http://www.ISAserver.org ------------------------------------------------------- Not good enough. Now if he were a Navy Secret Projects Expert, that would be different! Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- Microsoft Firewalls (ISA) > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Monday, February 26, 2007 11:31 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it > > http://www.ISAserver.org > ------------------------------------------------------- > > Didn't you read it? > ..because he's an Air Force "Secret Projects Expert"... > ..jeeeeez.... > :-p > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx > [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Thomas W Shinder > Sent: Monday, February 26, 2007 9:29 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it > > http://www.ISAserver.org > ------------------------------------------------------- > > I thought Microsoft released a document cleaning app years ago. Why > would we need to buy what he's hawking? > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > > > -----Original Message----- > > From: isalist-bounce@xxxxxxxxxxxxx > > [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor > > (Hammer of God) > > Sent: Monday, February 26, 2007 11:04 AM > > To: isalist@xxxxxxxxxxxxx > > Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it > > > > http://www.ISAserver.org > > ------------------------------------------------------- > > > > > > Jeeze. It takes an Air Force "secret projects" "expert" to > > call "track > > changes" a "smoking gun." Oh, the horror. > > > > t > > > > > > ------ Forwarded Message > > From: InfoSec News <alerts@xxxxxxxxxxxxxxx> > > Organization: InfoSec News - http://www.infosecnews.org/ > > Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST) > > To: <isn@xxxxxxxxxxxxxxx> > > Subject: [ISN] Got a secret? Keep it > > > > http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus > > iness/11723987 > > 4591130.xml&coll=1 > > > > By BRIAN LAWSON > > Times Business Writer > > February 25, 2007 > > > > SRS develops software to keep documents from spreading hidden data > > > > SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air > > Force working on advanced technology and secret projects. > > > > Now he hopes the intensive work he has done over the past six > > years will > > help bring a little-known problem to light and stop the accidental > > sharing of business, medical, legal and government information. > > > > Hackett said he recognized the size of the problem of hidden data in > > electronic documents while working for the Defense > > Intelligence Agency's > > Missile and Space Intelligence Center in December 2000. > > > > He found that a large number of transmitted documents, > including Power > > Point presentations, Excel spread sheets and Microsoft Word > documents > > contain hidden words or other data not intended for viewing, > > but hidden > > within the documents where it could be accessed. > > > > Hackett spent his last 18 months in the Air Force raising > awareness of > > the problem with DIA, the National Security Agency and government > > inspectors general. > > > > Upon retirement, he joined SRS and began pursuing ways to > > protect users > > from leaving hidden data behind. > > > > "People who do know about this aren't going to tell you," > > Hackett said. > > "There's no smoking gun, and if they got the information > from you, why > > would they tell you? But some of the big gaffes we've seen > on releases > > of information in the past few years illustrate the problem." > > > > Hackett cited the United Nations investigation report on the > > assassination of Lebanon's former prime minister Rafiq > Hariri in 2005. > > > > The U.N.'s version released publicly did not name names, but > > the public > > report document had additional information contained within - > > including > > the names of suspects that were discovered and widely reported. > > > > Hackett said claims that converting a document to Portable Document > > Format (PDF) will eliminate hidden data are false, and he said most > > solutions that have been offered don't go far enough. > > > > President Bush's 2005 speech on a plan for victory in Iraq > > was posted on > > the Internet and with a few clicks by those reading it, it was > > determined that much of the review work on the speech was > done not by > > his national security team, but by a Duke political science > professor > > who is a specialist on public opinion in wartime. > > > > How can hidden data be left in a document? > > > > By reusing and updating an older Power Point presentation > > > > By cropping a picture or image, because the entire image is still > > contained in the file > > > > By cutting and pasting information from another document, > > which imports > > far more than just the selection that is visible > > > > By passing through a company a document with changes sought. > > > > The process of "tracking changes" which is a default setting > > on Windows > > XP's Ad Hoc Review feature, is an editing tool to see how > > documents have > > been updated or changed. But it has another effect, Hackett said. It > > saves each version of the document as it is updated and > passed around > > electronically. > > > > The result is, for example, comments about a contract, including > > suggested pricing and spec details, will remain in the > > document, though > > the final version that a company presents doesn't show that > > information > > on the page. > > > > Microsoft officials have said the function is easily disabled. The > > company has stressed security in its new Office and Vista operating > > system. Hackett disagrees, and he said the problems are not > limited to > > Microsoft products. > > > > Hackett cited a 2005 study by software maker Bitform > > Technology Inc. on > > Microsoft Office files generated by Fortune 100 companies. The study > > found user names, e-mail addresses, hidden text and other > information, > > unintentionally included in disseminated documents. Hackett > said about > > 20 percent of those documents were affected by the track changes > > feature. > > > > Hackett said Microsoft and other software vendors are offering the > > features to consumers so they have a range of tools at their > > disposal - > > the problem is that many users don't realize what they're saving and > > sending and accidentally sharing. > > > > SRS has developed a software program called Document Detective, with > > version 2.1 to be unveiled next week, aimed at searching files and > > scrubbing them for hidden data. The software provides a review of a > > document and offers a menu that lets the user scrub files or > > review each > > to determine what to retain. SRS said the time saving and > > efficiency of > > the program are major advantages to users. > > > > The company has sold about 1,000 copies of earlier versions to > > government and other customers. > > > > Joseph Bergantz, a retired Army major general and former program > > executive officer for Aviation at Redstone Arsenal, is now > SRS general > > manager and corporate vice president. He said the technology's > > applications and advantages for legal, medical, banking and > government > > and military intelligence customers are clear. > > > > "This is a worldwide problem," he said. "The right thing to > > do is to let > > people know about it." > > > > Copyright 2007 The Huntsville Times > > > > > > ______________________________________ > > Subscribe to the InfoSec News RSS Feed > > http://www.infosecnews.org/isn.rss > > > > > > > > ------ End of Forwarded Message > > > > > > ------------------------------------------------------ > > List Archives: //www.freelists.org/archives/isalist/ > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > ISA Server Articles and Tutorials: > > http://www.isaserver.org/articles_tutorials/ > > ISA Server Blogs: http://blogs.isaserver.org/ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > All mail to and from this domain is GFI-scanned. > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx