Information Technology Reference
In-Depth Information
fending programs to come about because they were altered by
someone who hacked into your computer; however, it is also
possible that you obtained the program in that form origi
nally! The program might email periodic updates to its own
ers to indicate how it is functioning and to document any er
rors. Such notifications might be considered legitimate to help
the development of future versions of the software. However,
the same email could transmit your secret data as well. When
you use your word processor, for example, do you know
what it really does behind the scenes?
Unauthorized people could access old versions of sensitive
files that remain after the originals are no longer in use. To
be complete, erasing should involve two steps: First, disk or
file space should be overwritten, so no sensitive data re
main. Second, the space previously occupied by the data
should be deallocated, so it may be used again. (Translating
these steps to paper files, paper should be shredded before
it is recycled.) Unfortunately, on many systems, only the
second step is performed. Overwriting disk files is time con
suming, and this step is often omitted. Without overwrit
ing, information can be obtained by looking through space
recently deallocated. (Again, in a paper world, this is not
unlike looking for information by searching through some
one's trash barrels.)
Two programs running on the same processor can communi
cate, either directly or indirectly, thereby making confidential
information vulnerable to prying eyes. For example, a process
using sensitive data might send messages to another person's
program if it's running at the same time. Material can also be
compromised when messages are sent indirectly between pro
grams; processes may take advantage of an operating sys
tem's scheduling of work in order to transmit data.
Although this communication between accounts or programs is
reasonably complex and certainly requires some collusion, possibil
ities such as these arise whenever users share a single machine.
Overall there are many ways that unauthorized people may obtain
sensitive data through clandestine or defective software, as well as
by sloppy file handling. Multiuser machines, therefore, have con
siderable potential for allowing the unauthorized distribution of
data and programs.
