Schneier on Security

This kind of scenario always reminds me of the old story of The Phage In The Letter - http://www.panix.com/~iayork/phage.shtml . These days, it'd be easy to imagine something similar involving an embedded font in a Postscript or PDF document.

They will never learn...

Isn't this just a modern variant of the "Miss Frazer, send this guy the bug letter" inadvertent-forwarding-of-an-attachment goof?

Sounds like there should be a "Save for publish" mode/functionality in the word processors they use. When composing or editing a document, it's great to have unlimited undos and for it to be as hard to lose information as possible. But when publishing something, you don't want people reading you're notes.

Sounds like a typical windows user

"Save for publish" mode/functionality

In MS Word, this is called 'save as'. Save the file as a new file -- ie change it's name in the save-as dialogue -- and it will trim down the undo history etc.

Still saves whatever user id info you put into Word when you configured it.

I'm not sure that "SAVE AS" loses all the history crap in a Word file.

The safest method is to do a cut & paste into a new file, THEN do a "SAVE AS".

The only problem with this is that Word sometimes messes up the formating and you have to spend some time fixing it back up.

Its safer to not use a nondisclosed format.

Any saved format with tagged sequences that do not always render their information visibly is vulnerable to information leaks. Even HTML.

Most people simply do not understand the issues implied by the wysiwyg and convenience features i electronic documents.

I know this sounds crazy but why can't they just replace the redacted words with 'X' chars or something. It's obvious that if they can cut and paste into Word that this is a text document so it makes no sense to draw little boxes parts of the text but leave the original text in there.

this was discussed a few months ago in this forum:

NSA report on how to safely publish sanitized documents converted from word to PDF:

http://www.nsa.gov/snac/vtechrep/...

Yet Another Ridacting Failure -- also known as a YARF?

What'd they do? Just select the sensitive information and change the text background to black? Doh.

I know there has to be a google hack to search for text in redacted PDF files...
I know someone out there in cyberland is now making a program that automatically scrubs PDF files. I remember seeing a program that scrubs your word documents.

This type of thing is too useful to be fixed. How "clever" it is to redact something that you'd rather have public and subsequently respond with "Oops, I'm sorry. It's that darn MS Word."