TechSpot

Can Posting of Logs Undermine a User’s Security?

By bobcat
Feb 2, 2009
Post New Reply
  1. For TechSpot to be able to provide its excellent service to members, they often have to post large log files of scans, e.g. by HijackThis and other tools. Such files contain a lot of info on the member’s system, including what seems sensitive info, e.g. his defenses, patches applied (or missing), program versions (which may have security holes), possible backdoors, etc.

    My question is: Can somebody with malicious intentions use this info for targeting and gaining easier access to the member’s system?

    @ Mods

    If you consider that this post might give ideas to the wrong people, please delete it, though I am sure they must have had such ideas long ago.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Nope unless you give out IP addresses email addresses Logon passwords etc.

    HJT ComboFix SDFix most all Malware and Virus scanners being security oriented are careful not to do this.

    This does crop up sometimes in trouble shooting network and Internet connection issues the IP's sometimes get displayed.

    Mike
     
  3. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

    Thanks mflynn, comforting answer, to a large extent at least.

    But I just hope cybercrooks don't become mods, because mods can see members' IP's. I know, because I used to be a mod elsewhere.
     
  4. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    I agree wtih mflynn. A typical log shouldn't contain any info that would identify an individual. However sometimes people slip and post things that they shouldn't, but it is not related to the lgos.

    Regarding the cybercrook mods, I would like to think that sort of thing does not happen. At least around here, most (damn near all) the mods here have been mods for a LONG LONG time (From back in the day of 3dspotlight, and prior).
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    The issue of attachment logs (only being accessed by members signed on, by the way)
    Can offer a security risk

    Certainly the general attachments mostly seen: (HijackThis; Malwarebytes; SuperAntiSpyware) do not have any cause for alarm (although I have viewed logs that contain the members actual full name as their Windows Username; so therefore it is possible.

    Regarding such attachments such as IPConfig or even System Information Logs.
    Yes these logs contain much more identifying detail, of which could be used maliciously. But why would someone want to try to hack into a faulty computer? And usually a computer that has no other identifying info on? ie Just pick an IP out of the blue would be much easier for them.

    This is the main reason for Members having made up member names, ie Not their real name - for privacy.
    But the real security of a User's (or Member's) computer lies in their live protecting software: Personal Firewall; Antivirus; even Windows security updates (of which all should always be up to date)

    Therefore in the most part, Posting of Logs cannot Undermine a User’s Security
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...