Re: Question about downloading personal information
- From: "Stuart Miller" <stuart_miller@xxxxxxx>
- Date: Sat, 28 Jul 2007 16:56:00 GMT
"Trevor" <no-mail@xxxxxxx> wrote in message news:f8cif8$lhj$1@xxxxxxxxxxx
I have a question about security and personal information. I access a server on a regular basis, I download files that contain personal information about other people from the server directly onto a memory stick, this is then transferred to another computer.Any information taken from a web page goes first into working memory, so may be written to the swap file. Then it is stored in the cache until it can be displayed or otherwise dealt with. Some people then save the information on the desktop (or somewhere similar) before moving it to the final destination, but we will skip that step in your case.
The computer I use to download the personal information onto a memory stick is the computer I do not wish any trace of this personal information to exist on due to it being a shared computer. Does the act of downloading this information to the memory disk directly via the shared computer leave any trace of the personal information in the temporary memory of the shared computer that someone else could get access to, in effect leave another copy of what downloaded onto it?
So, there will be a copy in the swap file, and there will be a copy in the cache. With the screwy way IE stores temporary internet files, it is very difficult to tell where that will be. When you delete the cache, the file still exists in the recycle bin, and the information is still intact on the hard drive.
The question now is, how much effort is someone willing to go to in order to locate this information? Finding a 4k file in a 100 gig hard drive will take considerable time. Chances are it would be easier and faster to steal it from the web site.
If information is left on the shared computer how can I eliminate it without affecting the integrity of other information on the computer?
There have been many discussions in this group about recovering data. The consensus is that there is no convenient 100% safe way to delete data and make it unrecoverable.
The only solution I can find would be to set up a minimal operating system that boots from a usb drive and never accesses the hard drive. There are a number of variations of linux which will do this, and a 4 gig usb drive is way more space than you need.. Then make sure you have all security in place on the server - encryption, SSL, etc.
This avoids the need for file encryption, (but that is still a good idea) and also avoids any complications that would arise if the computer you are using is compromised. Given that it is a shared computer (and likely running WinXP) you can almost guarantee that it is compromised to some extent. If I were really interested in what you were downloading, I would put in a key logger, and a 'service' that duplicates all usb drive writes into a hidden directory, for me to inspect later.
Stuart
.
- References:
- Question about downloading personal information
- From: Trevor
- Question about downloading personal information
- Prev by Date: Re: Question about downloading personal information
- Next by Date: 4.704493E-02 Now Look Here To See ... 6.581652E-02
- Previous by thread: Re: Question about downloading personal information
- Next by thread: 4.704493E-02 Now Look Here To See ... 6.581652E-02
- Index(es):
Relevant Pages
|
