1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

discuss: don't use free web mail like Gmail, Yahoo...to safe your business!

Discussion in 'BlackHat Lounge' started by e-service, Sep 20, 2013.

  1. e-service

    e-service Regular Member

    Joined:
    Mar 1, 2009
    Messages:
    200
    Likes Received:
    30
    Hi,

    As all of we know the scandal about David Petraeus two years ago (David Petraeus is a retired American military officer and public official, google his name to see the story and scandal). One of important think about his scandal is he used Gmail - a free web mail and a best free email at this time.
    Gmail provided all his "sent emails" from him to FBI...And today, we know that Google (gmail) never deletes emails even you "delete forever" emails in the trash folder. This does pose a threat that once the government serves court order or search warrants, Google complies with 90% of them, and does produce these deleted emails from the offline backup of the backups to the government.
    I think the same for all another free webmail like Gmail.
    So I want to open this topic to discuss about using business email from email hosting. The first I thought about email hosting company outside USA. Why ? because if the hosting company from USA like hostmonster or hostgator.com, FBI or any government from US still can request them to provide data and backup it. But if the email hosting from outside USA (example from Euro, Africa...) and they also don't have office in USA so the government from USA cannot request them to provide the data from server. Also, the important as I know the server from email hosting company keeps the email data in their server within 30 days only. It mean that if you delete emails from trash folder, it will be deleted permanent (forever) after 30 days, no one can backup them because if they want to keep the email data in server forever like gmail so they need to pay so much money to build the server.
    Second, if you use business email, you can change the email hosting everytime you want. you just keep the email only. An example, if you have the email: email@domain.com and use hosting email from a Euro hosting company. After 30 days, you can change the hosting company to another hosting server from Asia but still keep email@domain.com you want to use before. With this way, your email data is more safe.

    But if we use business email, there are some hard things: You don't have the professonal tool like Google provide. Example: share document via the google drive, live chat via Gtalk...etc.
    For the cloud server to share the documents, I can recommed Dropbox, because Dropbox is safe. I don't know if Dropbox still keep "deleted files" like google ? do you know?

    Pleasse discuss more about this topic to keep the business in safe for all of us.

    Thanks you!
     
  2. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Anyone that trusts a 3rd party company with secrets is a retard and deserves whatever happens to them. If you don't know security then don't deal with secrets.
     
    • Thanks Thanks x 2
  3. BusinessMagnet

    BusinessMagnet Power Member

    Joined:
    Jul 4, 2013
    Messages:
    675
    Likes Received:
    321
    Just sharing for your knowledge : The thing which you delete permanently from your HDD (Hard Disk Drive) on your computer doesn't get deleted permanently. It can be recovered anytime, anywhere from your HDD, if you use proper recovery tools. You need to have Advanced Computer Skills to carry it out.

    Onto the topic, for me it looks like it's a Privacy Breach by Gmail.
     
    • Thanks Thanks x 1
  4. travanx

    travanx Regular Member

    Joined:
    Feb 6, 2012
    Messages:
    354
    Likes Received:
    76
    Home Page:
    I can never figure out why clients we work with are using gmail for their business use. It costs like $20/year for hosting and an email address.
     
  5. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Don't deal with secrets please.

    Anything stored on a spindle drive (HDD) can be permanently deleted by using specific programs. They rewrite the same sector one or several times. This prevents recovery by simple or moderate recovery techniques. Heavy rewriting (for example the Guttmann method) can even make it hard/impossible to recover anything using highly advanced, time consuming and costly recover tools (a magnetic force microscope.)
    Difficulty of doing this? 0. Download a program and you can have a new option in your context menu for "secure delete" or similar. Right clicking on the trash bin will also normally have an "Securely delete all contents".

    For data stored on memory drives (SSD) can be permanently deleted but it requires a full drive format using special programs. Due to the way SSDs automatically handle writing on the low level to prevent cell decay it is impossible to do per-file secure deletion unless the SSD supports it.

    For data storage on volatile memory (RAM) is permanently deleted after power off. This is not immediate however so with proper physical tools onhand at power off can make the data stay for several minutes/hours by quickly cooling the chips.


    --

    For recovery, it can be done on HDDs easily with normal programs.
    Recovery on SSD is also difficult as it is to delete because of how the chipset handles it.
    Recovery on volatile memory is difficult and for most purposes only have to worry about it if you got the three letter organizations after you.
     
    • Thanks Thanks x 1
  6. e-service

    e-service Regular Member

    Joined:
    Mar 1, 2009
    Messages:
    200
    Likes Received:
    30
    You are right. It mean that if you use hosting email in 3rd company (example: Euro hosting company) so it is still can be recovery after deleted emails ...so no one can be safe on the world while using email ?
    But as i told , we still can keep the email and we just change the email hosting every time we want.
     
  7. KHer0

    KHer0 Senior Member

    Joined:
    Mar 22, 2011
    Messages:
    876
    Likes Received:
    947
    Occupation:
    Architect
    I guess its not about G-mail. Any company would do the same.

    But as long as you are not sending email about bombing the commercial tower in America, Why would FBI chase you ?
     
  8. ComputerEngineer

    ComputerEngineer Senior Member

    Joined:
    Apr 25, 2012
    Messages:
    833
    Likes Received:
    70
    well all companies giving direct access to the usa goverment

    such as google facebook twitter

    how do you think such an idiot thing as twitter became so mass ?

    i believe these companies are heavily supported for spying reasons
     
  9. e-service

    e-service Regular Member

    Joined:
    Mar 1, 2009
    Messages:
    200
    Likes Received:
    30
    no, if the company outside USA , they don't need to report the data to them if they requie