> -----Original Message----- > From: Blud Clot [mailto:bludclot@hellokitty.com] > Sent: 24. siječanj 2003 22:15 > To: bugtraq@securityfocus.com > Subject: Eudora Message Deletion Weakness > > > Description: Messages thought to be deleted are still stored > on the user's harddrive. > > Versions Affected: This was tested on the latest version, > version 5.2.0.9. It is likely that many or all previous > versions are also affected. > > Details: When a message is deleted from the trash folder in > Eudora a user would expect that message to be gone. Instead > the message is simply flagged to not be shown in Eudora and > the message can still be read in plain text by viewing > Trash.mbx. The message is only really deleted when the user > chooses to compact mailboxes. This issue was discussed some time ago on the Forensics mailing list. Check thread about Outlook PST files: http://online.securityfocus.com/archive/104/299753/2002-11-14/2002-11-20/0 Basically, this is a "feature". Outlook and Outlook Express have same problems - if you delete any message it remains in your PST file until you compact it. PST files work pretty similar as a database, so when you decide to delete the message, Outlook just flags it for deletion (and it won't show it on the screen anymore, but you can find it in PST). Solution is (as always) to know what you're doing - if you care about that (privacy etc.) you should compact every time when you decide to exit program. Also, for Outlook 2000, there is registry setting which causes it to completely remove deleted date when it's shut down. Best regards, Bojan Zdrnja
