http://www.ISAserver.org ------------------------------------------------------- Except that if he was a Navy Secret Project Expert, he'd have known about "track changes" and "clipped images" about 8 years ago and wouldn't say stupid things like "People who do know about this aren't going to tell you" :-p T On 2/26/07 10:05 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to all: > http://www.ISAserver.org > ------------------------------------------------------- > > Not good enough. Now if he were a Navy Secret Projects Expert, that > would be different! > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- Microsoft Firewalls (ISA) > > > >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison >> Sent: Monday, February 26, 2007 11:31 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> Didn't you read it? >> ..because he's an Air Force "Secret Projects Expert"... >> ..jeeeeez.... >> :-p >> >> -----Original Message----- >> From: isalist-bounce@xxxxxxxxxxxxx >> [mailto:isalist-bounce@xxxxxxxxxxxxx] >> On Behalf Of Thomas W Shinder >> Sent: Monday, February 26, 2007 9:29 AM >> To: isalist@xxxxxxxxxxxxx >> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it >> >> http://www.ISAserver.org >> ------------------------------------------------------- >> >> I thought Microsoft released a document cleaning app years ago. Why >> would we need to buy what he's hawking? >> >> Thomas W Shinder, M.D. >> Site: www.isaserver.org >> Blog: http://blogs.isaserver.org/shinder/ >> Book: http://tinyurl.com/3xqb7 >> MVP -- Microsoft Firewalls (ISA) >> >> >> >>> -----Original Message----- >>> From: isalist-bounce@xxxxxxxxxxxxx >>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor >>> (Hammer of God) >>> Sent: Monday, February 26, 2007 11:04 AM >>> To: isalist@xxxxxxxxxxxxx >>> Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it >>> >>> http://www.ISAserver.org >>> ------------------------------------------------------- >>> >>> >>> Jeeze. It takes an Air Force "secret projects" "expert" to >>> call "track >>> changes" a "smoking gun." Oh, the horror. >>> >>> t >>> >>> >>> ------ Forwarded Message >>> From: InfoSec News <alerts@xxxxxxxxxxxxxxx> >>> Organization: InfoSec News - http://www.infosecnews.org/ >>> Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST) >>> To: <isn@xxxxxxxxxxxxxxx> >>> Subject: [ISN] Got a secret? Keep it >>> >>> http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus >>> iness/11723987 >>> 4591130.xml&coll=1 >>> >>> By BRIAN LAWSON >>> Times Business Writer >>> February 25, 2007 >>> >>> SRS develops software to keep documents from spreading hidden data >>> >>> SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air >>> Force working on advanced technology and secret projects. >>> >>> Now he hopes the intensive work he has done over the past six >>> years will >>> help bring a little-known problem to light and stop the accidental >>> sharing of business, medical, legal and government information. >>> >>> Hackett said he recognized the size of the problem of hidden data in >>> electronic documents while working for the Defense >>> Intelligence Agency's >>> Missile and Space Intelligence Center in December 2000. >>> >>> He found that a large number of transmitted documents, >> including Power >>> Point presentations, Excel spread sheets and Microsoft Word >> documents >>> contain hidden words or other data not intended for viewing, >>> but hidden >>> within the documents where it could be accessed. >>> >>> Hackett spent his last 18 months in the Air Force raising >> awareness of >>> the problem with DIA, the National Security Agency and government >>> inspectors general. >>> >>> Upon retirement, he joined SRS and began pursuing ways to >>> protect users >>> from leaving hidden data behind. >>> >>> "People who do know about this aren't going to tell you," >>> Hackett said. >>> "There's no smoking gun, and if they got the information >> from you, why >>> would they tell you? But some of the big gaffes we've seen >> on releases >>> of information in the past few years illustrate the problem." >>> >>> Hackett cited the United Nations investigation report on the >>> assassination of Lebanon's former prime minister Rafiq >> Hariri in 2005. >>> >>> The U.N.'s version released publicly did not name names, but >>> the public >>> report document had additional information contained within - >>> including >>> the names of suspects that were discovered and widely reported. >>> >>> Hackett said claims that converting a document to Portable Document >>> Format (PDF) will eliminate hidden data are false, and he said most >>> solutions that have been offered don't go far enough. >>> >>> President Bush's 2005 speech on a plan for victory in Iraq >>> was posted on >>> the Internet and with a few clicks by those reading it, it was >>> determined that much of the review work on the speech was >> done not by >>> his national security team, but by a Duke political science >> professor >>> who is a specialist on public opinion in wartime. >>> >>> How can hidden data be left in a document? >>> >>> By reusing and updating an older Power Point presentation >>> >>> By cropping a picture or image, because the entire image is still >>> contained in the file >>> >>> By cutting and pasting information from another document, >>> which imports >>> far more than just the selection that is visible >>> >>> By passing through a company a document with changes sought. >>> >>> The process of "tracking changes" which is a default setting >>> on Windows >>> XP's Ad Hoc Review feature, is an editing tool to see how >>> documents have >>> been updated or changed. But it has another effect, Hackett said. It >>> saves each version of the document as it is updated and >> passed around >>> electronically. >>> >>> The result is, for example, comments about a contract, including >>> suggested pricing and spec details, will remain in the >>> document, though >>> the final version that a company presents doesn't show that >>> information >>> on the page. >>> >>> Microsoft officials have said the function is easily disabled. The >>> company has stressed security in its new Office and Vista operating >>> system. Hackett disagrees, and he said the problems are not >> limited to >>> Microsoft products. >>> >>> Hackett cited a 2005 study by software maker Bitform >>> Technology Inc. on >>> Microsoft Office files generated by Fortune 100 companies. The study >>> found user names, e-mail addresses, hidden text and other >> information, >>> unintentionally included in disseminated documents. Hackett >> said about >>> 20 percent of those documents were affected by the track changes >>> feature. >>> >>> Hackett said Microsoft and other software vendors are offering the >>> features to consumers so they have a range of tools at their >>> disposal - >>> the problem is that many users don't realize what they're saving and >>> sending and accidentally sharing. >>> >>> SRS has developed a software program called Document Detective, with >>> version 2.1 to be unveiled next week, aimed at searching files and >>> scrubbing them for hidden data. The software provides a review of a >>> document and offers a menu that lets the user scrub files or >>> review each >>> to determine what to retain. SRS said the time saving and >>> efficiency of >>> the program are major advantages to users. >>> >>> The company has sold about 1,000 copies of earlier versions to >>> government and other customers. >>> >>> Joseph Bergantz, a retired Army major general and former program >>> executive officer for Aviation at Redstone Arsenal, is now >> SRS general >>> manager and corporate vice president. He said the technology's >>> applications and advantages for legal, medical, banking and >> government >>> and military intelligence customers are clear. >>> >>> "This is a worldwide problem," he said. "The right thing to >>> do is to let >>> people know about it." >>> >>> Copyright 2007 The Huntsville Times >>> >>> >>> ______________________________________ >>> Subscribe to the InfoSec News RSS Feed >>> http://www.infosecnews.org/isn.rss >>> >>> >>> >>> ------ End of Forwarded Message >>> >>> >>> ------------------------------------------------------ >>> List Archives: //www.freelists.org/archives/isalist/ >>> ISA Server Newsletter: >> http://www.isaserver.org/pages/newsletter.asp >>> ISA Server Articles and Tutorials: >>> http://www.isaserver.org/articles_tutorials/ >>> ISA Server Blogs: http://blogs.isaserver.org/ >>> ------------------------------------------------------ >>> Visit TechGenix.com for more information about our other sites: >>> http://www.techgenix.com >>> ------------------------------------------------------ >>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >>> Report abuse to listadmin@xxxxxxxxxxxxx >>> >>> >>> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> All mail to and from this domain is GFI-scanned. >> >> ------------------------------------------------------ >> List Archives: //www.freelists.org/archives/isalist/ >> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp >> ISA Server Articles and Tutorials: >> http://www.isaserver.org/articles_tutorials/ >> ISA Server Blogs: http://blogs.isaserver.org/ >> ------------------------------------------------------ >> Visit TechGenix.com for more information about our other sites: >> http://www.techgenix.com >> ------------------------------------------------------ >> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp >> Report abuse to listadmin@xxxxxxxxxxxxx >> >> >> > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx