[isalist] Re: OT: FW: [ISN] Got a secret? Keep it
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 12:05:30 -0600
http://www.ISAserver.org
-------------------------------------------------------
Not good enough. Now if he were a Navy Secret Projects Expert, that
would be different!
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Monday, February 26, 2007 11:31 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Didn't you read it?
> ..because he's an Air Force "Secret Projects Expert"...
> ..jeeeeez....
> :-p
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx]
> On Behalf Of Thomas W Shinder
> Sent: Monday, February 26, 2007 9:29 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> I thought Microsoft released a document cleaning app years ago. Why
> would we need to buy what he's hawking?
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
> > -----Original Message-----
> > From: isalist-bounce@xxxxxxxxxxxxx
> > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
> > (Hammer of God)
> > Sent: Monday, February 26, 2007 11:04 AM
> > To: isalist@xxxxxxxxxxxxx
> > Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it
> >
> > http://www.ISAserver.org
> > -------------------------------------------------------
> >
> >
> > Jeeze. It takes an Air Force "secret projects" "expert" to
> > call "track
> > changes" a "smoking gun." Oh, the horror.
> >
> > t
> >
> >
> > ------ Forwarded Message
> > From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
> > Organization: InfoSec News - http://www.infosecnews.org/
> > Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST)
> > To: <isn@xxxxxxxxxxxxxxx>
> > Subject: [ISN] Got a secret? Keep it
> >
> > http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus
> > iness/11723987
> > 4591130.xml&coll=1
> >
> > By BRIAN LAWSON
> > Times Business Writer
> > February 25, 2007
> >
> > SRS develops software to keep documents from spreading hidden data
> >
> > SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air
> > Force working on advanced technology and secret projects.
> >
> > Now he hopes the intensive work he has done over the past six
> > years will
> > help bring a little-known problem to light and stop the accidental
> > sharing of business, medical, legal and government information.
> >
> > Hackett said he recognized the size of the problem of hidden data in
> > electronic documents while working for the Defense
> > Intelligence Agency's
> > Missile and Space Intelligence Center in December 2000.
> >
> > He found that a large number of transmitted documents,
> including Power
> > Point presentations, Excel spread sheets and Microsoft Word
> documents
> > contain hidden words or other data not intended for viewing,
> > but hidden
> > within the documents where it could be accessed.
> >
> > Hackett spent his last 18 months in the Air Force raising
> awareness of
> > the problem with DIA, the National Security Agency and government
> > inspectors general.
> >
> > Upon retirement, he joined SRS and began pursuing ways to
> > protect users
> > from leaving hidden data behind.
> >
> > "People who do know about this aren't going to tell you,"
> > Hackett said.
> > "There's no smoking gun, and if they got the information
> from you, why
> > would they tell you? But some of the big gaffes we've seen
> on releases
> > of information in the past few years illustrate the problem."
> >
> > Hackett cited the United Nations investigation report on the
> > assassination of Lebanon's former prime minister Rafiq
> Hariri in 2005.
> >
> > The U.N.'s version released publicly did not name names, but
> > the public
> > report document had additional information contained within -
> > including
> > the names of suspects that were discovered and widely reported.
> >
> > Hackett said claims that converting a document to Portable Document
> > Format (PDF) will eliminate hidden data are false, and he said most
> > solutions that have been offered don't go far enough.
> >
> > President Bush's 2005 speech on a plan for victory in Iraq
> > was posted on
> > the Internet and with a few clicks by those reading it, it was
> > determined that much of the review work on the speech was
> done not by
> > his national security team, but by a Duke political science
> professor
> > who is a specialist on public opinion in wartime.
> >
> > How can hidden data be left in a document?
> >
> > By reusing and updating an older Power Point presentation
> >
> > By cropping a picture or image, because the entire image is still
> > contained in the file
> >
> > By cutting and pasting information from another document,
> > which imports
> > far more than just the selection that is visible
> >
> > By passing through a company a document with changes sought.
> >
> > The process of "tracking changes" which is a default setting
> > on Windows
> > XP's Ad Hoc Review feature, is an editing tool to see how
> > documents have
> > been updated or changed. But it has another effect, Hackett said. It
> > saves each version of the document as it is updated and
> passed around
> > electronically.
> >
> > The result is, for example, comments about a contract, including
> > suggested pricing and spec details, will remain in the
> > document, though
> > the final version that a company presents doesn't show that
> > information
> > on the page.
> >
> > Microsoft officials have said the function is easily disabled. The
> > company has stressed security in its new Office and Vista operating
> > system. Hackett disagrees, and he said the problems are not
> limited to
> > Microsoft products.
> >
> > Hackett cited a 2005 study by software maker Bitform
> > Technology Inc. on
> > Microsoft Office files generated by Fortune 100 companies. The study
> > found user names, e-mail addresses, hidden text and other
> information,
> > unintentionally included in disseminated documents. Hackett
> said about
> > 20 percent of those documents were affected by the track changes
> > feature.
> >
> > Hackett said Microsoft and other software vendors are offering the
> > features to consumers so they have a range of tools at their
> > disposal -
> > the problem is that many users don't realize what they're saving and
> > sending and accidentally sharing.
> >
> > SRS has developed a software program called Document Detective, with
> > version 2.1 to be unveiled next week, aimed at searching files and
> > scrubbing them for hidden data. The software provides a review of a
> > document and offers a menu that lets the user scrub files or
> > review each
> > to determine what to retain. SRS said the time saving and
> > efficiency of
> > the program are major advantages to users.
> >
> > The company has sold about 1,000 copies of earlier versions to
> > government and other customers.
> >
> > Joseph Bergantz, a retired Army major general and former program
> > executive officer for Aviation at Redstone Arsenal, is now
> SRS general
> > manager and corporate vice president. He said the technology's
> > applications and advantages for legal, medical, banking and
> government
> > and military intelligence customers are clear.
> >
> > "This is a worldwide problem," he said. "The right thing to
> > do is to let
> > people know about it."
> >
> > Copyright 2007 The Huntsville Times
> >
> >
> > ______________________________________
> > Subscribe to the InfoSec News RSS Feed
> > http://www.infosecnews.org/isn.rss
> >
> >
> >
> > ------ End of Forwarded Message
> >
> >
> > ------------------------------------------------------
> > List Archives: //www.freelists.org/archives/isalist/
> > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > ISA Server Articles and Tutorials:
> > http://www.isaserver.org/articles_tutorials/
> > ISA Server Blogs: http://blogs.isaserver.org/
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> >
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> All mail to and from this domain is GFI-scanned.
>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
