Log File a security hole?
Robert Rothenburg 'Walking-Owl'
WlkngOwl at unix.asb.com
Thu Jan 30 23:41:40 PST 1997
Is there a way to disable the \WINDOWS\PGPW_32.LOG?
In subtle ways it's a security hole if left to accumulate over time,
since it keeps records of which keys you encrypted messages to.
(Imagine somebody using an anonymous remailer but g-d forbid is
unaware of this log file, and somebody discovers that messages were
encrypted to such a beast...)
I understand in certain group/corporate environs one would want
logging; in others, one doesn't need it or should have the option (in
an easily found place) to wipe it every once in a while.
-----
"The word to kill ain't dirty | Robert Rothenburg (WlkngOwl at unix.asb.com)
I used it in the last line | http://www.asb.com/usr/wlkngowl/
but use a short word for lovin' | Se habla PGP: Reply with the subject
and dad you wind up doin' time." | 'send pgp-key' for my public key.
More information about the cypherpunks-legacy
mailing list