[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Macintosh [and perhaps other OS] Security Alert
-----BEGIN PGP SIGNED MESSAGE-----
A number of months ago, I discovered that various Macintosh "unused
diskspace" wipe utilities (Norton, Burn) fail to wipe the unused
slackspace at the end of the last block allocated to a file. This leaves
NumberOfFiles*512Bytes/2 = several kB of recoverable data on your average
I had assumed that this data was left there by other files previously
using the same block. This would certainly be a problem. But I discovered
that matters are much worse. The Macintosh file system will always write
an entire block. The extra data can therefore not come from an old file.
It comes from the memory space immediately following the data to be
written. This is a very serious security risk. Your decrypted secret key,
ANYTHING in memory might be written to disk and remain there, unerasable
by disk wipe utilities.
I would appreciate some comments.
[This message has been signed by an auto-signing service. A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]
-----BEGIN PGP SIGNATURE-----
Comment: Gratis auto-signing service
-----END PGP SIGNATURE-----