Question about downloading personal information

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have a question about security and personal information. I access a
server on a regular basis, I download files that contain personal
information about other people from the server directly onto a memory
stick, this is then transferred to another computer.

The computer I use to download the personal information onto a memory
stick is the computer I do not wish any trace of this personal
information to exist on due to it being a shared computer. Does the act
of downloading this information to the memory disk directly via the
shared computer leave any trace of the personal information in the
temporary memory of the shared computer that someone else could get
access to, in effect leave another copy of what downloaded onto it?

If information is left on the shared computer how can I eliminate it
without affecting the integrity of other information on the computer?

Thanks for any help that can be given.

Re: Question about downloading personal information


Quoted text here. Click to load it

First question: how is this information transfered ?
Is it encrypted ?

Quoted text here. Click to load it

Normally: yes.
And even worse, this being some kind of 'public computer' you
must keep in mind that the entire computer may be compromised.
By a keylogger, a sniffer, by remote control, you name it.

Quoted text here. Click to load it

The only secure way would be, to have the information properly
encrypted on the server side.

Download the encrypted information --still encrypted-- unto your
memory-stick and only decrypt it in a 100% secure computer
environment. (Well, sort of, that is :-)

Kind regards,
Gerard Bok

Re: Question about downloading personal information

On Fri, 27 Jul 2007 11:47:02 +0100, Trevor wrote:

Quoted text here. Click to load it

Truthfully, if you are asking this, you needn't be attempting this.
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust" /

Re: Question about downloading personal information

Quoted text here. Click to load it
Any information taken from a web page goes first into working memory, so may
be written to the swap file. Then it is stored in the cache until it can be
displayed or otherwise dealt with. Some people then save the information on
the desktop (or somewhere similar) before moving it to the final
destination, but we will skip that step in your case.

So, there will be a copy in the swap file, and there will be a copy in the
cache. With the screwy way IE stores temporary internet files, it is very
difficult to tell where that will be. When you delete the cache, the file
still exists in the recycle bin, and the information is still intact on the
hard drive.

The question now is, how much effort is someone willing to go to in order to
locate this information?  Finding a 4k file in a 100 gig hard drive will
take considerable time. Chances are it would be easier and faster to steal
it from the web site.

Quoted text here. Click to load it

There have been many discussions in this group about recovering data. The
consensus is that there is no convenient 100% safe way to delete data and
make it unrecoverable.

The only solution I can find would be to set up a minimal operating system
that boots from a usb drive and never accesses the hard drive. There are a
number of variations of linux which will do this, and a 4 gig usb drive is
way more space than you need.. Then make sure you have all security in place
on the server - encryption, SSL, etc.

This avoids the need for file encryption, (but that is still a good idea)
and also avoids any complications that would arise if the computer you are
using is compromised. Given that it is a shared computer (and likely running
WinXP) you can almost guarantee that it is compromised to some extent. If I
were really interested in what you were downloading, I would put in a key
logger, and a 'service' that duplicates all usb drive writes into a hidden
directory, for me to inspect later.


Site Timeline