[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PC disk wipe software
> People do record their incoming and outgoing email. Smart ones will store it
> offsite (auto farward to their home machine). Others will pgp them online.
> Mostly though the cleartext email files will be happily archived away each
> night to the nice friendly DAT tape down the corridor in the machine room.
I mistakenly interpreted the original posting as "outgoing only." Incoming
mail must certainly be saved; however, backing up an outgoing mail spool on
a busy machine is senseless. By "busy", I mean "that machine which serves
as a mail server".
Outboxes change the situation, but they are not universal.
> Me, I just nuke any sensitive information that may arrive in my work mbox,
> or save/forward it to a safer place. I discourage people from using my work
> address as a regular personal contact point.
This brings up an interesting point, namely: where is your email secure? If
the FBI or security agency of your choice decides to clamp a legal hold upon
the machines upon which you work, they surely wouldn't be so foolish as to
forget about your home machine over that frame-relay or ppp/slip link. In
such a situation, telling people to use any mailbox at all is useless unless
they encrypt with a relatively secure encryption package, z.B. pgp.
> Also ensure your admins aren't the nosy types. I started work at one place
> and noticed in the /.sh_history file that the previous admin was regularly
> grepping peoples mail spools for his name. This caused some concern to the
> management when they were informed. Obviously these forays were not part of
> his everyday job and were a personal endeavour.
This is a problem, and almost certainly more of a problem than security
agencies demanding your backup tapes. There's also no way around it; the
only solution is encryption.