Bruce Schneier
Schneier on Security
A blog covering security and security technology.
« MySpace Increases Security | Main | Employee Theft at Australian Mint »
June 26, 2006
Yet Another Redacting Failure
This sort of thing happens so often it's no longer news:
Conte's e-mails were intended to be blacked out in a 51-page electronic filing Wednesday in which the government argued against the Chronicle's motion to quash the subpoena. Eight of those pages were not supposed to be public.But the redacted parts in the computer file could be seen by copying them and pasting the material in a word processing program.
Another news article here.
Posted on June 26, 2006 at 12:29 PM • 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Matthew Skala • June 26, 2006 2:12 PM
This kind of scenario always reminds me of the old story of The Phage In The Letter - http://www.panix.com/~iayork/phage.shtml . These days, it'd be easy to imagine something similar involving an embedded font in a Postscript or PDF document.
Tanuki • June 26, 2006 3:11 PM
Isn't this just a modern variant of the "Miss Frazer, send this guy the bug letter" inadvertent-forwarding-of-an-attachment goof?
Sounds like there should be a "Save for publish" mode/functionality in the word processors they use. When composing or editing a document, it's great to have unlimited undos and for it to be as hard to lose information as possible. But when publishing something, you don't want people reading you're notes.
artificial life • June 26, 2006 10:36 PM
"Save for publish" mode/functionality
In MS Word, this is called 'save as'. Save the file as a new file -- ie change it's name in the save-as dialogue -- and it will trim down the undo history etc.
Still saves whatever user id info you put into Word when you configured it.
Jojo • June 26, 2006 11:07 PM
I'm not sure that "SAVE AS" loses all the history crap in a Word file.
The safest method is to do a cut & paste into a new file, THEN do a "SAVE AS".
The only problem with this is that Word sometimes messes up the formating and you have to spend some time fixing it back up.
Any saved format with tagged sequences that do not always render their information visibly is vulnerable to information leaks. Even HTML.
Most people simply do not understand the issues implied by the wysiwyg and convenience features i electronic documents.
Adam Lock • June 27, 2006 7:21 AM
I know this sounds crazy but why can't they just replace the redacted words with 'X' chars or something. It's obvious that if they can cut and paste into Word that this is a text document so it makes no sense to draw little boxes parts of the text but leave the original text in there.
PDF • June 27, 2006 9:51 AM
this was discussed a few months ago in this forum:
NSA report on how to safely publish sanitized documents converted from word to PDF:
http://www.nsa.gov/snac/vtechrep/...
Xyz • June 27, 2006 10:14 AM
Yet Another Ridacting Failure -- also known as a YARF?
What'd they do? Just select the sensitive information and change the text background to black? Doh.
jammit • June 27, 2006 11:56 AM
I know there has to be a google hack to search for text in redacted PDF files...
I know someone out there in cyberland is now making a program that automatically scrubs PDF files. I remember seeing a program that scrubs your word documents.
Anonymous • June 28, 2006 10:17 AM
This type of thing is too useful to be fixed. How "clever" it is to redact something that you'd rather have public and subsequently respond with "Oops, I'm sorry. It's that darn MS Word."
Subscribe to comments on this entry
Post a comment
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.
|
| Subscribe |
Subscribe via Kindle |
| Blog Menu |
SearchPowered by DuckDuckGoBlog Home Page
Archives by Date2013 J F M A M J
Tags  |
| Latest Book |
more books by Bruce Schneier |
Comments