Bad is a hacker compromising your account and doing something evil with it.
Worse is a hacker compromising your account, doing something evil with it, and the covering their tracks so you don't know what evil has been done.
Safeguard against the latter by making it difficult or impossible for the hacker cover tracks.
In the case of a email account, make it impossible to delete messages, or require a different password -- extra authentication -- for deleting. Or, encrypt "deleted" messages with a public key, requiring that extra password to undelete.
There is a potential privacy problem if you cannot delete your own messages. This might be fixed with stronger data privacy laws or other rearchitecting of society.
Or, replace deleted messages with undeletable "deleted" placeholders, which provide a hint that a hacker has been at work.
No comments :
Post a Comment