|
Posted by Bruce Meyer on June 3, 2008, 9:40 am
If you were Registered and logged in, you could reply and use other advanced thread options
Whikle trying to determine the source of a leak, one of my colleagues
said he thought he had read of the following:
If I create an MS Word Document, and save it. Then later open it back
up and delete a specific paragraph prior to publishing that document
on a web site, a user with a tool designed for this, can recover the
deleted text as it is actually still inside that document.
I had never heard of this.
Can anyone verify if this is correct, and if so, how to go about
viewing that deleted paragraph to prove to others that yes, this could
be how info is being extracted from published documents?
Thanks either way,
Bruce D. Meyer
|
|
Posted by Leythos on June 3, 2008, 9:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
In article <f46878ca-c024-425f-aa93-3a35737b7222
@l42g2000hsc.googlegroups.com>, bdmeyersc@gmail.com says...
> If I create an MS Word Document, and save it. Then later open it back
> up and delete a specific paragraph prior to publishing that document
> on a web site, a user with a tool designed for this, can recover the
> deleted text as it is actually still inside that document.
While not exactly as you state, unless you SAVE AS the file will contain
edits and other pieces that you've removed - this has been known for
YEARS.
Always publish documents to PDF so that you don't have to worry about
it.
If you are going to publish text from a word document, do just that,
publish the text.
If you want to make the document downloadable, but they don't need to
edit it, your only safe method is to convert to PDF and digitally sign
the document.
--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)
|
|
Posted by Moe Trin on June 3, 2008, 4:11 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>While not exactly as you state, unless you SAVE AS the file will contain
>edits and other pieces that you've removed - this has been known for
>YEARS.
I'm amazed that that "feature" is still here, what - twentyfive years
after MS-Word 1.0. I mean it's not as if we're still running on a
4.77 MHz 8088 using floppy drives as mass storage.
>Always publish documents to PDF so that you don't have to worry about
>it.
Owww, maybe _you_ want to spend some time with a search engine - the
Usenet newsgroup comp.risks would be nice, and search for the keyword
'redact' - which will bring up issue 24.14 through 24.17 (1Q2006)
PDF documents can leak image data (Geoff Kuenning)
NSA on redacting Word and PDF documents (dmagda)
NSA explains how to redact documents electronically (Steven M. Bellovin)
Re: "NSA on redacting Word and PDF documents" (Matt Jaffe)
Some risks can be good for you, Re: redacting (Richard Karpinski)
or issue 24.34 and 24.35 (Jul 2006)
Yet another example of accidental disclosure of redacted info (Aaron Emigh)
Re: Yet another example of accidental disclosure of redacted info
(Amos Shapir)
or issue 24.83 (Sept 2007)
FIA blunder reveals secrets: obscured material viewable (Ben Moore)
Redacted material still viewable (Ben Moore)
That's just looking at Volume 24. There are others in other volumes.
Old guy
|
|
Posted by Arthur T. on June 3, 2008, 11:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
>If I create an MS Word Document, and save it. Then later open it back
>up and delete a specific paragraph prior to publishing that document
>on a web site, a user with a tool designed for this, can recover the
>deleted text as it is actually still inside that document.
>
>I had never heard of this.
>
>Can anyone verify if this is correct, and if so, how to go about
>viewing that deleted paragraph to prove to others that yes, this could
>be how info is being extracted from published documents?
There are a lot of examples of this that have been in the
news. And, it's not just deleted text; sometimes the metadata
(properties) can leak data.
M$ has a free download, the "remove hidden data" tool, for
Office. Get it and use it.
I was going to tell you how to view the hidden data, but I
find I'm uncomfortable stating even this minor bit of cracking
info in a public forum. I *will* say that it's dead simple.
One of the 3-letter agencies has a policy that the only way
they'll make a document available electronically is to print it,
scan it, and make the scan available.
--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position
|
|
Posted by Jim Watt on June 3, 2008, 1:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Whikle trying to determine the source of a leak, one of my colleagues
>said he thought he had read of the following:
>
>If I create an MS Word Document, and save it. Then later open it back
>up and delete a specific paragraph prior to publishing that document
>on a web site, a user with a tool designed for this, can recover the
>deleted text as it is actually still inside that document.
>
>I had never heard of this.
>
>Can anyone verify if this is correct, and if so, how to go about
>viewing that deleted paragraph to prove to others that yes, this could
>be how info is being extracted from published documents?
>
>Thanks either way,
> Bruce D. Meyer
Its old news, and along with macro virus's a reason
why publishing word documents on the Internet is
unwise.
I believe .rtf's are generally safe.
--
Jim Watt
http://www.gibnet.com
|
| Similar Threads | Posted | | Cisco IPv6 Vulnerability | August 1, 2005, 6:23 pm |
| National Vulnerability Database | August 16, 2005, 6:55 pm |
| Vulnerability assessment for OS, XML, web services | September 27, 2005, 11:16 am |
| Snort vulnerability "wormable" but not widespread | October 20, 2005, 11:51 pm |
| WMF Vulnerability patch for win98 etc., REALTIME LOG | January 5, 2006, 1:50 pm |
| IE7 Beta 2 Vulnerability Discovered in just 15 minutes! | February 1, 2006, 11:55 pm |
| HAS ANYONE EVER HEARD OF THE NEW IMPROVED SINNLOS9? | November 20, 2006, 9:10 pm |
| "Extremely Critical" New zero-day Windows vulnerability being exploited. | December 29, 2005, 6:22 am |
| Free software firewalls I have never heard of before | September 7, 2005, 9:09 am |
| Microsoft Excel Unspecified Memory Corruption Vulnerability | December 12, 2005, 12:51 am |
|
XML site map