Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

7/23/2009
04:00 PM
50%
50%

Privacy Tool Makes Internet Postings Vanish

The open source tool called Vanish encrypts any text that's entered into a browser and scatters it, in disappearing pieces, across a network.

In a gift to those who yearn to take back a hastily sent e-mail or an online comment, a tool was released Thursday makes text on the Web disappear.

Called Vanish, the open source tool is available as a stand-alone application or a free plug-in for Mozilla's Firefox browser. It works with any text that's entered into a browser -- Web-based e-mail or chat services, and social networking sites such as Facebook, or Google Docs.

Private information is scattered all over the Web, and that situation concerns both privacy advocates and casual Web users. There are no consistent rules for how data is stored, where it is stored, or when, if ever, it is destroyed.

One of the most frequent questions received by the California Office of Privacy Protection, according to the office, is how people can get information about themselves off the Web. Often, the answer is that they can't.

"And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control," said Hank Levy, chairman of department the computer science and engineering at the University of Washington and one of the authors of an academic paper on Vanish that will be presented at the USENIX Security Symposium next month.

Vanish allows users to specify that all copies of any text-based data they're creating disappear in a certain amount of time. The software takes advantage of the same peer-to-peer networks that allow people to share music files online. It encrypts data, breaks the encryption key into pieces and scatters them on machines across the network. Since machines are constantly joining and leaving peer-to-peer networks, pieces of the key disappear and it can't be reconstructed.

There are caveats to using Vanish -- one is that both the user and the recipient of any posting must be using the software for it to work. University of Washington researchers also warn that Vanish is a prototype, which means it may have bugs, and that it's "ahead of the law" in how it should be used.

Users who are involved in a lawsuit, for example, should be careful when using Vanish if any information they're creating needs to be preserved.

Supporters of the research that led to Vanish include the National Science Foundation, the Alfred P. Sloan Foundation and Intel. More information on the project is available here.


InformationWeek Analytics is conducting a survey on Windows 7 adoption, to determine whether users are sticking with XP or investigating Mac OS, Linux, or virtual desktops. The poll takes 5 minutes to complete; please participate by clicking here, through July 24.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...