Schneier on Security

you too can try this at home:
http://photos.vowe.org/reviews/unclassified.doc

Israel Torres

erm, wrong c/p link, here is the right one:
http://download.repubblica.it/pdf/rapportousacalipari.pdf

Israel Torres

The US government has all sorts of regulations for how classified material must be handled, and where it can be stored. (What kind of file cabinet can be used to store classified documents, for example.) Does the government not also have regulations for what kind of software can handle classified documents? Or are those regs just being ignored? Given the many failures of PDF to protect classified information, it would seem prudent to ban Acrobat as a handler of classified information, convenience be damned.

At least some of the time, when this happenes, I'm sure the person who "censored" the document knew perfectly well how easy it would be to restore it, and was happy to pull this trick, feeling that it wa important to disseminate the uncensored material.

Similarly, two years ago at Salon.com, when the website asked you to login or get a daypass, you could click the "back" button on your browser to bypass the login screen. I'm sure this was done on purpose by a website developer who disagreed with the login requirement.

- The Precision Blogger
http://precision-blogging.blogspot.com

First the US became unpopular in Italy for the shooting of Calipari (fault irrelevant) -- now the US has blown the cover of the second secret service agent in the car, inflicting another blow to Italy. Caspita!

@Precision

I believe you are referring to the subject of yesterday's log entry:

"Users Disabling Security
It's an old story: users disable a security measure because it's annoying, allowing an attacker to bypass the measure."

Did the pdf author intentionally "disable" security, or did they make an unreasonable and uninformed decision about the risk/reward of using Adobe products?

Bruce, perhaps you should have added to yesterday's log "we all know that disabling buzzers and leaving doors unlocked does not prevent people from gaining unlawful entry, right?"

Was this leak a deliberate mistake?

Since it happened
the Italian public opinion has now
begun to sympathize with the
stressed out soldier who shot the
wrong car in fear.

Clearly the US would never admit
liability officially. This leak lets them
say sorry in an informal manner.

>Does the government not also have regulations for what
>kind of software can handle classified documents? Or
>are those regs just being ignored? Given the many
>failures of PDF to protect classified information, it
>would seem prudent to ban Acrobat as a handler of
>classified information, convenience be damned.

There are "TD" (Trusted Download) procedures for moving unlassified info off of classified systems. In my experience, TD for electronic media is something that must be specifically aproved by the government. In addition TD's can only be performed by people who have had a TD briefing. The number of people authorized to do TD is kept intentionally small.

Also, there are only a handfull of acceptable file formats that one may perfom TD on. *.txt files is one. If the material in question is not one of the acceppted file formats, the person performing the TD must convert said material to the proper format. Otherwise, the document stays classified.

When performing the TD, there is a strict procedure (typically a checklist) one must folow.

In addition, before a person can finish a TD, a knowledgable authority must review and sign off on the material. A record of the TD (i.e. who, what, where, when) is kept on file, usually with the local Information Security Officer (ISO).

The problem I've seen is that people think that TD is a way to de-classify material when it isn't.

Since the .pdf has SECRET NONFORN material in it, there is no way it should have been TDd, even if was a .txt file. There was some serious cluelessness at multiple points in the stream of events that caused a serious breach of security.

I need to clarify something:

>If the material in question is not one of the
>acceppted file formats, the person performing
>the TD must convert said material to the proper
>format. Otherwise, the document stays
>classified.

If an unclassified document is on a classified system, the document is considered classified. So, even if you know a particular document 100% unclassified, it is still classified by virtue of the fact that it is on a classified system. It is like there are two types of "classified" -- de facto and de jure.

The problem is that smaller companies like ours with better solutions for publishing with content security / redaction can't easily get market awareness against established content publishing standards like PDF.

Is there even a blackout feature in Acrobat? It looks like the document was originally in Word, and the censor just changed the background color to black.

It's extremely unlikely that a PDF document was redacted. More likely is that a Word document was redacted, as a previous comment suggests, and then was converted to PDF with the mistaken belief that this would remove the "redacted" data since converting does remove other hidden data from Word documents.

Last year, Maximillian Dornseif talked about hidden data in document formats at Defcon 12...

Read more: http://md.hudora.de/presentations/#hiddendata

The amazing thing is it's just as easy to create a properly redacted PDF, where the removed information is no longer available, as it is to create the other kind. Simply scan a redacted document from paper, convert to a pure binary bitmap (black or white, no gray scale), and throw the results into a PDF. There's no way to "get behind" the redactions.

Another alternative is to alter the text before creating the PDF, such as replacing redacted information with "XXXXX".

The first option has the benefit of being secure but the disadvantage of not having the text selectable. The second option has selectable text, but is more subject to errors if the editing is sloppy.

At least some of the time, when this happenes, I'm sure the person who "censored" the document knew perfectly well how easy it would be to restore it, and was happy to pull this trick, feeling that it wa important to disseminate the uncensored material.

---------
http://medlem.jubii.dk/telechargernero/

of course all the time people that "owns the world" are handling the news that may or may not appear in the news... so we can only see whatever they want us to see... always was like this...

Italian media have published classified sections of an official US military inquiry into the accidental killing of an Italian agent in Baghdad.

A Greek medical student at Bologna University who was surfing the web early on Sunday found that with two simple clicks of his computer mouse he could restore censored portions of the report.

The amazing thing is it's just as easy to create a properly redacted PDF, where the removed information is no longer available, as it is to create the other kind. Simply scan a redacted document from paper, convert to a pure binary bitmap (black or white, no gray scale), and throw the results into a PDF. There's no way to "get behind" the redactions.

Another alternative is to alter the text before creating the PDF, such as replacing redacted information with "XXXXX".

The first option has the benefit of being secure but the disadvantage of not having the text selectable. The second option has selectable text, but is more subject to errors if the editing is sloppy.

There are "TD" (Trusted Download) procedures for moving unlassified info off of classified systems. In my experience, TD for electronic media is something that must be specifically aproved by the government. In addition TD's can only be performed by people who have had a TD briefing. The number of people authorized to do TD is kept intentionally small.

Also, there are only a handfull of acceptable file formats that one may perfom TD on. *.txt files is one. If the material in question is not one of the acceppted file formats, the person performing the TD must convert said material to the proper format. Otherwise, the document stays classified.

When performing the TD, there is a strict procedure (typically a checklist) one must folow.

In addition, before a person can finish a TD, a knowledgable authority must review and sign off on the material. A record of the TD (i.e. who, what, where, when) is kept on file, usually with the local Information Security Officer (ISO).

The problem I've seen is that people think that TD is a way to de-classify material when it isn't.

Since the .pdf has SECRET NONFORN material in it, there is no way it should have been TDd, even if was a .txt file. There was some serious cluelessness at multiple points in the stream of events that caused a serious breach of security.

nice...Italian media have published classified sections of an official US military inquiry into the accidental killing of an Italian agent in Baghdad.

A Greek medical student at Bologna University who was surfing the web early on Sunday found that with two simple clicks of his computer mouse he could restore censored portions of the report.

i agree with you! :)

It's extremely unlikely that a PDF document was redacted. More likely is that a Word document was redacted, as a previous comment suggests, and then was converted to PDF with the mistaken belief that this would remove the "redacted" data since converting does remove other hidden data from Word documents.

The amazing thing is it's just as easy to create a properly redacted PDF, where the removed information is no longer available, as it is to create the other kind. Simply scan a redacted document from paper, convert to a pure binary bitmap (black or white, no gray scale), and throw the results into a PDF. There's no way to "get behind" the redactions.

Another alternative is to alter the text before creating the PDF, such as replacing redacted information with "XXXXX".

The first option has the benefit of being secure but the disadvantage of not having the text selectable. The second option has selectable text, but is more subject to errors if the editing is sloppy.