RE: Eudora Message Deletion Weakness

From: Bojan Zdrnja (Bojan.Zdrnja@FER.hr)
Date: 01/26/03

  • Next message: Roy Hills: "New security tool: ike-scan (IPsec IKE scanner) released" 
    From: "Bojan Zdrnja" <Bojan.Zdrnja@FER.hr>
To: "'Blud Clot'" <bludclot@hellokitty.com>, <bugtraq@securityfocus.com>
Date: Sun, 26 Jan 2003 15:35:32 +0100

    > -----Original Message-----
    > From: Blud Clot [mailto:bludclot@hellokitty.com]
    > Sent: 24. siječanj 2003 22:15
    > To: bugtraq@securityfocus.com
    > Subject: Eudora Message Deletion Weakness
    >
    >
    > Description: Messages thought to be deleted are still stored
    > on the user's harddrive.
    >
    > Versions Affected: This was tested on the latest version,
    > version 5.2.0.9. It is likely that many or all previous
    > versions are also affected.
    >
    > Details: When a message is deleted from the trash folder in
    > Eudora a user would expect that message to be gone. Instead
    > the message is simply flagged to not be shown in Eudora and
    > the message can still be read in plain text by viewing
    > Trash.mbx. The message is only really deleted when the user
    > chooses to compact mailboxes.

    This issue was discussed some time ago on the Forensics mailing list. Check
    thread about Outlook PST files:
    http://online.securityfocus.com/archive/104/299753/2002-11-14/2002-11-20/0

    Basically, this is a "feature". Outlook and Outlook Express have same
    problems - if you delete any message it remains in your PST file until you
    compact it.
    PST files work pretty similar as a database, so when you decide to delete
    the message, Outlook just flags it for deletion (and it won't show it on the
    screen anymore, but you can find it in PST).

    Solution is (as always) to know what you're doing - if you care about that
    (privacy etc.) you should compact every time when you decide to exit
    program.

    Also, for Outlook 2000, there is registry setting which causes it to
    completely remove deleted date when it's shut down.

    Best regards,

    Bojan Zdrnja

    Relevant Pages

    • Re: Pst-files in Outlook 2003?
      ... > recommends doing so for big PST files to help with log ins. ... Teach Yourself Outlook 2003 in 24 Hours ... > It is only the IMAP PST that can't be moved. ... > is lost) then why not the IMAP folders. ...
      (microsoft.public.outlook.installation)
    • Re: Overwrite laptop
      ... I guess I'll continue to copy and move .pst files. ... laptop and open both pst files within Outlook at the same time. ... then select and move the data that you want into the pst file of the laptop. ... If the partnership is formed, ...
      (microsoft.public.pocketpc.activesync)
    • Re: Outlook 2003 "Operation Failed"
      ... Outlook and going to Outlook Data Files. ... Files so I could view all files in the Outlook folder, ... "Dian D. Chapman, MVP" wrote: ... .pst files or look at the video drivers. ...
      (microsoft.public.office.misc)
    • Re: Outlook 2003 "Operation Failed"
      ... ..pst files are hidden files - you need to enable searching hidden files/folders in Windows search to find them. ... Milly Staples [MVP - Outlook] ... OP already tried the new mail profile. ...
      (microsoft.public.office.misc)
    • Re: Winmail.dat
      ... I never said it could read a winmail.dat file, only that Eudora CAN read ... Milly Staples [MVP - Outlook] ...
      (microsoft.public.office.misc)
    Loading