[isalist] Re: OT: FW: [ISN] Got a secret? Keep it
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 09:30:31 -0800
http://www.ISAserver.org
-------------------------------------------------------
Didn't you read it?
..because he's an Air Force "Secret Projects Expert"...
..jeeeeez....
:-p
-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Thomas W Shinder
Sent: Monday, February 26, 2007 9:29 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it
http://www.ISAserver.org
-------------------------------------------------------
I thought Microsoft released a document cleaning app years ago. Why
would we need to buy what he's hawking?
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> (Hammer of God)
> Sent: Monday, February 26, 2007 11:04 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
>
> Jeeze. It takes an Air Force "secret projects" "expert" to
> call "track
> changes" a "smoking gun." Oh, the horror.
>
> t
>
>
> ------ Forwarded Message
> From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
> Organization: InfoSec News - http://www.infosecnews.org/
> Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST)
> To: <isn@xxxxxxxxxxxxxxx>
> Subject: [ISN] Got a secret? Keep it
>
> http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus
> iness/11723987
> 4591130.xml&coll=1
>
> By BRIAN LAWSON
> Times Business Writer
> February 25, 2007
>
> SRS develops software to keep documents from spreading hidden data
>
> SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air
> Force working on advanced technology and secret projects.
>
> Now he hopes the intensive work he has done over the past six
> years will
> help bring a little-known problem to light and stop the accidental
> sharing of business, medical, legal and government information.
>
> Hackett said he recognized the size of the problem of hidden data in
> electronic documents while working for the Defense
> Intelligence Agency's
> Missile and Space Intelligence Center in December 2000.
>
> He found that a large number of transmitted documents, including Power
> Point presentations, Excel spread sheets and Microsoft Word documents
> contain hidden words or other data not intended for viewing,
> but hidden
> within the documents where it could be accessed.
>
> Hackett spent his last 18 months in the Air Force raising awareness of
> the problem with DIA, the National Security Agency and government
> inspectors general.
>
> Upon retirement, he joined SRS and began pursuing ways to
> protect users
> from leaving hidden data behind.
>
> "People who do know about this aren't going to tell you,"
> Hackett said.
> "There's no smoking gun, and if they got the information from you, why
> would they tell you? But some of the big gaffes we've seen on releases
> of information in the past few years illustrate the problem."
>
> Hackett cited the United Nations investigation report on the
> assassination of Lebanon's former prime minister Rafiq Hariri in 2005.
>
> The U.N.'s version released publicly did not name names, but
> the public
> report document had additional information contained within -
> including
> the names of suspects that were discovered and widely reported.
>
> Hackett said claims that converting a document to Portable Document
> Format (PDF) will eliminate hidden data are false, and he said most
> solutions that have been offered don't go far enough.
>
> President Bush's 2005 speech on a plan for victory in Iraq
> was posted on
> the Internet and with a few clicks by those reading it, it was
> determined that much of the review work on the speech was done not by
> his national security team, but by a Duke political science professor
> who is a specialist on public opinion in wartime.
>
> How can hidden data be left in a document?
>
> By reusing and updating an older Power Point presentation
>
> By cropping a picture or image, because the entire image is still
> contained in the file
>
> By cutting and pasting information from another document,
> which imports
> far more than just the selection that is visible
>
> By passing through a company a document with changes sought.
>
> The process of "tracking changes" which is a default setting
> on Windows
> XP's Ad Hoc Review feature, is an editing tool to see how
> documents have
> been updated or changed. But it has another effect, Hackett said. It
> saves each version of the document as it is updated and passed around
> electronically.
>
> The result is, for example, comments about a contract, including
> suggested pricing and spec details, will remain in the
> document, though
> the final version that a company presents doesn't show that
> information
> on the page.
>
> Microsoft officials have said the function is easily disabled. The
> company has stressed security in its new Office and Vista operating
> system. Hackett disagrees, and he said the problems are not limited to
> Microsoft products.
>
> Hackett cited a 2005 study by software maker Bitform
> Technology Inc. on
> Microsoft Office files generated by Fortune 100 companies. The study
> found user names, e-mail addresses, hidden text and other information,
> unintentionally included in disseminated documents. Hackett said about
> 20 percent of those documents were affected by the track changes
> feature.
>
> Hackett said Microsoft and other software vendors are offering the
> features to consumers so they have a range of tools at their
> disposal -
> the problem is that many users don't realize what they're saving and
> sending and accidentally sharing.
>
> SRS has developed a software program called Document Detective, with
> version 2.1 to be unveiled next week, aimed at searching files and
> scrubbing them for hidden data. The software provides a review of a
> document and offers a menu that lets the user scrub files or
> review each
> to determine what to retain. SRS said the time saving and
> efficiency of
> the program are major advantages to users.
>
> The company has sold about 1,000 copies of earlier versions to
> government and other customers.
>
> Joseph Bergantz, a retired Army major general and former program
> executive officer for Aviation at Redstone Arsenal, is now SRS general
> manager and corporate vice president. He said the technology's
> applications and advantages for legal, medical, banking and government
> and military intelligence customers are clear.
>
> "This is a worldwide problem," he said. "The right thing to
> do is to let
> people know about it."
>
> Copyright 2007 The Huntsville Times
>
>
> ______________________________________
> Subscribe to the InfoSec News RSS Feed
> http://www.infosecnews.org/isn.rss
>
>
>
> ------ End of Forwarded Message
>
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
