Bitcoin Forum
June 26, 2019, 11:29:18 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 5 6 7 8 9 10 11 »  All
  Print  
Author Topic: RuggedInbox.com - Free offshore email  (Read 44866 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
June 21, 2014, 02:33:45 PM
Last edit: August 08, 2014, 11:50:20 PM by ruggedinbox.com
 #1

Hello everyone, fresh new service: https://ruggedinbox.com
Still in BETA, currently completely free and ad-free, Tor friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.

If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444

Also available as a Tor hidden service: s4bysmmsnraf7eut.onion

Feedback is welcome!
1561548558
Hero Member
*
Offline Offline

Posts: 1561548558

View Profile Personal Message (Offline)

Ignore
1561548558
Reply with quote  #2

1561548558
Report to moderator
1561548558
Hero Member
*
Offline Offline

Posts: 1561548558

View Profile Personal Message (Offline)

Ignore
1561548558
Reply with quote  #2

1561548558
Report to moderator
1561548558
Hero Member
*
Offline Offline

Posts: 1561548558

View Profile Personal Message (Offline)

Ignore
1561548558
Reply with quote  #2

1561548558
Report to moderator
"In a nutshell, the network works like a distributed timestamp server, stamping the first transaction to spend a coin. It takes advantage of the nature of information being easy to spread but hard to stifle." -- Satoshi
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1561548558
Hero Member
*
Offline Offline

Posts: 1561548558

View Profile Personal Message (Offline)

Ignore
1561548558
Reply with quote  #2

1561548558
Report to moderator
SloRunner
Member
**
Offline Offline

Activity: 88
Merit: 10


View Profile WWW
June 21, 2014, 08:51:30 PM
 #2

this would be nice Smiley

Ufonautas
Newbie
*
Offline Offline

Activity: 36
Merit: 0


View Profile
June 22, 2014, 07:35:43 AM
 #3

Pretty nice, since Tor is full of feds  Smiley
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
June 22, 2014, 10:45:35 AM
Last edit: August 08, 2014, 11:51:02 PM by ruggedinbox.com
 #4

Pretty nice, since Tor is full of feds  Smiley

Hi Ufonautas, we live in a post-Snowden era
which proved that we, tin foil hat ppl
were not crazy but very much on the right track.

More than that, the reality got past the imagination: the NSA has built unbelievable systems .. "PRISM", "Turbine", "XKeyscore", "Turmoil", ... (1)
it is like an evil twin of google+facebook on steroids Grin

Anyway, Snowden leaked that the NSA is trying hard to break Tor (2) (cit. There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale," the report said. "But for almost seven years, it has been trying.)
but to date, they are only able to trace a given target (cit. We will never be able to de-anonymize all Tor users all the time.)
and it is an expensive and time consuming 'feature'.

Snowden himself were using Tor (the 'Tails' linux distro) and Lavabit for emails
and the NSA wasn't able to violate them (3 and 4).

Back to the feds, take the Silkroad example: there were no real hacking / big brother involved in finding the Dread Pirate Roberts (5) (cit. it didn't take technical back doors to find him; it just took a lot of solid detective work, some subpoenas, and a search engine.)

You may also notice that the number of Tor relays and exit-nodes didn't unexpectedly increase over the last 18 months:
https://metrics.torproject.org/network.html?graph=networksize&start=2013-01-01&end=2014-06-22#networksize

In short, it all depends on how dangerous you are and how big you want your enemies to be.

1. http://arstechnica.com/information-technology/2013/08/building-a-panopticon-the-evolution-of-the-nsas-xkeyscore/
2. http://arstechnica.com/security/2013/10/nsa-repeatedly-tries-to-unpeel-tor-anonymity-and-spy-on-users-memos-show/
3. http://www.engadget.com/2014/05/01/tails-linux-os-version1-0/
4. http://gizmodo.com/try-the-super-secure-usb-drive-os-that-edward-snowden-i-1563320487
5. http://arstechnica.com/tech-policy/2013/10/how-the-feds-took-down-the-dread-pirate-roberts/

and some other links to cheer up this nice sunday Smiley
http://arstechnica.com/information-technology/2014/03/nsas-automated-hacking-engine-offers-hands-free-pwning-of-the-world/
http://arstechnica.com/tech-policy/2013/08/nsas-internet-taps-can-find-systems-to-hack-track-vpns-and-word-docs/
http://arstechnica.com/security/2014/03/nsa-hacker-in-residence-dishes-on-how-to-hunt-system-admins/
http://arstechnica.com/tech-policy/2013/06/use-of-tor-and-e-mail-crypto-could-increase-chances-that-nsa-keeps-your-data/
http://arstechnica.com/security/2013/09/majority-of-tor-crypto-keys-could-be-broken-by-nsa-researcher-says/
and in general: www.arstechnica.com/series/nsa-leaks/
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
June 27, 2014, 11:09:57 PM
 #5

Hi all again and thanks for your interest!

We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.

(Sending with the webmail always had this feature)

Let us know if you have any questions or need support!

https://ruggedinbox.com
SloRunner
Member
**
Offline Offline

Activity: 88
Merit: 10


View Profile WWW
June 30, 2014, 01:52:24 PM
 #6

Hi all again and thanks for your interest!

We just introduced a brand new feature:
when sending an email using an smtp client, the following headers are now anonymized: 'Received', 'X-Originating-IP', 'User-Agent', 'X-Mailer', 'X-Enigmail' and 'Mime-Version'.
In short, your IP address will not be revealed.

(Sending with the webmail always had this feature)

Let us know if you have any questions or need support!

https://ruggedinbox.com

registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
June 30, 2014, 10:59:37 PM
 #7

registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

Hi SloRunner thanks for your interest and feedback.

That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?
SloRunner
Member
**
Offline Offline

Activity: 88
Merit: 10


View Profile WWW
July 01, 2014, 05:28:43 PM
 #8

registered 2 acc's today (1st registered & failed to login later, same with the second one)

can you help?

Hi SloRunner thanks for your interest and feedback.

That's strange, I've tried now to create an account and I can login properly.
Did you try using the webmail ( https://ruggedinbox.com/rc ) or an email client ?

still login failed, with mail i made yesterday...

ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
July 01, 2014, 05:50:09 PM
 #9

still login failed, with mail i made yesterday...

Hi SloRunner please provide your ruggedinbox email address in PM
and I'll reset your password.
(You should then be able to login and change your password again).

Thank you.
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
July 07, 2014, 12:17:26 AM
 #10

Ok so, problem solved and platform updated.
"Closing the ticket" Smiley
Thanks to all for your interest and happy emailing!
chromedome
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
July 29, 2014, 08:25:35 PM
 #11

I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,

Your new email address is: xxxxxxxx@ruggedinbox.com
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc

However, when I attempt to login via Claws Mail it errors out and the log shows:

[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.

When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.

I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.

Help.
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
July 30, 2014, 12:21:31 AM
 #12

I'm having a frustrating problem. Today I've created three accounts. Two via Tor Bundle, and one straight through my ISP. I received a confirmation on all three,

Your new email address is: xxxxxxxx@ruggedinbox.com
Host: ruggedinbox.com
IMAP (TLS) port: 993
POP (TLS) port: 995
SMTP (TLS) port: 465
Webmail url: https://ruggedinbox.com/rsm
Webmail with self-signed ssl url: https://ruggedinbox.com:444/rc

However, when I attempt to login via Claws Mail it errors out and the log shows:

[15:15:42] POP3< +OK Welcome to ruggedinbox.com
[15:15:42] POP3> USER xxxxxxxx
[15:15:42] POP3< +OK
[15:15:42] POP3> PASS ********
[15:15:45] POP3< -ERR Authentication failed.
*** error occurred on authentication
*** Authentication failed.

When I attempt via webmail using SquirrelMail of Roundcube I receive: Unknown user or password incorrect.

I'm using a 25 character 164 bit password, this is the only thing I can think of that may cause an issue on all three.

Help.

Hi thanks for reporting. Sent PM
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
July 30, 2014, 04:11:48 PM
 #13

Ok so the current maximum allowed password length is 22 characters. Sent PM
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
July 30, 2014, 05:09:55 PM
 #14

NEW FEATURES ANNOUNCEMENT:

hi all!

Recentily we got precious feedback from a number of (rightly) paranoid fellows, follows the improvements:

* availability as a Tor hidden service (over http, https with valid certificate and https with a self-signed certificate)
* installed an alternative webmail (SquirrelMail) for browsers with javascript disabled

The Tor hidden service address is: s4bysmmsnraf7eut.onion

For a more detailed description please have a look at the features page: https://ruggedinbox.com/features.php
( or as an hidden service: http://s4bysmmsnraf7eut.onion/features.php )


Thanks for your interest and let us know if you have any problem!
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
August 03, 2014, 10:06:45 PM
 #15

NEW FEATURES ANNOUNCEMENT:

you can now create disposable / temporary accounts.

If you click on top on 'Register', you will be asked if you want to create a normal or a disposable / temporary inbox.

By clicking on the latter ( direct url: https://ruggedinbox.com/createTempAccount.php OR http://s4bysmmsnraf7eut.onion/createTempAccount.php ) you will go to a specific registration page, where a random username is suggested
and where you can choose an expiration date between 1 hour and 1 year.

When the expired date is reached, the account will be removed from the database and all its files and folders are deleted.


ALSO .. we changed the log rotation policy.
Before it was the Debian default: 1 month.
1 month is too much, we don't need it and privacy-wise, the less the better.
The new policy is 1 week: system logs and web access logs are kept for 1 week.
(this can still be improved, in the near future it will be 48 hours)

Thanks to all for your interest and feedback!
cryptofutureis
Member
**
Offline Offline

Activity: 87
Merit: 10


View Profile
August 08, 2014, 05:43:15 AM
 #16

Hello everyone, fresh new service: https://ruggedinbox.com
Still in BETA, currently completely free and ad-free, TOR friendly, offshore (Europe, Bulgaria), no personal details needed, no question asked, session expiration friendly (10 hours), limited number of accounts available.

If you prefer a self-signed ssl certificate, here you are: https://ruggedinbox.com:444

Also available as a TOR hidden service: s4bysmmsnraf7eut.onion

Feedback is welcome!
Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. 
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

ForgingBlock focuses on providing integrated solutions and builds infrastructures for developing a community to facilitate the merchants adopting cryptocurrency payment. You can find their more information at the official website at ForgingBlock
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
August 08, 2014, 01:38:06 PM
 #17

Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel. 
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi thanks for the suggestions, we'll do the homework, fix and report back Smiley Give us a couple of days.
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
August 08, 2014, 11:22:48 PM
 #18

Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.  
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi cryptofutureis, thanks for your detailed suggestions about ssl!

By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A

with this parameters: https://cipherli.st
the overall rating is A+

https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

easy and very useful!

(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)


About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)


About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.


Thanks for your feedback and happy emailing! Smiley
ruggedinbox.com
Member
**
Offline Offline

Activity: 82
Merit: 10


View Profile
August 13, 2014, 12:53:19 AM
 #19

Hi we are happy to announce that recently we did the following security and privacy oriented improvements:

* enabled perfect secrecy on all ssl services, current score on ssllabs.com is A+ ( https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com )

* enabled Tor peering with SIGAINT ( http://sigaintevyh2rzvw.onion ), now you can send and receive emails with SIGAINT using the hidden service address, the emails will never touch the clearnet

* roundcube now shows the emails in text-mode (before it was rendering the html version)

* roundcube now defaults to use the text-mode editor (instead of the html editor)

* ability to delete an email account (removing / destroying all the emails), you can find the link on the home page or use the direct link: http://s4bysmmsnraf7eut.onion/destroyAccount.php

Peering with other tor-friendly email providers will come soon, we'll keep you updated.


Thanks for the feedback!
cryptofutureis
Member
**
Offline Offline

Activity: 87
Merit: 10


View Profile
August 13, 2014, 06:32:55 AM
 #20

Hi, https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com report is not good enough, your should specify more strict cipher policy, to have full Forward Secrecy. Roundcude is insecure (many private exploits available), but I like it better then squirrel.  
And finally after registration, I can't login. (maybe you not support some special symbols in passwords, used 21 long). With normal Forward Secrecy  self-signed certificates is just piece of useless crap. Don't forget not only select long dh param/key, but to change default curve for at least longer one(don't know is it possible or not with lighttpd).

Hi cryptofutureis, thanks for your detailed suggestions about ssl!

By following this howto (forward secrecy on lighttpd): https://raymii.org/s/tutorials/Strong_SSL_Security_On_lighttpd.html
score raises to A

with this parameters: https://cipherli.st
the overall rating is A+

https://www.ssllabs.com/ssltest/analyze.html?d=ruggedinbox.com

easy and very useful!

(also, today those debian packages: libssl-dev libssl-doc libssl1.0.0 libssl1.0.0:i386 openssl were updated)


About the password, we made some (manual) tests and the invalid characters are " (quote) and \ (back-slash aka 'reverse solidus')
so you can have passwords like `~!@#$%^&*()-=_+}{[];'
and ,./<>?
we didn't test symbols, anyway the only character that we really strip is " (quote)


About Roundcube, now that you say that (0-day exploits available around), you gave us the additional motivation to configure spawn-fcgi to isolate the virtual hosts (so hacking roundcube would not result in having access to the whole document root of the web server) .. we'll do that as the next thing.


Thanks for your feedback and happy emailing! Smiley
Thanks, all is correct now. Tested same password without " (quote) and it works. But anyway try to choose one main and supported web interface. Also look in curve option to select better one curve:

Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols will be supported in lighttpd 1.4.29. By default, Diffie-Hellman and Elliptic-Curve Diffie-Hellman key agreement protocols use, respectively, the 1024-bit MODP Group with 160-bit prime order subgroup from RFC 5114 and "prime256v1" (also known as "secp256r1") elliptic curve from RFC 4492. The Elliptic-Curve Diffie-Hellman key agreement protocol is supported in OpenSSL from 0.9.8f version onwards. For maximum interoperability, OpenSSL only supports the "named curves" from RFC 4492.

Using the ssl.dh-file and ssl.ec-curve configuration variables, you can define your own set of Diffie-Hellman domain parameters. For example:

ssl.dh-file = "/etc/lighttpd/ssl/dh2048.pem"
ssl.ec-curve = "secp384r1"

Default is secp256r1 but we always can select curve with bigger prime.
Mozilla has a nice doc available: https://wiki.mozilla.org/Security/Server_Side_TLS

ForgingBlock focuses on providing integrated solutions and builds infrastructures for developing a community to facilitate the merchants adopting cryptocurrency payment. You can find their more information at the official website at ForgingBlock
Pages: [1] 2 3 4 5 6 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!