Question about downloading personal information

Question about downloading personal information
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Question about downloading personal information Trevor 07-27-2007
Posted by Trevor on July 27, 2007, 6:47 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I have a question about security and personal information. I access a
server on a regular basis, I download files that contain personal
information about other people from the server directly onto a memory
stick, this is then transferred to another computer.

The computer I use to download the personal information onto a memory
stick is the computer I do not wish any trace of this personal
information to exist on due to it being a shared computer. Does the act
of downloading this information to the memory disk directly via the
shared computer leave any trace of the personal information in the
temporary memory of the shared computer that someone else could get
access to, in effect leave another copy of what downloaded onto it?

If information is left on the shared computer how can I eliminate it
without affecting the integrity of other information on the computer?

Thanks for any help that can be given.


Posted by Gerard Bok on July 27, 2007, 8:10 am
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:

> I access a
>server on a regular basis, I download files that contain personal
>information

First question: how is this information transfered ?
Is it encrypted ?

>about other people from the server directly onto a memory
>stick, this is then transferred to another computer.

>Does the act
>of downloading this information to the memory disk directly via the
>shared computer leave any trace of the personal information in the
>temporary memory of the shared computer

Normally: yes.
And even worse, this being some kind of 'public computer' you
must keep in mind that the entire computer may be compromised.
By a keylogger, a sniffer, by remote control, you name it.

>If information is left on the shared computer how can I eliminate it
>without affecting the integrity of other information on the computer?

The only secure way would be, to have the information properly
encrypted on the server side.

Download the encrypted information --still encrypted-- unto your
memory-stick and only decrypt it in a 100% secure computer
environment. (Well, sort of, that is :-)

--
Kind regards,
Gerard Bok

Posted by Ari on July 27, 2007, 2:12 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 27 Jul 2007 11:47:02 +0100, Trevor wrote:

> I have a question about security and personal information. I access a
> server on a regular basis, I download files that contain personal
> information about other people from the server directly onto a memory
> stick, this is then transferred to another computer.
>
> The computer I use to download the personal information onto a memory
> stick is the computer I do not wish any trace of this personal
> information to exist on due to it being a shared computer. Does the act
> of downloading this information to the memory disk directly via the
> shared computer leave any trace of the personal information in the
> temporary memory of the shared computer that someone else could get
> access to, in effect leave another copy of what downloaded onto it?
>
> If information is left on the shared computer how can I eliminate it
> without affecting the integrity of other information on the computer?
>
> Thanks for any help that can be given.

Truthfully, if you are asking this, you needn't be attempting this.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/

Posted by Stuart Miller on July 28, 2007, 12:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

>I have a question about security and personal information. I access a
>server on a regular basis, I download files that contain personal
>information about other people from the server directly onto a memory
>stick, this is then transferred to another computer.
>
> The computer I use to download the personal information onto a memory
> stick is the computer I do not wish any trace of this personal information
> to exist on due to it being a shared computer. Does the act of downloading
> this information to the memory disk directly via the shared computer leave
> any trace of the personal information in the temporary memory of the
> shared computer that someone else could get access to, in effect leave
> another copy of what downloaded onto it?
>
Any information taken from a web page goes first into working memory, so may
be written to the swap file. Then it is stored in the cache until it can be
displayed or otherwise dealt with. Some people then save the information on
the desktop (or somewhere similar) before moving it to the final
destination, but we will skip that step in your case.

So, there will be a copy in the swap file, and there will be a copy in the
cache. With the screwy way IE stores temporary internet files, it is very
difficult to tell where that will be. When you delete the cache, the file
still exists in the recycle bin, and the information is still intact on the
hard drive.

The question now is, how much effort is someone willing to go to in order to
locate this information? Finding a 4k file in a 100 gig hard drive will
take considerable time. Chances are it would be easier and faster to steal
it from the web site.


> If information is left on the shared computer how can I eliminate it
> without affecting the integrity of other information on the computer?

There have been many discussions in this group about recovering data. The
consensus is that there is no convenient 100% safe way to delete data and
make it unrecoverable.

The only solution I can find would be to set up a minimal operating system
that boots from a usb drive and never accesses the hard drive. There are a
number of variations of linux which will do this, and a 4 gig usb drive is
way more space than you need.. Then make sure you have all security in place
on the server - encryption, SSL, etc.

This avoids the need for file encryption, (but that is still a good idea)
and also avoids any complications that would arise if the computer you are
using is compromised. Given that it is a shared computer (and likely running
WinXP) you can almost guarantee that it is compromised to some extent. If I
were really interested in what you were downloading, I would put in a key
logger, and a 'service' that duplicates all usb drive writes into a hidden
directory, for me to inspect later.

Stuart




Similar ThreadsPosted
Problem Downloading from Simtel.net January 10, 2007, 10:59 am
personal firewall August 18, 2006, 11:03 am
Personal firewall for large business September 14, 2006, 4:25 am
Personal firewall for Business users September 14, 2006, 4:25 am
US Air Force loses airmen personal data... August 22, 2005, 6:15 pm
Updating Ad-Aware SE Personal i SpyBot S&D from command line? October 7, 2005, 10:26 am
Norton Personal Firewall configuration for image/graphic viewing March 24, 2006, 9:19 am
BBC links: Privacy Concerns over States'/Corporations' Use of Personal Info November 5, 2006, 7:16 am
What information March 26, 2007, 2:07 pm
Information bar missing June 6, 2005, 11:22 pm

The site map in XML format XML site map

Contact Us | Privacy Policy