For those who missed it: Hushmail is pwnd

[Dave Howe]

J.A. Terranson wrote:
> I am shocked that Hush appears to have been in a position to have provided 
> the requesting authority with actual *content* of a Hush user account: my 
> prior belief was that this was non-possible.  The pwnage of this alone is 
> staggering in scope if correct.  Anyone from Hush care to entertain us 
> with an explanation of why this interpretation is incorrect?

I suspect given the circumstances (i.e. using hushmail as an smtp 
endpoint for web orders) a large proportion of the mail will be normal 
unencrypted SMTP rather than hush2hush traffic or conventionally openpgp 
encrypted from outside the system (I have extracted keys for 
conventional crypto on occasion from the hushmail web interface, but 
doing so on a regular basis is like pulling teeth)