Schneier on Security
A blog covering security and security technology.
« MySpace Increases Security |
| Employee Theft at Australian Mint »
June 26, 2006
Yet Another Redacting Failure
This sort of thing happens so often it's no longer news:
Conte's e-mails were intended to be blacked out in a 51-page electronic filing Wednesday in which the government argued against the Chronicle's motion to quash the subpoena. Eight of those pages were not supposed to be public.
But the redacted parts in the computer file could be seen by copying them and pasting the material in a word processing program.
Another news article here.
Posted on June 26, 2006 at 12:29 PM
• 14 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This kind of scenario always reminds me of the old story of The Phage In The Letter - http://www.panix.com/~iayork/phage.shtml . These days, it'd be easy to imagine something similar involving an embedded font in a Postscript or PDF document.
Isn't this just a modern variant of the "Miss Frazer, send this guy the bug letter" inadvertent-forwarding-of-an-attachment goof?
Sounds like there should be a "Save for publish" mode/functionality in the word processors they use. When composing or editing a document, it's great to have unlimited undos and for it to be as hard to lose information as possible. But when publishing something, you don't want people reading you're notes.
Sounds like a typical windows user
"Save for publish" mode/functionality
In MS Word, this is called 'save as'. Save the file as a new file -- ie change it's name in the save-as dialogue -- and it will trim down the undo history etc.
Still saves whatever user id info you put into Word when you configured it.
I'm not sure that "SAVE AS" loses all the history crap in a Word file.
The safest method is to do a cut & paste into a new file, THEN do a "SAVE AS".
The only problem with this is that Word sometimes messes up the formating and you have to spend some time fixing it back up.
Its safer to not use a nondisclosed format.
Any saved format with tagged sequences that do not always render their information visibly is vulnerable to information leaks. Even HTML.
Most people simply do not understand the issues implied by the wysiwyg and convenience features i electronic documents.
I know this sounds crazy but why can't they just replace the redacted words with 'X' chars or something. It's obvious that if they can cut and paste into Word that this is a text document so it makes no sense to draw little boxes parts of the text but leave the original text in there.
Yet Another Ridacting Failure -- also known as a YARF?
What'd they do? Just select the sensitive information and change the text background to black? Doh.
I know there has to be a google hack to search for text in redacted PDF files...
I know someone out there in cyberland is now making a program that automatically scrubs PDF files. I remember seeing a program that scrubs your word documents.
This type of thing is too useful to be fixed. How "clever" it is to redact something that you'd rather have public and subsequently respond with "Oops, I'm sorry. It's that darn MS Word."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.