Petreley's column: Destroying the E-Mail Evidence

Some time ago, a Web site offering an unusual service was brought to my attention. For a fee, this company will provide customers with an alibi and various other services to make it easier to conduct an extramarital affair. (Please don't request the URL because I'd rather not be responsible for sending business its way.)The site just about made me lose my lunch. What bothers me most is the way the company positions its services. It claims its purpose is to "protect your loved ones from undue anxiety ... by offering secure and professional handling of alibis for you." According to the site, the goal is "total peace of mind for you and your family."

I was reminded of that site this week when I learned about a company called Disappearing Inc. Disappearing Inc. is preparing to release a product that allows you to set your electronic mail to expire after a predetermined period. The goal is to make it impossible for someone to use your e-mail as evidence against your company.

Now, to be honest, Disappearing Inc. registered only about halfway on my nauseometer. What worries me is that I'm not so sure my nauseometer is calibrated correctly. Maybe you can set me straight, either way.

The difference I see between the two is that I really, truly want to believe there is a valid reason why a company should want its e-mail to expire. But no matter how hard I try, I get the same answer for both services. If you want peace of mind for you and your family, don't betray your loved ones. Likewise, if you don't want your archived e-mail to return to haunt you, then don't engage in unethical or illegal activities likely to bring litigation against your company.

Don't assume I'm saying more than I am. We all have a right to privacy. In fact, I am a staunch advocate of unrestricted encryption. Everyone should be able to protect his or her private information or correspond with others without fear of law enforcement agencies arbitrarily listening in.

And I'm not entirely blind to harsh reality, either. Obviously there are many company executives who aren't guilty of anything, but who are nevertheless afraid that their past e-mail correspondence could be misconstrued. And their concerns aren't always entirely unfounded. Sometimes, companies wage unjust legal wars in lieu of relying on innovation and competition, and government agencies inappropriately seek to interfere with business.

So how can we avoid frivolous lawsuits and improper government intervention? I really don't know. But surely it isn't to implement a plan to routinely destroy evidence.

If you want peace of mind, nothing compares with a clear conscience -- not even the most expensive alibi can compete.

A piece of your mind

Speaking of e-mail and peace of mind, one of my recent columns mentioned a program called swatch that monitors log files on a Linux system and alerts you to potential security attacks. I was deluged with e-mail from readers who tried to get a copy, only to find that the URL in my column had expired.

Well, do not despair. You can find various versions of swatch at ftp://ftp.stanford.edu /general/security-tools/swatch. I'm running Version 3.0b2, but it's easier to get Version 2.2 running on most systems. You can also find versions of swatch on some Linux distribution CD-ROMs. It is included with Red Hat 6.1, for example. Caldera 2.3 comes with a similar program called xwatch.

There are a number of other log-watching programs available, as well. But in order for any of these log watchers to be useful, you'll need to combine them with programs that log suspicious events. Start with ipchains, a firewall configuration program that comes with most Linux distributions. Then I recommend you add PortSentry to the mix. PortSentry detects various attempts to get into your system. It can even automatically reconfigure your system on the fly to repel such attacks. You can get PortSentry at http://www.psionic.com.

Once you're armed with these utilities (and assuming you know your way around security issues), you'll be able to identify most of the people trying to get into your system. Catch them while you can because sooner or later someone is going to realise they can rake in a lot of dough by selling these crackers alibis.

Nicholas Petreley is editorial director of LinuxWorld (http://www.linuxworld.com). Reach him at nicholas_petreley@infoworld.com, and visit his forum at http://www.infoworld.com.

Join the newsletter!

Error: Please check your email address.

More about CalderaRed HatSwatch

Show Comments

Market Place