http://www.ISAserver.org ------------------------------------------------------- Didn't you read it? ..because he's an Air Force "Secret Projects Expert"... ..jeeeeez.... :-p -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder Sent: Monday, February 26, 2007 9:29 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it http://www.ISAserver.org ------------------------------------------------------- I thought Microsoft released a document cleaning app years ago. Why would we need to buy what he's hawking? Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > (Hammer of God) > Sent: Monday, February 26, 2007 11:04 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it > > http://www.ISAserver.org > ------------------------------------------------------- > > > Jeeze. It takes an Air Force "secret projects" "expert" to > call "track > changes" a "smoking gun." Oh, the horror. > > t > > > ------ Forwarded Message > From: InfoSec News <alerts@xxxxxxxxxxxxxxx> > Organization: InfoSec News - http://www.infosecnews.org/ > Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST) > To: <isn@xxxxxxxxxxxxxxx> > Subject: [ISN] Got a secret? Keep it > > http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus > iness/11723987 > 4591130.xml&coll=1 > > By BRIAN LAWSON > Times Business Writer > February 25, 2007 > > SRS develops software to keep documents from spreading hidden data > > SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air > Force working on advanced technology and secret projects. > > Now he hopes the intensive work he has done over the past six > years will > help bring a little-known problem to light and stop the accidental > sharing of business, medical, legal and government information. > > Hackett said he recognized the size of the problem of hidden data in > electronic documents while working for the Defense > Intelligence Agency's > Missile and Space Intelligence Center in December 2000. > > He found that a large number of transmitted documents, including Power > Point presentations, Excel spread sheets and Microsoft Word documents > contain hidden words or other data not intended for viewing, > but hidden > within the documents where it could be accessed. > > Hackett spent his last 18 months in the Air Force raising awareness of > the problem with DIA, the National Security Agency and government > inspectors general. > > Upon retirement, he joined SRS and began pursuing ways to > protect users > from leaving hidden data behind. > > "People who do know about this aren't going to tell you," > Hackett said. > "There's no smoking gun, and if they got the information from you, why > would they tell you? But some of the big gaffes we've seen on releases > of information in the past few years illustrate the problem." > > Hackett cited the United Nations investigation report on the > assassination of Lebanon's former prime minister Rafiq Hariri in 2005. > > The U.N.'s version released publicly did not name names, but > the public > report document had additional information contained within - > including > the names of suspects that were discovered and widely reported. > > Hackett said claims that converting a document to Portable Document > Format (PDF) will eliminate hidden data are false, and he said most > solutions that have been offered don't go far enough. > > President Bush's 2005 speech on a plan for victory in Iraq > was posted on > the Internet and with a few clicks by those reading it, it was > determined that much of the review work on the speech was done not by > his national security team, but by a Duke political science professor > who is a specialist on public opinion in wartime. > > How can hidden data be left in a document? > > By reusing and updating an older Power Point presentation > > By cropping a picture or image, because the entire image is still > contained in the file > > By cutting and pasting information from another document, > which imports > far more than just the selection that is visible > > By passing through a company a document with changes sought. > > The process of "tracking changes" which is a default setting > on Windows > XP's Ad Hoc Review feature, is an editing tool to see how > documents have > been updated or changed. But it has another effect, Hackett said. It > saves each version of the document as it is updated and passed around > electronically. > > The result is, for example, comments about a contract, including > suggested pricing and spec details, will remain in the > document, though > the final version that a company presents doesn't show that > information > on the page. > > Microsoft officials have said the function is easily disabled. The > company has stressed security in its new Office and Vista operating > system. Hackett disagrees, and he said the problems are not limited to > Microsoft products. > > Hackett cited a 2005 study by software maker Bitform > Technology Inc. on > Microsoft Office files generated by Fortune 100 companies. The study > found user names, e-mail addresses, hidden text and other information, > unintentionally included in disseminated documents. Hackett said about > 20 percent of those documents were affected by the track changes > feature. > > Hackett said Microsoft and other software vendors are offering the > features to consumers so they have a range of tools at their > disposal - > the problem is that many users don't realize what they're saving and > sending and accidentally sharing. > > SRS has developed a software program called Document Detective, with > version 2.1 to be unveiled next week, aimed at searching files and > scrubbing them for hidden data. The software provides a review of a > document and offers a menu that lets the user scrub files or > review each > to determine what to retain. SRS said the time saving and > efficiency of > the program are major advantages to users. > > The company has sold about 1,000 copies of earlier versions to > government and other customers. > > Joseph Bergantz, a retired Army major general and former program > executive officer for Aviation at Redstone Arsenal, is now SRS general > manager and corporate vice president. He said the technology's > applications and advantages for legal, medical, banking and government > and military intelligence customers are clear. > > "This is a worldwide problem," he said. "The right thing to > do is to let > people know about it." > > Copyright 2007 The Huntsville Times > > > ______________________________________ > Subscribe to the InfoSec News RSS Feed > http://www.infosecnews.org/isn.rss > > > > ------ End of Forwarded Message > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned. ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx