ! Have
you ever noticed most everyone has a cellphone plus
the baby boomers are more demanding than their parents
. Well, now is your chance to capitalize on this .
We will help you use credit cards on your website plus
process your orders within seconds ! The best thing
about our system is that it is absolutely risk free
for you ! But don't believe us . Ms Simpson of Rhode
Island tried us and says "My only problem now is where
to park all my cars" . We are a BBB member in good
standing . For God's sake, order now ! Sign up a friend
and you'll get a discount of 60% ! Thanks . Dear Cybercitizen
, Especially for you - this cutting-edge announcement
! This is a one time mailing there is no need to request
removal if you won't want any more . This mail is being
sent in compliance with Senate bill 1619 ; Title 4
, Section 309 . This is NOT unsolicited bulk mail !
Why work for somebody else when you can become rich
in 85 WEEKS . Have you ever noticed the baby boomers
are more demanding than their parents plus most everyone
has a cellphone . Well, now is your chance to capitalize
on this ! WE will help YOU use credit cards on your
website and SELL MORE . The best thing about our system
is that it is absolutely risk free for you . But don't
believe us ! Ms Simpson who resides in Florida tried
us and says "Now I'm rich, Rich, RICH" . This offer
is 100% legal . We IMPLORE you - act now ! Sign up
a friend and you get half off ! Thanks . Dear E-Commerce
professional , You made the right decision when you
signed up for our database . If you no longer wish
to receive our publications simply reply with a Subject:
of "REMOVE" and you will immediately be removed from
our directory . This mail is being sent in compliance
with Senate bill 2516 ; Title 5 , Section 301 ! THIS
IS NOT A GET RICH SCHEME . Why work for somebody else
when you can become rich in 83 DAYS . Have you ever
noticed people love convenience plus people are much
more likely to BUY with a credit card than cash ! Well,
now is your chance to capitalize on this ! WE will
help YOU process your orders within seconds plus turn
your business into an E-BUSINESS . You can begin at
absolutely no cost to you ! But don't believe us .
Mr Simpson who resides in Wyoming tried us and says
"Now I'm rich, Rich, RICH" . We are a BBB member in
good standing ! You will blame yourself forever if
you don't order now . Sign up a friend and you'll get
a discount of 40% ! Best regards ! Dear Cybercitizen
; Especially for you - this amazing info ! If you no
longer wish to receive our publications simply reply
with a Subject: of "REMOVE" and you will immediately
be removed from our mailing list . This mail is being
sent in compliance with Senate bill 1626 , Title 8
; Section 301 . Do NOT confuse us with Internet scam
artists ! Why work for somebody else when you can become
rich as few as 71 months . Have you ever noticed people
will do almost anything to avoid mailing their bills
& most everyone has a cellphone ! Well, now is your
chance to capitalize on this . We will help you deliver
goods right to the customer's doorstep & turn your
business into an E-BUSINESS ! You can begin at absolutely
no cost to you . But don't believe us ! Mr Ames who
resides in Alaska tried us and says "I was skeptical
but it worked for me" ! This offer is 100% legal !
Do not delay - order today ! Sign up a friend and you'll
get a discount of 40% ! Thank-you for your serious
consideration of our offer .
Why is this front page news?
SpamMimic has been around for many (many) months, and out of the blue has the distinguished honor of getting slashdotted into "obscurity".
there is a good point with the obscurity trough spam; not that its impossible to detect, but its still more difficult than a PGP encrypted message; that can simply be pattern matched.
another idea might be that you could aswell first pgp encrypt it and then masqurade it as spam. sure the spam might end up being a bit long but it would be relatively easy to do. that way one could enjoy both strong mathematical security aswell as security trough obscurity.
The real question here is.. did you even look at the sight?.. it encodes nothing like that..
I thought someone said there was going to be free beer!
Actually that would be the absolute best way to do it. If you think about it, the "encryption" technique they are using can't be that secure, so the FBI/CIA/NSA whoever cracks it then np.. they can decode the mail. If it is using the hash of the message to lookup the message in a database the FBI/CIA/NSA whoever has to use spammimic's application to decode the messages. So spammimic just has to sit around and look for millions of web hits from some strange address and then boom.. we know for a fact that they are reading our mails.. *shrug*..
I thought someone said there was going to be free beer!
Now when we see "Enlarge Your Penis Now" posts on Usenet we won't be fooled - we all know it's anonymous terrorist communications.
--nick
ALL THESE WORLDS ARE YOURS EXCEPT EROS. ATTEMPT NO LANDINGS THERE. USE THEM TOGETHER, USE THEM IN PEACE.
Maybe SETI has been approaching this all wrong?
Reading the explanation on their site, there seems to be an awful lot of suppositions:
It's widely believed that Western governments read (and decrypt) a great deal of Internet mail through systems called Echelon, Carnivore and others. Presumably they have filters which discard spam. Possibly, due to the existence of this little website, they can no longer ignore spam. Even if spammimic only gets 2 hits a day; the fact that it's here might force the snoops to process terabytes of spam -- making them spend a little less time on other mails.
Seeing the recursive nature of this translation just gave me (and possibly some of you) something to obsess over tonight! Who can come up with the phrase that outputs
:-)
We will help you turn
your business into an E-BUSINESS and turn your business
into an E-BUSINESS and turn your
business into an E-BUSINESS and turn your
business into an E-BUSINESS and turn your
business into an E-BUSINESS (...)
Deepest level of recursion wins! Winner gets to be King geek for Feb. 13!
From hell's heart I fstab at /dev/hdc
The particular spammouflage approach from the website appears to be rather insecure (one method of encrypting/decrypting for everyone), but it suggests closely related ideas that could catch on. Why not run the message through a public key system and then hide it in spam? The snoops that be are less likely to bother you if your encrypted message is never noticed. Obscurity alone is not enough - cryptosystems should also be mathematically secure or demonstratably difficult to crack. But together, it could be a good thing.
Dear Decision maker ; We know you are interested in receiving amazing info ! This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 1622 , Title 6 ; Section 301 . This is not a get rich scheme ! Why work for somebody else when you can become rich as few as 85 MONTHS ! Have you ever noticed how long the line-ups are at bank machines and people are much more likely to BUY with a credit card than cash . Well, now is your chance to capitalize on this ! We will help you process your orders within seconds & SELL MORE ! You can begin at absolutely no cost to you ! But don't believe us ! Prof Ames who resides in Alabama tried us and says "I was skeptical but it worked for me" ! We assure you that we operate within all applicable laws . We implore you - act now ! Sign up a friend and your friend will be rich too . Thanks . Dear Friend , Especially for you - this hot intelligence . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our database . This mail is being sent in compliance with Senate bill 2616 , Title 7 ; Section 303 ! THIS IS NOT MULTI-LEVEL MARKETING . Why work for somebody else when you can become rich in 22 days ! Have you ever noticed nobody is getting any younger & the baby boomers are more demanding than their parents . Well, now is your chance to capitalize on this ! WE will help YOU decrease perceived waiting time by 130% and sell more ! The best thing about our system is that it is absolutely risk free for you . But don't believe us . Mrs Ames of Georgia tried us and says "Now I'm rich many more things are possible" ! This offer is 100% legal ! So make yourself rich now by ordering immediately ! Sign up a friend and you'll get a discount of 60% . Best regards !
Now all we need is a filter which can encode into the typical /. troll post. You know, stuff like "Natalie Portman", "hot grits", "Linux", and "ESR".
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
I've been cutting-and-pasting the contents of my "SPAM" mail folder into the "decode" page, but haven't gotten anything intelligible yet, except this:
Don't hurt Jon Katz.
I'm not really sure what that means. Will report back if I find further information.
I think these 'encoded' messages are pretty easy to recognize. From the abundant use of the phrase 'in compliance with senate bill' it shouldn't be too hard to distinguish between real spam and mimicked spam. It seems as if the encoding uses the number after the 'senate bill' part as a sort of key, so decoding a message like this shouldn't be too hard either.
Your mom loves it when I send her stuff like that. You'd better not be trying to move in on my action.
Cunning linguists
The future is looking bright.
Burn Hollywood Burn
Hmm.. If the source code for this thing is readily available, then wouldn't it make sense for the FBI/CIA/Big Brother/Men in Trench coats just to incorporate this program into their e-mail reading software?
It would make their job a lot easier if people were using this instead of PGP. Carnivore could just flag down any e-mail that actually decodes to something. Hell, it would be easier for the FBI to intercept these things than it would be for the intended recipients to actually identify and then read them on their own.
If this venture actually takes off, it will only be self defeating.
Not only do you hide the secret information, but you do it in a way that it doesn't look suspicous. That makes it so much harder for anyone trying to compromise you, doesn't it ?
Oh, I can't help quoting you because everything that you said rings true
Let's say that Echelon is modified to treat all spam that meets certain criteria (sent to just one person, etcetera) as possible coded messages.
If so... how good is the encryption algorithm? I tested a few phrases and a very quick analysis suggests to me that it works by turning certain letter groups into predetermined paragraphs. I am NO criptography expert, and I already see certain patterns that could be used for breaking the algorithm. And how well it behaves the algorithm against a brute force approach?
--
Death to Vermin.
"Trust me - I know what I'm doing."
- Sledge Hammer
The only problem is when you get your email address blacklisted by ORBS for being a spammer... "dude, it's encrypted"
Moderators, this might be funny, or not, or overrated but this is certainly not troll.
This one will give you an interesting URL many trolls
/*cut here*/
Dear Decision maker , We know you are interested in
receiving cutting-edge intelligence . We will comply
with all removal requests . This mail is being sent
in compliance with Senate bill 2616 ; Title 3 , Section
303 ! This is a ligitimate business proposal . Why
work for somebody else when you can become rich inside
36 WEEKS ! Have you ever noticed most everyone has
a cellphone and most everyone has a cellphone ! Well,
now is your chance to capitalize on this ! WE will
help YOU decrease perceived waiting time by 170% and
turn your business into an E-BUSINESS . You can begin
at absolutely no cost to you . But don't believe us
! Mr Ames who resides in Ohio tried us and says "I
was skeptical but it worked for me" ! We are licensed
to operate in all states ! Don't delay - order today
. Sign up a friend and you'll get a discount of 30%
. Best regards ! Dear Salaryman ; You made the right
decision when you signed up for our database . This
is a one time mailing there is no need to request removal
if you won't want any more . This mail is being sent
in compliance with Senate bill 1618 ; Title 2 , Section
301 . This is not multi-level marketing ! Why work
for somebody else when you can become rich in 58 weeks
! Have you ever noticed people will do almost anything
to avoid mailing their bills plus most everyone has
a cellphone ! Well, now is your chance to capitalize
on this ! We will help you SELL MORE and increase customer
response by 170% ! You are guaranteed to succeed because
we take all the risk . But don't believe us . Mr Jones
of Georgia tried us and says "Now I'm rich many more
things are possible" ! This offer is 100% legal ! So
make yourself rich now by ordering immediately ! Sign
up a friend and you'll get a discount of 60% . Best
regards !
/**cut here/
But if you know the address of the sender, or the domain name, or etc., then you would know not to delete it.
Another problem with this current system is that the longer of a message that you try to encrypt, the longer of a spam message the webpage spits out. I'd think NSA would be suspicious of spam thats about 10 pages long.
Well, kind of a joke, anyway. I really don't think this thing will see wide use, for a variety of reasons, not least of which is that it provides no real security, and requires the user to give them the plaintext of every message.
OK,
- B
--
http://www.bradheintz.com/
- updated
WORK AT HOME! FREE RED HOT AMATEUR PUSSY! LOSE 50 LBS IN 10 MINUTES! FREE WEB HOSTING! ACNE CURE! HOT STOCK TIPS! EXTREME FISTING HOUSEWIVES! MAKE MONEY FAST! BISEXUAL COED BITCHES! ACHEIVE (sic) FINANCIAL INDEPENDENCE!
OK,
- B
--
http://www.bradheintz.com/
- updated
Regardless, I think you've hit on the point - it's not so much the hiding of information, but more like a denial of service attack, raising the resource threshold for effective large-scale eavesdropping. If they have to watch everything, including the spam, it gets that much harder.
OK,
- B
--
http://www.bradheintz.com/
- updated
omega_rob -- friend of the bonsai kitten
Guess what? ZDnet featured this on December 11th. You know, the reading 'memepool' would imply that you understand why scooping isn't important. What is important is good discussion of, uh, memes. So maybe the more appropriate question is-- what the hell are you thinking?
As usual, I want to let everyone know that the source code for the mimic functions is available if you just ask. Send me some email. You can get it in C, Pascal or Java flavor. Each of these versions reads the same generic grammar file. So you can create your own grammar for encoding messages. I've written one that uses the voice over to a baseball game. The folks at SpamMimic wrote their own using Spam as an inspiration. I would love to see some more. Incidentally, writing and modifying the grammars is one way to "key" the output. Only someone with the right grammar can decode a message. Another way is to use a number of mechanisms to scramble the grammar for each message. These are all explained in Disappearing Cryptography . Please write with questions and comments. -Peter p3@wayner.org
Now maybe a bill outlawing spam will finally get passed. I mean, if spam is suddenly a threat to national security, its days are undoubtedly numbered. :)
That light you see at the end of the tunnel might be from an oncoming train.
The spies could just as easily closely watch the spammimic site and intercept all incoming messages and outgoing encodes. The ip can be traced to the sender, and the outgoing encodes could be cross-refererenced against intercepted emails to figure out who the sendee. The website isn't even secure. Since people have to go through this website, that's the weak point in the whole scheme.
A believable stand-alone spammimic encrypter, coupled with a PGP-type encryption scheme, would be the most effective. A PGP encrypted message looks like gibberish (making it easily detected), but could then be SMed into fake spam. If a spy intercepted the message and de-SMed it he would be left with unintelligible encrypted gibberish. More importantly, if a spy tried to de-SM a real spam he would also get unintelligible gibberish. Thus he would have to somehow figure out whether a message was an SMed encryption or not, and even if successful he couldn't decode it.
Therefore spammimic needs to make their encodes indistinguishable from real spam email to prevent detection. The decoding algorithm should also produce an output for any input (no error messages), and the output for real spams should be indistinguishable from PGPed messages (both look like gibberish, but only one can be decrypted, and only if you have the proper key). The SMed messages also need to be able to accomodate longer messages, and you should be able to use the encrypter on your own machine for privacy.
Of course, smart spies know most people don't send each other spam, so they could still pick people out that way. There ought to be a "Long-inane-rambling" or "shallow political discussion" mimic ^_^
cryptochrome
---If you can't trust a nerd, who can you trust?
In their feedback they explain that spammimic isn't super secure because your foe might just take your message and paste it to spammimic's decode box.
Well, duh.
The FBI/CIA/NSA/NRO/HUD can just filter spam into a spammimic pipe and use spammimic's own cpu to circumvent spammimic's value.
Imagine how useful it will be when a terabyte a minute is being pumped into the decode box. Then they get free help spying on your messages and a DoS against spammimic.
You could overcome this by changing the selector pads but then you'd have to have sender and receiver sync on the pad in use, which would have to be sent by some other encryption or channel, which brings back the original problem of not having a super-convenient shrouding method.
--Blair
"This is not a crypto for money transaction."
I don't ever send anything that is so important and so secret that my standard method of encryption (being an anonymous nobody amongst a hundred million anonymous nobodys) won't keep my secrets just fine. I think almost all /.ers would fall into my same category.
Now, concerning those people who DO have something secret, and who ARE important enough to be noticed when they send their secrets, do you actually think THOSE people would DARE use something as silly as this?? Hell no! If it's something that vitally important (aka, "we're going to blow up the world trade center at 11:00PM" or "we're going to bomb uzbekestan") their going to have some hard-core very bad-ass'ed crypto-phreak software that they can be sure isn't crackable. Seriously, can you picture, say, the President, the premier of china, Osama bin Laden, Bill Gates or even Linus himself, for that matter, using this?
Hardly
gnu'd source code
This is the technology Osama Bin Laden is using for his encryption. Now to explain the need for him and his associates to visit porn sites, well the answer is obvious... duh have you seen Stacey Sanches lately?
"When I was a Buddhist, it drove my parents and friends crazy, but when I am buddha, nobody is upset at all"
But I think the spam that program generated was more intellegent than regular spam...someone will notice.
When you get a message encoded with Spam Mimic, you'll assume it's spam and delete it. Great idea though.
I tried to send her some email encrypted with this and look what it sent her. -Hi sexy, looking for a good time? I am just one of many available hot males and females seeking fun and enjoyment on the net. The link at the bottom of this email will take you to my own virtual pleasure house.- I don't think she'll ever look at me the same way again.
-I fear the easter bunny.
One could tunnel IP thru spam. Slowly.