Viewing/opening file sent by secure method

Viewing/opening file sent by secure method
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Viewing/opening file sent by secure method Zak 02-27-2007
Posted by Zak on February 27, 2007, 2:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Assume users are on On XP:

Suppose a document file (either a PDF file or TXT file) is sent by email
from one company to another using a secure method to encrypt the file
such as using WinZip with AES.

The ZIP file is received on a PC which is in a shared area and the PC
could be accessed overnight by other people.


QUESTION: How can the recipient open or view the file WITHOUT having to
later delete swap files, temp files, empty recycle bin, erase disk
areas, etc. The recipients in my case are non-tecnical and this
housekeeping will seem like a lot of new hoopla.

QUESTION: Is there an app which will decrypt a WinZip file but not
leave a trail of information?

QUESTION: Perhaps using a floppy or a CD to hold a Winzip-compatible
tool such as 7-Zip would work ??? Any suggestions?

QUESTIONS: Finally what about viewing the TXT or the PDF file that was
in the ZIP? Text and PDF viewers on the hard drive will probably create
temporary files also on the hard drive. Is there a floppy based PDF
viewer? Or a read-only PDF viewer which sits on a CD?


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
For ref: Notes on encryption safety (Winzip 10 help text).


EXTRACTING A FILE

If you extract an encrypted file and then delete the file, it may be
possible for someone to later "undelete" the file using file recovery
software or the Recycle Bin.

------

OPENING OR VIEWING A FILE

When you open or view a file from an archive (e.g., by double clicking
it), WinZip must extract the file to a TEMPORARY LOCATION so that the
associated program can open it. If you subsequently CLOSE WINZIP
without first closing the program that is using the file, WinZip may not
be able to delete the temporary copy of the file. Thereby leaving it on
disk in unencrypted form.

Furthermore, the ASSOCIATED PROGRAM may also make one or more BACKUP
COPIES of the decrypted file, and WinZip will not be able to delete
these.

In addition, as described above, it may be possible for someone to later
RECOVER DELETED FILES using file recovery software or the Recycle Bin.

--------

MEMORY AND PAGE SWAP FILES

After adding or extracting encrypted files, some or all of the
unencrypted file contents may remain in your computer's MEMORY or the
PAGE SWAP FILES on disk. A malicious user may be able to retrieve this
unencrypted information.
WinZip does not encrypt Zip file comments or, as described above,
information about encrypted files such as their names, dates, etc. Any
user with access to the Zip file can view this information without a
password.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


x-posted to relevant groups

Posted by Abut on February 28, 2007, 4:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Suppose a document file (either a PDF file or TXT file) is sent by email
> from one company to another using a secure method to encrypt the file
> such as using WinZip with AES.
>
> The ZIP file is received on a PC which is in a shared area and the PC
> could be accessed overnight by other people.
>
> QUESTION: How can the recipient open or view the file WITHOUT having to
> later delete swap files, temp files, empty recycle bin, erase disk
> areas, etc. The recipients in my case are non-tecnical and this
> housekeeping will seem like a lot of new hoopla.
>
> QUESTION: Is there an app which will decrypt a WinZip file but not
> leave a trail of information?
<snip>

I suggest you use PGP or GnuPG instead. These applications have been
designed to eliminate, as far as possible, the vulnerabilities you
mention.

MT


Similar ThreadsPosted
Secure file transfer December 16, 2007, 3:34 pm
Safe zip/unzip and file split on secure Windows machine? January 10, 2005, 2:04 pm
Validy Technology: A program protection method that really works. August 3, 2005, 6:09 am
Patent buster for a method that increases password security December 4, 2006, 11:46 am
'Hijack This' log file May 7, 2004, 12:12 pm
Does MD5 include the file name? September 12, 2006, 5:54 pm
Obscure file - siae3123.exe May 22, 2004, 1:27 pm
snort file logging name December 18, 2004, 5:31 am
the favourities file of Firefox December 21, 2004, 4:39 pm
tcpdump file recovery August 30, 2005, 9:11 am

The site map in XML format XML site map

Contact Us | Privacy Policy