[CLUE-Talk] An interesting implication for security for users of Mozilla
bof
bof at pcisys.net
Mon Jul 22 14:04:42 MDT 2002
This may have some interesting implications for security under Mozilla,
if what I have found is correct.
I've been migrating to a new system, and thought that I would move my
Mozilla account by copying the mail folders from the old to the new
computer. Before doing that, to save space, I went through the Inbox and
Send folders, carefully culling out what I did not want to keep, and
then emptying the trash.
According to the current Mozilla window, I have two messages in my Inbox
and perhaps a dozen or so in the Send folder.
But when I went to the Mail folder under ./mozilla in my home directory,
to copy the files to the new system, I found that my Inbox is 39 MB in
size and my Send folder is almost 2 MB. Looking at their contents, it
would appear that the Inbox contains every message I have received, and
the Send folder every message I have sent, since I installed Mozilla in
May. The trash folder is empty.
So it would appear that even though I moved the messages from the
folders in the Mozilla window to the trash and then emptied it, the
Inbox and Send files do not purge themselves of deleted messages: they
remain on the disk.
The implications are obvious: messages that I thought were removed are
still available to anyone who wants to read the appropriate files.
This may be old hat to many CLUE readers, but it was a bit of a surprise
to me.
So I thought I would share it for whatever it is worth.
BOF
More information about the clue-talk
mailing list