This is pretty funny, actually. Lavabit is a secure email provider: the only people with your crypto keys is you with your public and private keys and the recipient with their public and private keys. The way that this encryption works is that everyone gives their public key to anyone who wants it, but keeps their private key a closely-guarded ( Read more... )

From Bruce Schneier's blog:

Lavabit E-Mail Service Shut Down ( Read more... )

It's a pretty simple attack that doesn't involve impersonating a web site, just an email server. For example, IBM Sweden's email addresses are se.ibm.com. Register the domain name seibm.com, put an email server there that stores all emails sent to seibm.com, forward them to se.ibm.com, and chances are that the participants in the conversation ( Read more... )