1997-01-31 - Log File a security hole?

Header Data

From: “Robert Rothenburg ‘Walking-Owl’” <WlkngOwl@unix.asb.com>
To: Mail45 <mail45bugs@pgp.com>
Message Hash: 8776be6ac823ec3f6bac41b4074e535bf0b7f9fcee6ac026357ed1c259bd4310
Message ID: <199701310741.XAA06887@toad.com>
Reply To: N/A
UTC Datetime: 1997-01-31 07:41:40 UTC
Raw Date: Thu, 30 Jan 1997 23:41:40 -0800 (PST)

Raw message

From: "Robert Rothenburg 'Walking-Owl'" <WlkngOwl@unix.asb.com>
Date: Thu, 30 Jan 1997 23:41:40 -0800 (PST)
To: Mail45 <mail45bugs@pgp.com>
Subject: Log File a security hole?
Message-ID: <199701310741.XAA06887@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


Is there a way to disable the \WINDOWS\PGPW_32.LOG?
In subtle ways it's a security hole if left to accumulate over time,
since it keeps records of which keys you encrypted messages to.

(Imagine somebody using an anonymous remailer but g-d forbid is 
unaware of this log file, and somebody discovers that messages were 
encrypted to such a beast...)

I understand in certain group/corporate environs one would want 
logging; in others, one doesn't need it or should have the option (in 
an easily found place) to wipe it every once in a while.




-----
"The word to kill ain't dirty     | Robert Rothenburg (WlkngOwl@unix.asb.com)
 I used it in the last line       | http://www.asb.com/usr/wlkngowl/
 but use a short word for lovin'  | Se habla PGP:  Reply with the subject
 and dad you wind up doin' time." | 'send pgp-key' for my public key.






Thread