How to search and securely clear logs?

RobLewis

Release notes for the 3.8.3 versions talk about a serious security breach, which can be detected by "searching logs" for a specific message, and "securely clearing logs" if it is found.



I can't find any information anywhere about logs or how to search or clear them. Got any tips?

[Deleted User]

Hi Rob,



It's great to see people checking the release notes and paying attention to issues like this. As we, or rather Dave, mentioned in the notes we've only seen one report of this issue so far and that was from Alec himself who's since written back to let us know he couldn't reproduce the problem, of course any security issue is serious and so we fixed this straight away.



Let me just clarify though, from the [url="http://agilebits.com/products/1Password/versions/betas/"]release notes[/url]:

[quote]Fixed [b]rare situation[/b] where sensitive data could be logged if it could not be parsed correctly. So far I've only seen 1 user with this problem, but because of its seriousness you should search your logs for "-JSONRepresentation failed" to see if you were affected. If you find any, securely remove your logs. Thanks to [url="http://dropsafe.crypticide.com/aboutalecm"]Alec Muffett[/url] for reporting this issue.[/quote]



This isn't a full security breach as it may sound, but to see if you're affected by this issue, which shouldn't be the case, please follow these steps:



[list=1]

[*]Open Applications > Utitlies > Console

[*]From the Files section choose 'system.log'

[*]Use the search field to search for "-JSONRepresentation failed"

[/list]



If you don't seen any results, which should be the case for 99% of our users, then you're all set and there's nothing to worry about. If you do find any matches then the best option is to securely remove your system.log by doing the following from within the Console app:



[list=1]

[*]Right-click the system.log file and select 'Reveal in Finder' as shown here:



[img]http://i.agilebits.com/dt/Fullscreen-20110905-134219.jpg[/img]

[*]Drag the system.log file to the trash, you'll be prompted for your admin password to do this.

[*]Go to Finder > Secure Empty Trash

[/list]



That will securely remove all traces of the log entries. Please note that you will need an account with admin privileges in order to view and delete the system log.



I hope that helps,

apricot

Stu,



I just wanted to thank you for the info; I was about to post exactly the same question. I guess I'd like to add it might've be nice to add what kind of logs were being referred to for those of us that don't know so much.

[Deleted User]

You're very welcome, and you're right we should have been more clear about the logs in question.