[isalist] Re: OT: FW: [ISN] Got a secret? Keep it
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 26 Feb 2007 10:02:05 -0800
http://www.ISAserver.org
-------------------------------------------------------
Except that if he was a Navy Secret Project Expert, he'd have known about
"track changes" and "clipped images" about 8 years ago and wouldn't say
stupid things like "People who do know about this aren't going to tell you"
:-p
T
On 2/26/07 10:05 AM, "Thomas W Shinder" <tshinder@xxxxxxxxxxx> spoketh to
all:
> http://www.ISAserver.org
> -------------------------------------------------------
>
> Not good enough. Now if he were a Navy Secret Projects Expert, that
> would be different!
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- Microsoft Firewalls (ISA)
>
>
>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> Sent: Monday, February 26, 2007 11:31 AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> Didn't you read it?
>> ..because he's an Air Force "Secret Projects Expert"...
>> ..jeeeeez....
>> :-p
>>
>> -----Original Message-----
>> From: isalist-bounce@xxxxxxxxxxxxx
>> [mailto:isalist-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Thomas W Shinder
>> Sent: Monday, February 26, 2007 9:29 AM
>> To: isalist@xxxxxxxxxxxxx
>> Subject: [isalist] Re: OT: FW: [ISN] Got a secret? Keep it
>>
>> http://www.ISAserver.org
>> -------------------------------------------------------
>>
>> I thought Microsoft released a document cleaning app years ago. Why
>> would we need to buy what he's hawking?
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- Microsoft Firewalls (ISA)
>>
>>
>>
>>> -----Original Message-----
>>> From: isalist-bounce@xxxxxxxxxxxxx
>>> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Thor
>>> (Hammer of God)
>>> Sent: Monday, February 26, 2007 11:04 AM
>>> To: isalist@xxxxxxxxxxxxx
>>> Subject: [isalist] OT: FW: [ISN] Got a secret? Keep it
>>>
>>> http://www.ISAserver.org
>>> -------------------------------------------------------
>>>
>>>
>>> Jeeze. It takes an Air Force "secret projects" "expert" to
>>> call "track
>>> changes" a "smoking gun." Oh, the horror.
>>>
>>> t
>>>
>>>
>>> ------ Forwarded Message
>>> From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
>>> Organization: InfoSec News - http://www.infosecnews.org/
>>> Date: Mon, 26 Feb 2007 01:16:06 -0600 (CST)
>>> To: <isn@xxxxxxxxxxxxxxx>
>>> Subject: [ISN] Got a secret? Keep it
>>>
>>> http://www.al.com/business/huntsvilletimes/index.ssf?/base/bus
>>> iness/11723987
>>> 4591130.xml&coll=1
>>>
>>> By BRIAN LAWSON
>>> Times Business Writer
>>> February 25, 2007
>>>
>>> SRS develops software to keep documents from spreading hidden data
>>>
>>> SRS Technologies engineer Ron Hackett spent 20 years in the U.S. Air
>>> Force working on advanced technology and secret projects.
>>>
>>> Now he hopes the intensive work he has done over the past six
>>> years will
>>> help bring a little-known problem to light and stop the accidental
>>> sharing of business, medical, legal and government information.
>>>
>>> Hackett said he recognized the size of the problem of hidden data in
>>> electronic documents while working for the Defense
>>> Intelligence Agency's
>>> Missile and Space Intelligence Center in December 2000.
>>>
>>> He found that a large number of transmitted documents,
>> including Power
>>> Point presentations, Excel spread sheets and Microsoft Word
>> documents
>>> contain hidden words or other data not intended for viewing,
>>> but hidden
>>> within the documents where it could be accessed.
>>>
>>> Hackett spent his last 18 months in the Air Force raising
>> awareness of
>>> the problem with DIA, the National Security Agency and government
>>> inspectors general.
>>>
>>> Upon retirement, he joined SRS and began pursuing ways to
>>> protect users
>>> from leaving hidden data behind.
>>>
>>> "People who do know about this aren't going to tell you,"
>>> Hackett said.
>>> "There's no smoking gun, and if they got the information
>> from you, why
>>> would they tell you? But some of the big gaffes we've seen
>> on releases
>>> of information in the past few years illustrate the problem."
>>>
>>> Hackett cited the United Nations investigation report on the
>>> assassination of Lebanon's former prime minister Rafiq
>> Hariri in 2005.
>>>
>>> The U.N.'s version released publicly did not name names, but
>>> the public
>>> report document had additional information contained within -
>>> including
>>> the names of suspects that were discovered and widely reported.
>>>
>>> Hackett said claims that converting a document to Portable Document
>>> Format (PDF) will eliminate hidden data are false, and he said most
>>> solutions that have been offered don't go far enough.
>>>
>>> President Bush's 2005 speech on a plan for victory in Iraq
>>> was posted on
>>> the Internet and with a few clicks by those reading it, it was
>>> determined that much of the review work on the speech was
>> done not by
>>> his national security team, but by a Duke political science
>> professor
>>> who is a specialist on public opinion in wartime.
>>>
>>> How can hidden data be left in a document?
>>>
>>> By reusing and updating an older Power Point presentation
>>>
>>> By cropping a picture or image, because the entire image is still
>>> contained in the file
>>>
>>> By cutting and pasting information from another document,
>>> which imports
>>> far more than just the selection that is visible
>>>
>>> By passing through a company a document with changes sought.
>>>
>>> The process of "tracking changes" which is a default setting
>>> on Windows
>>> XP's Ad Hoc Review feature, is an editing tool to see how
>>> documents have
>>> been updated or changed. But it has another effect, Hackett said. It
>>> saves each version of the document as it is updated and
>> passed around
>>> electronically.
>>>
>>> The result is, for example, comments about a contract, including
>>> suggested pricing and spec details, will remain in the
>>> document, though
>>> the final version that a company presents doesn't show that
>>> information
>>> on the page.
>>>
>>> Microsoft officials have said the function is easily disabled. The
>>> company has stressed security in its new Office and Vista operating
>>> system. Hackett disagrees, and he said the problems are not
>> limited to
>>> Microsoft products.
>>>
>>> Hackett cited a 2005 study by software maker Bitform
>>> Technology Inc. on
>>> Microsoft Office files generated by Fortune 100 companies. The study
>>> found user names, e-mail addresses, hidden text and other
>> information,
>>> unintentionally included in disseminated documents. Hackett
>> said about
>>> 20 percent of those documents were affected by the track changes
>>> feature.
>>>
>>> Hackett said Microsoft and other software vendors are offering the
>>> features to consumers so they have a range of tools at their
>>> disposal -
>>> the problem is that many users don't realize what they're saving and
>>> sending and accidentally sharing.
>>>
>>> SRS has developed a software program called Document Detective, with
>>> version 2.1 to be unveiled next week, aimed at searching files and
>>> scrubbing them for hidden data. The software provides a review of a
>>> document and offers a menu that lets the user scrub files or
>>> review each
>>> to determine what to retain. SRS said the time saving and
>>> efficiency of
>>> the program are major advantages to users.
>>>
>>> The company has sold about 1,000 copies of earlier versions to
>>> government and other customers.
>>>
>>> Joseph Bergantz, a retired Army major general and former program
>>> executive officer for Aviation at Redstone Arsenal, is now
>> SRS general
>>> manager and corporate vice president. He said the technology's
>>> applications and advantages for legal, medical, banking and
>> government
>>> and military intelligence customers are clear.
>>>
>>> "This is a worldwide problem," he said. "The right thing to
>>> do is to let
>>> people know about it."
>>>
>>> Copyright 2007 The Huntsville Times
>>>
>>>
>>> ______________________________________
>>> Subscribe to the InfoSec News RSS Feed
>>> http://www.infosecnews.org/isn.rss
>>>
>>>
>>>
>>> ------ End of Forwarded Message
>>>
>>>
>>> ------------------------------------------------------
>>> List Archives: //www.freelists.org/archives/isalist/
>>> ISA Server Newsletter:
>> http://www.isaserver.org/pages/newsletter.asp
>>> ISA Server Articles and Tutorials:
>>> http://www.isaserver.org/articles_tutorials/
>>> ISA Server Blogs: http://blogs.isaserver.org/
>>> ------------------------------------------------------
>>> Visit TechGenix.com for more information about our other sites:
>>> http://www.techgenix.com
>>> ------------------------------------------------------
>>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>>> Report abuse to listadmin@xxxxxxxxxxxxx
>>>
>>>
>>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>> ------------------------------------------------------
>> List Archives: //www.freelists.org/archives/isalist/
>> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
>> ISA Server Articles and Tutorials:
>> http://www.isaserver.org/articles_tutorials/
>> ISA Server Blogs: http://blogs.isaserver.org/
>> ------------------------------------------------------
>> Visit TechGenix.com for more information about our other sites:
>> http://www.techgenix.com
>> ------------------------------------------------------
>> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
>> Report abuse to listadmin@xxxxxxxxxxxxx
>>
>>
>>
> ------------------------------------------------------
> List Archives: //www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
