matchoo Posted August 31, 2007 Share Posted August 31, 2007 Hey there, http://lockbin.com Whenever I have sensitive information I need to send to someone via email, I Google 'encrypt mail message' looking for solutions, but everything would be too complex for my potential recipients. So I built something to take care of the problem. Now, I can send people credit card numbers, or login credentials to my server, or whatever, and I don't have to worry about it being sniffed by some jerk in an Internet Cafe. It seems to work well for me, and for other folks, but one user in particular keeps telling me that her messages come back empty. Can't reproduce. Anyhow... Go ahead and test it. One nice thing about it is that you can read the JavaScript in your browser and see that nothing is ever sent to the server without being encrypted by your own "Secret Word" - thus, I can't read your messages even if I wanted to. Plus, the messages get deleted as soon as they are picked up. It is also using HTTPS. Nothing is fool proof, but this seems to be a good layman's alternative to S/MIME. -Matchoo Link to comment Share on other sites More sharing options...
micah1701 Posted August 31, 2007 Share Posted August 31, 2007 what other info do you have from the user who's getting blank messages? what is she using as her "salt" password? is this just a sneaky plug for your product? Link to comment Share on other sites More sharing options...
agentsteal Posted September 1, 2007 Share Posted September 1, 2007 Cross Site Scripting: https://lockbin.com/test.php?m=<marquee><h1>vulnerable</marquee> Full Path Disclosure: https://lockbin.com/test.php?m[] Warning: urldecode() expects parameter 1 to be string, array given in /home/.labyrynthwasherkiln/lockbin/lockbin.com/test.php on line 35 Link to comment Share on other sites More sharing options...
matchoo Posted September 1, 2007 Author Share Posted September 1, 2007 Micah... Well, it's a plug, but it's also sincere. I want you to break it. I'll ask her what she used as a salt. I figured it was nothing too complicated as she's not very computer savvy. Agentsteal... Hey, nice find! Gonna keep reporting errors, though, until I get them all. Nobody's using this stuff for now. Soon I'll shut off error reporting, and kill that silly test page. Do you have a program that runs through commonly used pages or somethin? Or are you clairvoyant? Link to comment Share on other sites More sharing options...
DeeCee Posted September 1, 2007 Share Posted September 1, 2007 matchoo i like the design and the ajax type thing on sign up. The only thing i would suggest is that you make <div class="HL"> a little bigger somthing like 650px. And then i would have the margins setup to auto so main wrapper would move to the center of my browser. EDIT: I searched for a example for you: http://bluerobot.com/web/css/center1.html Link to comment Share on other sites More sharing options...
matchoo Posted September 2, 2007 Author Share Posted September 2, 2007 Ok, I changed the layout. I gotta say I miss the rounded corners though. Nifty corners coming soon. Link to comment Share on other sites More sharing options...
LiamProductions Posted September 2, 2007 Share Posted September 2, 2007 I found a typo on the index page: view rhis code Link to comment Share on other sites More sharing options...
tommyboy123x Posted September 2, 2007 Share Posted September 2, 2007 typo: The nice thing about the Web is that you can browser code by viewing the HTML source. or i just dont understand it. Also as a recommendation - allow the user to change the security code. I got one that i can't figure out what it is... Even if other people can figure it out, the person using it could not, and finds it a burdon... if that makes any sense. Sending long messages don't store in the database correctly. You might want to alert the user if the ENCRYPTED version of the message is too long or change the type of storage on the messages. Link to comment Share on other sites More sharing options...
matchoo Posted September 4, 2007 Author Share Posted September 4, 2007 Cool, thanks. I'll put a refresh on the Captcha, and test the database storage on long messages. Link to comment Share on other sites More sharing options...
roopurt18 Posted September 4, 2007 Share Posted September 4, 2007 Nice layout and the site worked well. Beyond adding a refresh to the CAPTCHA, I think you should make it more legible, perhaps with a different font. I have excellent vision and even I had a hard time making them out. I didn't really try and break the site as that's not really my specialty, but an idea occurred to me that you may want to consider. I can see this site becoming very popular as a means to transmit illegal data. I have a feeling you'll be forced by legal requirements to be able to decrypt the information on your end, which sort of defeats the purpose, but not entirely. Link to comment Share on other sites More sharing options...
matchoo Posted September 5, 2007 Author Share Posted September 5, 2007 Ok, I added the refresh captcha. I'll change the font later tonight. As for sending illegal info. Perhaps, but if the government wants me to decrypt, they would have to issue warrants and such, and I could likely take down the site altogether. But I am hopeful that criminals are not the ones interested in this stuff. They would be better off talking on Cell phones as usual. Link to comment Share on other sites More sharing options...
source Posted September 5, 2007 Share Posted September 5, 2007 criminals on the internet are using complex encryption methods.. Link to comment Share on other sites More sharing options...
matchoo Posted September 5, 2007 Author Share Posted September 5, 2007 ok, I think it will take super long messages now. Link to comment Share on other sites More sharing options...
Recommended Posts