Our encrypted email provider Hushmail, has suffered from a domain name security compromise.
We are not yet convinced that there have been no Man-In-The-Middle attacks on our encrypted logins and encrypted data.
Hushmail security notice:
"Sunday April 24, 3:30 PM PST
On April 23rd, an unauthorized party gained access to our customer account at our domain registrar.
A domain registrar is a company that is responsible for controlling which website actually gets displayed when you enter an address (such as www.hushmail.com) in your web browser. Therefore, by breaching security at our domain registrar, the unauthorized party was able to control which website would be displayed when users entered the address www.hushmail.com.
The unauthorized party altered the domain settings so that users entering www.hushmail.com in their web browser were no longer directed to our real website. Instead, users were redirected to a different website at a different location. Soon that website was shut down, and users simply received an error page.
We are following up with our domain registrar to determine how the unauthorized party was able to gain access to their system.
There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com may not have been delivered.
Please accept our sincerest apologies for the inconvenience this has caused. We take this incident very seriously, and will continue to update this page as more information becomes available.
Note on Non-secure and Secure Web Pages
Non-secure web pages are accessed by addresses that start with "http://". The content is not encrypted, and the page source is not verified. The lock icon in your status bar will not be displayed.
Secure web pages are accessed by addresses that start with "https://". The content is encrypted, and the page source is verified. The lock icon in your status bar will show a closed lock.
If a domain registrar directs you to the wrong website for a secure web page, the verification will fail, and your browser will display errors.
Although the front page and text content of www.hushmail.com can be accessed by either a secure or non-secure web page, sensitive pages such as the pages where you enter your passphrase, access your email, or supply credit card information are always served as secure web pages.
To guard against the danger of domain redirection, always be sure that when you enter your passphrase you are on a secure web page with the lock on your browser closed, and that the address in your address bar says "hushmail.com". If your browser displays any error messages about the "certificate" that verifies the website, do not continue.
To ensure maximum safety, use secure web pages whenever possible. If you are just browsing the Hushmail website, you can access the secure page at https://www.hushmail.com instead of the page at http://www.hushmail.com.
Sunday April 24, 12:00 AM PST
In recent hours we have been made aware that security was compromised at the domain registrar responsible for the hushmail.com domain. For a brief period, this domain was forwarded to a server belonging to an unidentified party, which resulted in our web page being unavailable or appearing defaced.
There was no unauthorized access to any of the Hush servers. Data managed by Hush was not compromised. During this period, email sent to hushmail.com will not have been delivered.
Please accept our sincerest apologies for the inconvenience this has caused. We take this incident very seriously, and will continue to update this page as more information becomes available"
"It was first noticed very early this morning, when the domain www.hushmail.com began to redirect users to a page containing the following message: "The Secret Service is watching. -Agent Leth and Clown Jeet 3k Inc". The DNS were changed to DNS1.EVONEXUS.NET DNS2.EVONEXUS.NET while hushmail are using their own servers (NS*.HUSHMAIL.COM) and the information on the whois was hijacked:
Administrative Contact, Technical Contact:
Smith, Brian firstname.lastname@example.org
Maybe the attacker got somehow this contact's password, whose email address was admn@HUSHMAIL.COM (according to the data on the whois of hush.com) and modified the data of the domain on the Network Solutions web site, their registry.
On sunday 4am GMT the page was removed, probably by burst.net, which was hosting it, the emails sent to the hushmail.com users were bounced back to the sender at the time of writing."