[CLUE-Talk] An interesting implication for security for users of Mozilla

Timothy C. Klein teece at silverklein.net
Mon Jul 22 19:07:16 MDT 2002 

* bof (bof at pcisys.net) wrote:
> This may have some interesting implications for security under Mozilla, 
> if what I have found is correct.
> 
> I've been migrating to a new system, and thought that I would move my 
> Mozilla account by copying the mail folders from the old to the new 
> computer. Before doing that, to save space, I went through the Inbox and 
> Send folders, carefully culling out what I did not want to keep, and 
> then emptying the trash.
> 
> According to the current Mozilla window, I have two messages in my Inbox 
> and perhaps a dozen or so in the Send folder.
> 
> But when I went to the Mail folder under ./mozilla in my home directory, 
> to copy the files to the new system, I found that my Inbox is 39 MB in 
> size and my Send folder is almost 2 MB. Looking at their contents, it 
> would appear that the Inbox contains every message I have received, and 
> the Send folder every message I have sent, since I installed Mozilla in 
> May. The trash folder is empty.
> 
> So it would appear that even though I moved the messages from the 
> folders in the Mozilla window to the trash and then emptied it, the 
> Inbox and Send files do not purge themselves of deleted messages: they 
> remain on the disk.
> 
> The implications are obvious: messages that I thought were removed are 
> still available to anyone who wants to read the appropriate files.
> 
> This may be old hat to many CLUE readers, but it was a bit of a surprise 
> to me.
> 
> So I thought I would share it for whatever it is worth.
> 

This reminds me of a guy I used to work with.  He had been in the office
at the same position (workstation) for years.  He didn't know there was
an "Empty Trash" function.  He was asking me to figure out why his
machine was so slow to start up Netscape.  He had hundreds of megabytes
of mail in his trash folder (he had quite a lot in his inbox, too, I was
surprised his trash got that big, it didn't *seem* like he deleted
anything.)

He was quite surprised to see the stuff in his trash that he thought had
deleted years ago.  He was also quite surprised that anyone with admin
rights could read it.  Ah, the computer-phobic...

Tim
--
==============================================
== Timothy Klein || teece at silverklein.net   ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================

More information about the clue-talk mailing list