1995-10-11 - Re: PC disk wipe software

Header Data

From: Santiago de la Paz <garnett@wombat.catbelly.com>
To: cypherpunks@toad.com
Message Hash: 056a6c2686fc3f77af073ada834a48ad2a5b4e2f351b7db0a8f6845bea8578e8
Message ID: <199510110606.AAA08734@wombat.catbelly.com>
Reply To: <199510110319.AA32344@junkers.lochard.com.au>
UTC Datetime: 1995-10-11 06:07:06 UTC
Raw Date: Tue, 10 Oct 95 23:07:06 PDT

Raw message

From: Santiago de la Paz <garnett@wombat.catbelly.com>
Date: Tue, 10 Oct 95 23:07:06 PDT
To: cypherpunks@toad.com
Subject: Re: PC disk wipe software
In-Reply-To: <199510110319.AA32344@junkers.lochard.com.au>
Message-ID: <199510110606.AAA08734@wombat.catbelly.com>
MIME-Version: 1.0
Content-Type: text/plain



> People do record their incoming and outgoing email. Smart ones will store it
> offsite (auto farward to their home machine). Others will pgp them online.
> Mostly though the cleartext email files will be happily archived away each
> night to the nice friendly DAT tape down the corridor in the machine room.

I mistakenly interpreted the original posting as "outgoing only."  Incoming
mail must certainly be saved; however, backing up an outgoing mail spool on
a busy machine is senseless.  By "busy", I mean "that machine which serves
as a mail server".

Outboxes change the situation, but they are not universal.  

> Me, I just nuke any sensitive information that may arrive in my work mbox,
> or save/forward it to a safer place. I discourage people from using my work
> address as a regular personal contact point.

This brings up an interesting point, namely: where is your email secure?  If
the FBI or security agency of your choice decides to clamp a legal hold upon
the machines upon which you work, they surely wouldn't be so foolish as to
forget about your home machine over that frame-relay or ppp/slip link.  In
such a situation, telling people to use any mailbox at all is useless unless
they encrypt with a relatively secure encryption package, z.B. pgp.

> Also ensure your admins aren't the nosy types. I started work at one place
> and noticed in the /.sh_history file that the previous admin was regularly
> grepping peoples mail spools for his name. This caused some concern to the
> management when they were informed. Obviously these forays were not part of
> his everyday job and were a personal endeavour.

This is a problem, and almost certainly more of a problem than security
agencies demanding your backup tapes.  There's also no way around it; the
only solution is encryption.

~james





Thread