Online Document Search Reveals Secrets

An anonymous reader writes "New Scientist is reporting that many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques." Update: 08/16 19:06 GMT by H : The story is originally from Crypto-gram, not New Scientist.

crypto

[Feyr]

funny how the lastest cryptogram treats of exactly the same subject, i just received it an hour ago

http://www.schneier.com/crypto-gram.html

Re:crypto

[peculiarmethod]

why exactly is that funny, again?

p

Re:crypto

[xv4n]

No one can tell, man. That post is encrypted in itself.

Re:crypto

[broken.data]

Funny.. the article f*cking says that!!!

Oh wait.. this is /.

Re:crypto

[randyest]

Well, not sure about what the OP through was funny, but I sure do think this is, from the article:

"It is feasible that an individual may include their social security number on copies of a resume sent to prospective employers, but delete it from the version put online to guard against identify theft," Byers writes.

Who in their right mind puts their SSN in any version of a resume??!

Re:crypto

[jovlinger]

cryptogram-filter

Re:crypto

[Waffle+Iron]

I would never put my SSN on a resume, but the last time I made a resume I ran the .doc file through 'less'. Sure enough, most all of my edit history was in there.

I exported it to RTF then reimported before saving it again as .doc. This erased other people's access to my thought processes, and it reduced the file size by 80% to boot.

In the end it didn't matter much, though. I usually include a plain text version of the resume right in my email as a backup along with the .doc attachment. On interviews, I've noticed that most people just print the plain text version. If I really didn't need to make the word doc, and people are too lazy to print it, why do companies insist you send it in .doc format anyway?

Re:crypto

[chipperdog]

Why do you even send a .doc (application/msword) resume? If you want to send a "pretty" printable resume, send it as pdf (encoded as mime-type application/pdf), you can create a pdf by piping the print job through 'gs -sDEVICE=pdfwrite -'....Make sure you stick with the standard fonts so it renders the same on the recipent's computer

Re:crypto

[BrokenHalo]

I waw the article at New Scientist earlier yesterday, and my immediate reaction was the thought "and this is news?". Let's face it, anybody who has ever run a .doc file through a hex dump or even a text editor (this is not new) should be aware that there's a lot more information than appears on the screen in MS Word. And I fail to see how Microsoft's incorporating DRM into their files is going to improve matters. Their claim that all the editing history being present in the file is "useful" is specious. It is only useful to someone who wants to spy on you.

Re:crypto

[McAddress]

I am not sure about resumes, but I remember that I had to put my SSN on some of the essays for my college application.
I even remember having a teacher that insisted on us putting our SSN on our CS homework so she would be able to identify us easier. She even used to hand out it back by calling out the last 4 digits.
Stupid idiot.

Re:crypto

[blibbleblobble]

"why do companies insist you send it [your resume] in .doc format anyway?"

Well, if you haven't spend hundreds of dollars on a word processor, you're obviously not serious about this "computer interweb" thingy... and who would want to employ someone who can't even use Microsoft Word?

</sarcasm>

I did once get an email from a supposedly "technical" company saying they couldn't use my .txt resume, could I send them a .doc version. Dumbasses.

Of course, all the linux-migration success-stories seem to mention the Personnel and HR deparments as being the "you'll pry microsoft licenses from our cold dead hands" ones who insist on their own thing regardless of everybody else. No matter what the rest of a company is like, you can guarantee that HR will be computer-illiterate.

Re:crypto

[TaranRampersad]

I say stick HR departments on LTSPs. The resumes are centralized, and if they REALLY want to play solitaire, they can buy their own damn PDAs.

They can use OpenOffice, and they WILL like it. It's a job. Waste money on your own time. :D

Re:crypto

[psm321]

Resumes for government jobs require SSN (at least in my experience).

Nothing New

[JRHelgeson]

Just go into the document properties section. This is why I publish everything to Adobe Acrobat before posting online.

Re:Nothing New

[Sky-217]

In the article they mentioned that this applies to pdf files too...

"For example, in 2002 the Washington Post published a version of a letter sent by the Washington sniper in Adobe PDF format. Names and telephone numbers were visibly blacked out, but still found embedded in the file."

Re:Nothing New

[I8TheWorm]

Of course, that makes the text unsearchable by google.

Re:Nothing New

[Frymaster]

In the article they mentioned that this applies to pdf files too...

which is why you should use latex! nobody understands that stuff. security through obscurity!

Re:Nothing New

[rf0]

cat filename | strings.

Edit in vi
Run over custom script to add basic HTML

Works for me

or Just use LaTex

Rus

Re:Nothing New

[gblues]

That is because the people who published the PDF were idiots.

Acrobat has a number of commenting tools. What the Washington Post staff did in that case was use the Highlight tool, set the color to black, and use it to draw over the names.

Only problem? The highlighter is an object that is drawn on top of the text object it is attached to. The underlying text is not modified at all. In fact, if you watch closely, you can see the name for a split second before the renderer draws the highlights.

If the Washington Post had used the TouchUp Text tool to delete the names, the information would not have been leaked.

Nathan

Re:Nothing New

[mistered]

But that just shows all the text in the document. Most of the strings returned will be what's supposed to be public, which is therefore not interesting. The technique mentioned is basically the same, but eliminates the public text, leaving only the good bits.

Anyway, you don't need the cat -- strings filename does what you want.

Re:Nothing New

[merlyn]

That'd be a useless use of cat. Simple "strings < filename" would work. Probably don't even need the <.

Re:Nothing New

[neitzsche]

That's overkill. How about

$ strings filename.doc

It works for me.

Re:Nothing New

[dvdeug]

That is because the people who published the PDF were idiots.

Acrobat has a number of commenting tools. What the Washington Post staff did in that case was use the Highlight tool, set the color to black, and use it to draw over the names.

And that makes you an idiot? Not tech savey, maybe, but that's the exact thing you'd do in releasing hardcopy, and unless you think in terms of the internals of a computer, there's no reason you'd think twice about doing that.

Re:Nothing New

[jovlinger]

And under infra-red light, you can see trough the black highlighter (well, ink at least. I'm guessing this applies to dried ink as well). If your job is to redact documents, and you do that poor a job of it, you may not be an idiot, but you are incompetent.

Or is competence no longer a job requirement?

Re:Nothing New

[aengblom]

That is because the people who published the PDF were idiots.

And that makes you an idiot?

Yes, we were idiots. I work for the Post in a limited degree and we now have a sheet of paper on a quite visible bulletin board describing how we were idiots.

The .com folks who would post such a document are well aware to checkout if blacking it out was done correctly....now.

Re:Nothing New

[GigsVT]

LyX is really easy, and really good at the kinds of documents LaTeX is designed to create. Try it sometime, you'll be surprised. Do read the help docs that are in the help menu if you get stuck though.

Re:Nothing New

UUOC (useless use of cat

Re:Nothing New

[Snaller]

Publish to text, then we can all read it.

WHAT?!??

[zedmelon]

From the article:

• "He says hidden information can "incredibly useful" in improving the functionality of the software. "But if some of that data is sensitive, there have to be ways of ensuring that it isn't distributed where it shouldn't be," he says."

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

I know that the guy stressed the fact that Micrsoft isn't alone in this disctinction, but this is just another example of why Microsoft SUCKS.

I put the doc in a samba share and viewed it with vi. I found the path to the doc, the original name, my userid on my laptop, and the company name. All were hidden from the simple searches like this:

s.l.a.s.h.d.o.t...o.r.g

WTF?!?

Oh, WAIT a minute! This is also from the article:

• "The next edition of Office 2003 will include tools that will allow users to remove personal information from a document. It will also include new "information rights management" that will let an author specify who can read or forward a document."

WHEW! I feel so much better. Please disregard the first six paragraphs. Thanks.

Re:WHAT?!??

[zedmelon]

And yes, I know. I'm a fucking idiot for assuming ANYTHING or taking anything for granted when it comes to good ol' Billy.

Re:WHAT?!??

[brondsem]

"He says hidden information can "incredibly useful" in improving the functionality of the software. "But if some of that data is sensitive, there have to be ways of ensuring that it isn't distributed where it shouldn't be," he says."

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

You only have the convenience while the file is open. If you could undo after you re-opened a file, these "hidden secrets" wouldn't be hidden at all!

I put the doc in a samba share and viewed it with vi. I found the path to the doc, the original name, my userid on my laptop, and the company name. All were hidden from the simple searches like this:

s.l.a.s.h.d.o.t...o.r.g

It's probably unicode, which uses multi-byte characters, and vi displays each one seperately.

Re:WHAT?!??

[zedmelon]

"You only have the convenience while the file is open. If you could undo after you re-opened a file, these "hidden secrets" wouldn't be hidden at all!"

Exactly. I knew that to begin with, but I did it and then vi'd the file to confirm. If I delete text from a document, that means I don't want that text in the document. Neil Laver says "...hidden information can "incredibly useful" in improving the functionality of the software."

So my main point is, if I am being supposedly CONVENIENCED by this "feature," HOW is the software helping me by storing these things in my document?

Re:WHAT?!??

[Koyaanisqatsi]

All were hidden from the simple searches like this: s.l.a.s.h.d.o.t...o.r.g

It's not hidden. It's unicode (double-byte), just that;

Re:WHAT?!??

[wortelslaai3434]

As a sidenote...

I. .t.h.i.n.k. .y.o.u.r. .s.e.e.i.n.g. .u.n.i.c.o.d.e. .t.e.x.t.

Re:WHAT?!??

[zedmelon]

MOD PARENT UP

pahahahah! That ruled!

Okay, no, I didn't know that was unicode, and I'm sure that security gurus will scoff at my use of the word "hidden," but what I meant by that is still true:

You can't just search for a string you're seeking. In vi, you can't go "/slashdot.org," because the string won't turn up.

Same thing in most apps, even if they WILL let the user search for "hidden text."

Re:WHAT?!??

[tfinniga]

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

The convenience is in large files - I think the idea was that you store a diff on the end of the document, rather than rewriting the entire document to disk. You can disable this by unchecking the "Allow fast saves" option.

Just in case you were actually interested in having your question answered.

Re:WHAT?!??

[BennyTheBall]

just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

My guess is that they ar refering to the "track changes" feature. It basically highlights delted text, rather than actually deleting it. I believe it also uses different colors for every user who modified the document.

Personally, I find this feature more annoying than useful but I can see how people could take advantage of it when a lot of users will update the same doc

Re:WHAT?!??

[tzanger]

s.l.a.s.h.d.o.t...o.r.g

actually you were probably viewing unicode text in 8-bit charset. Not hidden, just obscured. :-)

Re:WHAT?!??

[whoever57]

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

You have to turn on the "Track Changes" (under "tools") feature and then make some changes (then save it, etc.)

Re:WHAT?!??

[zedmelon]

Hmmm interesting. I never realized that.
BennyTheBall also has a good theory below.

Thanks, guys.

Just in case you were actually interested in having your question answered.

Heh. Yeah, I know that's a legitimate concern on /.

Also I found this post by 26199 quite interesting. Richard Stallman's reasoning for the dispensing of Werd documents for good. I like it.

Re:WHAT?!??

[Pieroxy]

Just a small post to notify you that (...).y.o.u.'.r.e. (...) is the correct wording.

Thanks

Re:WHAT?!??

[cicho]

What you did was probably not enough to trigger the behavior the article describes. The article doesn't go into fine points of Word file format, and it's not only the undo function that presents a problem. Word's files are "compound documents" in MS-speak, actually a nifty idea, where a single file has a structure that resembles nested directories and files on disk (except the 'directories' inside a compound document are called storages and 'files' are called streams). The way Word optimizes writes to these files is that it doesn't constantly rewrite the whole file when you made a small or even a substantial change. If you replace a small chunk of text with a larger chunk, the old small chunk may well remain in the file and only be marked as deleted, or unused (much as files on disk when you delete them), while the new chunk is appended to the end of the file (or wherever it fits). There's a process built in to 'compress' such files by removing those unused spaces, but exactly when and how often Word does so I've no idea. So after *many* edits you may find that some old text remains in the physical file, although it's not accessible to you or Word.

You may also notice that Word files don't grow by single bytes, but by bigger chunks. I suppose that Word simply grabs some unused disk space when the file needs to grow, but it does not clear that space, so a Word file could potentially contain any random data that happens to remain unerased on the disk space marked as free.

Re:WHAT?!??

[noctrl]

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

Yeah broder!

Is there a way to reactivate "undo" in a saved .doc ??? !

Re:WHAT?!??

More specifically, UTF-16. Unicode comes in a variety of encodings.

Re:WHAT?!??

[malfunct]

The features were added for buiness convienience, unfortunately at the time security and privacy implications of the features were not a high priority. Now we are reaping the rewards.

So basically in some ways you want to be mad at MS (and any of the other companies that did similar things) but in other ways you have to give them some credit for trying to do things that users wanted. Its a case where you can't please everyone so you have to figure out who is most important to please. More importantly you have to second guess and see if the feature that the user requested is actually something they want, and whether they are willing to deal with any of its side effects. Its a pain.

Re:WHAT?!??

[42forty-two42]

All were hidden from the simple searches like this: s.l.a.s.h.d.o.t...o.r.g

That's UTF-16 unicode encoding. Microsoft Office uses it by default, as do all sort of other windows programs.

Re:WHAT?!??

[FingerDemon]

Is there a way to reactivate "undo" in a saved .doc ??? !

Yeah, I just tried this. I typed a message with "sensitive info" in it and saved it. Then deleted that part and saved the file again. Reopen that word doc in even something as crappy as notepad and you can look for "sensitive" and find it. After copying and pasting this into a different word file, I can't find it in Notepad. (Not that notepad is so terribly sophisticated that it rules out "sensitive info" still being around.)

My wife works at a law firm and they had major problems with this, since the features were turned on by default for their install. That may have been a choice of their IT dept., or Microsoft, I don't know. I thought they said that even copy and paste to a new doc wasn't secure enough, but I'm not sure of the details on that.

I don't think it is Microsoft being so crappy that they coded this feature in, like it was a bug. I think it is an incredible feature... that they didn't clearly inform the users about or give nearly enough control over.

Prediction

[JessLeah]

This will become a common way for 'big' corps to spy on 'small' corps (and individual users?), to find new ways to both screw them over, and appear 'omniscient'. They'll never (or rarely) get called on it. Meanwhile, anyone who tries to reveal information discovered in this way which is incriminating towards said big corps will get sued for being "hackers" and/or "terrorists".

Re:Prediction

[TopShelf]

This is "Insightful"??? Yeesh!

I had no idea that the sloppy handling of non-displayed data in output files (not just Word, mind you), and their publication on the web was actually Another Way For The Man To Keep Us Down...

Re:Prediction

[Spunk]

You don't think that it's possible?

I recall an article (possibly here) about companies using this "feature" on job applicants to read what was in previous versions. For example, you overwrite this letter

Dear IBM,
Thanks for the Linux job offer. Gimme $60,000 and I'm yours.
Love, Spunk

with

Dear Microsoft,
You guys are the best. I'll take that C# coder job for $70,000.
Love, Spunk

It would be easy for MS to see that you are asking IBM for $10,000 less. Letter-writing skills notwithstanding, I don't expect this would help your negotiating position.

Re:Prediction

[TopShelf]

The point is, there's nothing about this issue that has anything to do with big corporations vs. individuals/small companies. It's a simple matter of documents posted on the web containing more info than their posters' probably realize. You could just as well address those letters to "Joe's Local ISP," and the same thing could happen...

Re:Prediction

[Spunk]

Aha, I see what you're saying now. True.

It's been said hundreds if not thousands of times:

[NightSpots]

It doesn't matter how good your corporate security is if you don't train your users (including managers) in basic security practices.

Lots of people put sensitive documents in public webspace, primarily because they don't know any better. Eventually the cost-benefit analysis will be done, and corporations will pay to have their users trained. Until then, this type of thing will continue to happen.

P2P has be doing htis for a long itme

[genner]

Idiotic use of P2P software has lead to stuff like this more than once. People often overlook the document tab on Kazaa.

Re:P2P has be doing htis for a long itme

[ComaVN]

Indeed. Search for system.dat, user.dat or pwl on Kazaa, there are always some files found.

Although I cannot guess how many of those are honeypots.

Re:P2P has be doing htis for a long itme

[Chess_the_cat]

Even better, search for *.eml.

Re:P2P has be doing htis for a long itme

[mccrew]

From the be-careful-what-you-search-for department:
Search for *anything* on Kazaa, and there are always some files found. However, upon closer inspection, you'll see that they really are hidden pornography URLs, viruses, and other poison payloads, definitely not what you were really looking for.

Re:P2P has be doing htis for a long itme

[Reziac]

Aside from the "poison files" another reply mentions, there was once a bug in kazaa that when it was running on a box using an oriental language version of Windows (not sure which one, but Thai was affected for sure), ALL files would be "shared" whether the user intended it or not. AFAIK it was never addressed as a bug, but I deduced its existence from the fact that I never saw it on other non-English boxes (so it wasn't just misconfiguration by non-English speakers), and the consistency with which I saw examples.

Re:P2P has be doing htis for a long itme

[ComaVN]

I never downloaded it, but I'm pretty sure a 8MB system.dat file is NOT a virus.

In general however, you are of course correct.

I thought this was common knowledge?

[26199]

Well, it is amongst people who object to being mailed Word documents, anyway. They're just a really bad format for publishing information in.

See Richard Stallman's 'no-word-attachments' article, for example...

Re:I thought this was common knowledge?

[broken.data]

This is not limited to Word. This trick has been around for ages with PDF and everything else I can think of.

Hell, this is how slashdot figured out that the Microsoft Switch was a fake.

Re:I thought this was common knowledge?

[worm+eater]

You can't count on anything being 'common knowledge' among many of today's office workers.

Example:
"My document won't open..."
"Type of file is it?"
"Huh?"
"Which application was the file made in?"
"Microsoft."
"Which Microsoft application?"
etc.

The user should be somewhat responsible for knowing how to use the machine, just like with any other machine. However, many of today's operation systems and applications were designed so that the user doesn't have to think or know about what they are doing. So be it. Who is going to think for them? Microsoft? Obviously in this case, Microsoft failed to think through what they were doing 'for the user.' This is a common problem with them... AutoCorrect in Word drives me nuts. I know I can turn that off, but many features like this cannot be turned off.

Re:I thought this was common knowledge?

[Aidtopia]

My friend go so tired of people on his team sending him word docs, that he learned TeX and started sending his replies that way. When he feels really nasty about it, he sends the .dvi files.

Re:I thought this was common knowledge?

[tchapin]

I got a copy of this article and put it on the web in a format that us Windows users can read.

Todd

Re:I thought this was common knowledge?

[romfordofficesupplie]

I've not used Word for Windows for some years and have only recently been using Word for Mac OS X. I wonder if there is any kind of set-up assistant (or wizard) that allows you to set all of these options.

Any time I install Office, I have to go through those steps, disabling auto-correction and the assistant. Would be nice if there was some kind of setup-assistant to walk you through these options (including disabling the hidden information).

Anyone know if this feature already exists?

An Important Question

[linuxislandsucks]

How many word processing progreams do place hidden meta data within theri formats?

For example does OpenOffice/StarOffice and other open source programs have the saem security problem?

Re:An Important Question

[Anonymous+Shepard]

I don't think so. You can easily unzip an OOo .sxw document using WinZip, then open the individual xml files to see what they contain (and even edit them). I have done so; I haven't really checked for sensitive hidden data in them, but I don't believe there is anything unnecessary in there. And of course, an OOo file is just about a third the size of a Word .doc file.

Re:An Important Question

[__past__]

The OOo file format it just a bunch of zipped XML files, you can easily look for yourself. Deleted text is not in it, as it seems. Unless you turned on version tracking, of course.

It does, however, save things like when the document was last printed, how often it has been edited and by whom, etc. unless you tell it otherwise. It's easy to get rid of the data (there is a huge "Delete" button in the properties dialog), but not many people will be aware of it.

So, basically, if you don't know what you are doing, you could give out more information than you want to with you OOo files.

Re:An Important Question

[shaitand]

copyleft = freedom
bsdtype license = free to steal

Re:An Important Question

[Bullet-Dodger]

copyleft = freedom
bsdtype license = free to steal

copyleft = freedom for code
bsdtype license = freedom for coders

Which is more free is a matter of opinion.

Re:An Important Question

[shaitand]

copyleft = freedom for code and THE ONES WHO CODE IT
bastype license = freedom for coder who would like to make that code their own.

As to which is free in the sense of no cost for those who want to use it, without a doubt it's BSD. Those who release gpl'd code aren't working for free, they want their payment in code instead of cash. Considering human nature, I find the gpl to be an ideal that is definattely in closser harmony with a man, and at the same time still an ideal of what will benefit mankind.

But as you said, it's a matter of opinion which is better.

Re:An Important Question

[WWWWolf]

Interesting. I wish I had known this before I sent a short story I wrote for people to review. Now they see exactly how much coffee I needed to pull that together. =) But at least I'll probably also see their changes...

And I think it's good that it stores the changes, though I would much prefer it if there would be some kind of external revision control mechanism - like this article shows, storing revisions in the file itself is not good, safe or even desirable. Has anyone tried to design a RCS/CVS-like system for OpenOffice.org? Since it's zipped XML, It wouldn't even be particularly challenging...

Re:An Important Question

[__past__]

At least the 1.1 betas have an option to save as "flat xml". The format is basically the same as the zipped one, but uncompressed and in a single file (binary files like embedded images seem to be base64 encoded).

In principle there is no problem using that with any version management system, CVS, RCS, Subversion etc should work fine with it. You'll be more happy to have an XML-aware diff at least, though - my simple test doc ended up with all content in a single long line.

Well...

[CGP314]

Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques.

Are you going to share that info or what?

Throw it up on freenet man!

Re:Well...

[rkz]

well just do this i suppose.

antiword -s blah.doc > /tmp/a.txt
antiword blah.doc >/tmp/b.txt

compare sizes(a.txt, b.txt);
If different;

diff a.txt b.txt

in html

[SHEENmaster]

http://www.schneier.com/crypto-gram.html

To do this yourself, just type:
<a href="http://foo/">bar</a>

Re:in html

[Feyr]

i know, i just don't care to provide clickable links.

beside, i DID get first post didn't i? :)

Re:in html

[zedmelon]

Heheh, yeah, and you probably oughta send an apology to the admins at schneier.com. I just subscribed to their newsletter with a sendmail -v and watched the progress, and it was S-L-O-W.
;)

Fire when ready.
Slashdotting in progress, sir.

infrastructure data?

[at_kernel_99]

An accomplished searcher can learn much about the world we live in, as slashdot reported some time ago.

An interesting reminder, to be sure, given yesterday's blackout.

Makes a guy wonder just how much is still available regarding key electrical and telephone infrastructure. Emergency power capabilities of broadcasters (radio, television, mobile phone). Gas lines, in the parts of the country that have them. Water systems. There's likely a bunch of data out there, ready to be mined.

LaTeX

[ParadigmLA]

Everyone should just be forced to use LATeX and then there won't be any hidden information. . .

Re:LaTeX

[GarvMaster]

Because 99.9% of the world would go back to pen and paper

Re:LaTeX

\documentclass{article}
\begin{document}
\sectio n{Beyond normal people, shirley}
Yeah, those scientists who manage to use \LaTeX must be fucking geniuses.
I have no idea how they can use a programming language to write documents
and still stay sane. How on earth can they spend time fiddling with all
that unimportant gobbledygook when they should be writing the text and
thinking about the ideas they want to get across, is completely beyond me.
\end{document}

Re:LaTeX

Would that even work?
"\sectio n{Beyond normal people, shirley}"
My guess is your text document will have a compiler error!

Re:LaTeX

[WWWWolf]

Ah, but LaTeX supports % comments. Which is unfortunate, because when people know they can leave Notes For Themselves, they sometimes write stupid things in them.

Ask around if anyone's ever found odd comments from corporate source code, or worse, released source code...

(A simple example: "Fuck it, I do it in perl. Fucking sh drives me nuts." - 3Delight 0.9.6 Linux install script)

Re:LaTeX

Why? whats the difference if word is spitting out its normal format or Latex if the front end is the exact same.

OMG

Stupid people messing stuff up? I'm SHOCKED!

How long until someone blames Microsoft, I wonder...

Re:OMG

[psoriac]

You forget, this is Slashdot. Blame of Microsoft is understood to apply whenever possible.

Re: OMG

[Black+Parrot]

> Stupid people messing stuff up? I'm SHOCKED!

I, for one, welcome our new fucktard overlords!

Re:It's been said hundreds if not thousands of tim

[TMB]

Sure, but they point they're making is that it's not intuitively obvious to most people that there could be text in a Word document other than what appears.

So a relatively security-conscious person who just doesn't know anything about Word file formats could easily publish something online on purpose without knowing that there is (invisible) sensitive information in it, even if they'd never put that information in a public place on purpose.

[TMB]

Here's An Idea

[msblaster.exe]

Some needs to script a open source program that searches for this information on the web. Could you imagine knowing all the financial information about microsoft. We could use this information against companies we dont like and the open source revolation will spawn to mass amounts.

Re:Here's An Idea

[shaitand]

Microsoft has alot of money, don't you think they can afford to buy a decent wordprocessor instead of word?

oh wait...

True story.

[oni]

A sysadmin once sent me a form letter type thing with my new password in it. The username/password was a spreadsheet object and I was able to open it to see everyone's passwords. He changed them all when I pointed this out. BTW, why do people send email messages that just say "see attached file" and the attached file is a memo with some trival content that could have been the text of the email??

Anyway, I have to admit that I was also burned by word. I was in the habit of opening the last memo I wrote from the recent documents list and using it as the starting point for newer ones. At some point, I put a bunch of policy statements on a CD and was later told that everyone was reading the hidden text. Doh!

This was back in the days of office 97 I believe. I'm not sure if Office 2k or XP still have this feature/bug.

Re:True story.

[DrSkwid]

why do people send email messages that just say "see attached file"

because they select "send document" form the file menu and get a blank email with the document attached

Re:True story.

[homer_ca]

Saving Word to HTML gets rid of the hidden text, but it does still save Author information. I got this HTML spam where he saved a Word file to HTML and sent that as the message. Sure enough, the dumbass's real name was in the source as the author.

Re:True story.

[Li0n]

Even worse is when people send me a 4 MB email because they attached a word document with a pasted BMP screenshot of a full 1280x1024 desktop to see the text "404 page not found".

Re:True story.

BTW, why do people send email messages that just say "see attached file" and the attached file is a memo with some trival content that could have been the text of the email??

Uh, I dunno... because it's faster than cut and paste? Because it preserves metadata?

Re:True story.

[bailster]

In response to these kinds of file size/convenience/privacy concerns, some people use various shortcuts to get Word-generated text into emails sent through Outlook. (Also, if you do that, the recipient can listen to the email's contents using remote access systems, etc., that may not work with attachments.)

Question: if you cut and paste (MS) Word text into an (MS) Outlook email message, how much of the hidden/deleted data will follow along into the email? Does the answer depend on the "format" of the email (html, etc)?

What about if you use the "send as email" feature in Word?

Dang...

[DarkBlackFox]

Remind me not to save my importand documents to C:\My Documents\Porn\Annual Budget Report.doc anymore.

Re:Dang...

Here at our office we thought about hax0ring some people drives with porn pics and change them to pictures of praying nuns.

It's kind of a defacement... just the other way :-)

Tools

[rf0]

See Google. It can read word/pdf etc. Sure there is a mountain of information there if you look

Rus

Job Recruiters

I have received two such word documents from two seperate job recruiters. The actual companies looking for the employee were hidden in the document, as well as contact information for the person at the company. Screw the middle man

Re:Job Recruiters

Hey, sometimes even on job search websites it is worth looking at the HTML source of a job from a recruiter - there can be extra info in there hidden...

Re:Job Recruiters

[bird]

Back in 1997, we were interviewing my putative replacement, and one fine fellow sent us a Word resume and cover letter. In the cover letter, he shared with us the delightful sentiment that-- while he was interviewing several other places (1997, remember), we were his current top choice.

A colleague on the review team who didn't use Windows turned to strings(1) to get the data from these documents, which yielded us the information that a *lot* of this guy's other prospects were also his current top choice. Maybe it was true every time he wrote it, but... I hate to think... could he have been trying to *manipulate* us?

Re:Job Recruiters

I got two .DOC files from headhunters. The first one I couldn't read because I didn't have the correct version of Wurd. The other was about 100K -- 5K for the text and 95K for the company's logo graphic. 100K doesn't sound like much, but I live in the country and I have a slow dial-up connection, so it pissed me off.

Idiots. Use a resource editor to rename "Notepad" to "Microsoft Word Lite", and make 'em use that.

Re:Job Recruiters

[Sparkle]

Indeed. Underscores why m$word files should not be used on the web, besides the compatibility issues.

A few years ago when I took my last job, the job offer came in m$word format. Lacking the correct product, I used strings(1) on it to see what it said and was able to see 4 or 5 previous offers to 4 or 5 previous candidates. When I learned what my offer really said and expressed disappointment to my headhunter, I was able to get a better starting bonus. Very nice.

Re:Job Recruiters

[tealover]

Wait a minute. Your colleague "innocently" used strings to get the data because he didn't use Windows...and accidentally became privy to private information ?

I hope you guys didn't offer him the job because he's better off not working with sneaky bastards like you guys.

their fucking spawn of satan track changes

[Unknown+Poltroon]

is probably whats doing this. GOD it sucks. Theyve manged to make it more confusing and less useable in XP than ever before. You ever tried to tell a user what to click on in a toolbar? WTF happened to putting the goddamn command in the toolbar???

What exactly's the big deal here?

[GillBates0]

Using an ordinary online search engine and a random selection of keywords, Byers was able to find more than 100,000 Word documents including business documents and individual resumes.

No really, what IS the big deal? So supposedly, he did an online search, and did some text-extraction from Word docs, which Google helpfully does for you anyway, and came up with some "secrets" which were published online anyway, thus contradicting the term itself. Google also indexes PDF, DOC, PPT and many other formats anyway.

Moreover, if the information was indexed, it was either put online intentionally (either because it wasn't secret data, or out of malicious intent), or unintentionally. The latter case was probably because of poor sysadmining/webmastering, which isn't a big secret anyway.

Sorry for the sorry rant, but it's yet another friday evening with nothing to do.

Re:What exactly's the big deal here?

[Li0n]

It isn't the text but the metadata what's this all about.

For example, the article mentions the case of the Washington sniper. Some data of a published PDF was blacked out but if you opened the file in a text editor, you could still see the fields.

Re:What exactly's the big deal here?

[William+Tanksley]

Incorrect. You didn't read the article.

He did the search, as you said, but he didn't use Google's conversion; instead, he looked directly inside the DOC file, where Word keeps a bunch of information for its own purposes -- stuff that was deleted, stuff that was just in the wrong memory location when the save happened -- whatever.

He found legitimate docs, with legit contents; but they also contained some stuff that the authors didn't intend to publish.

-Billy

Re:What exactly's the big deal here?

[B3ryllium]

I haven't read the article - nor do I intend to - but I gather that the information in question is NOT displayed when viewing the document in Word, but has been "deleted" by the user. Word preserves the deleted text, it seems, as part of the undo feature - and yet, the undo feature doesn't work if you have freshly opened a file.

Sort of like deleting password emails from Outlook Express, and then having someone retreive them from the .mbx file despite the fact that you deleted them.

Re:What exactly's the big deal here?

[ratfynk]

So you load a word .doc it contains some nice little mail macros and bingo because you are stupid enough to use an unpatched illegal copy of word 97, (which is what one hell of alot of small business owners do); MS word to open it you get slammed. End of story. Go buy longhorny and help microsoft control stupid users! Pay Pay Pay

Re:What exactly's the big deal here?

No shit...

133 000 hits

Helpful Hint

[cgreuter]

Remember kids: strings is your friend. If you happen to get a job offer in the form of a Word document and the HR drone who sent it to you wasn't careful, you can often see the version that got sent to other candidates and, more importantly, how much money they were offered. It can do wonders for your bargaining position.

Re:Helpful Hint

how? How?! HOW!??!?!?!

Re:Helpful Hint

By using strings, you fuck.

Re:Helpful Hint

C:\> strings.exe document_name

Re:Helpful Hint

[Reziac]

Or for us DOS folks, there's XRay, last seen floating around Simtel (xray102.zip or something like that, in /textutils). It does a nice job pulling text strings out of any binary, and redirects handily to a file or your fave viewer (frex, LIST). I've used it to retrieve the complete content from a Word document that was hopelessly corrupted, and to see what fun was to be had in another document's "deleted" space.

XRAY is also handy for pulling text out of executables. Frex, a brief rant about upper management, found lurking inside an .EXE from an old version of Paradox. :)

Or if you're used to looking at raw binaries, skip the middleman and just use Buerg's LIST, as I do. :)

passwords.txt

[mindsuck]

Oh, so I'm not supposed to save all my important passwords in plaintext in a clearly marked "passwords.txt" file in my webserver for easy access?

Oh damn.

I'm seeing a weird problem...

I think it might be a new virus attack.

It seems that goatse is down.

Can anyone check to see if it's still working?

thx!

Re:I'm seeing a weird problem...

It is not down! I have been reloading it, just to make sure. I IM it to all my friends, and they all can see it... are you sure there is a problem with goatse or with your computer? Let me check once more... yep, it is online. Once more... yep! online!

Re:I'm seeing a weird problem...

You're full of shit. I have it set as my homepage.

Re:Slow news day

[zcat_NZ]

Anyone wants to guess what's the second most dangerous animal for human beings?

Other human beings?

Not just documents

[I8TheWorm]

It doesn't pertain to just documents. I've seen code samples posted to sites like experts-exchange where DB connection strings still had UID and PW data in them. Seems people don't re-read before they post very often.

Clippy did it

[sbillard]

It looks like you're trying to post a document on the web.
Would you like to...
1. Divulge corporate secrets?
2. List your passwords?
3. Remove KB823980 and open port 135?


It looks like your trying to close Clippy.
Would you like to...
1. Shit in your hat?
2. Put fist through bling bling flat panel?
3. Go home for teh weekend?

Re:Clippy did it

Clippy was sure annoying, but at least he spelled "you're" correctly.

Re:Slow news day

It's probably something like a jellyfish. But I'm going to guess that it's those vile bugs that live inside the beards of Linux Communist Hippies.

eh?

[DrSkwid]

google indexed PDF documents, it even turns them into HTML

of course you could always try http://searchpdf.adobe.com/

Now there's a way to search through more than a million summaries of Adobe(R) Portable Document Format (PDF) files on the Web. Your search results will allow you to see the summaries before deciding to view the original Adobe PDF.

Re:eh?

[I8TheWorm]

Crap! Maybe I should use google more often then.

Re:eh?

[DrSkwid]

once would work

8)

google

[FFON]

how did he get paid so much to his research?
i'm a doofus and came up with this search
"index of" secret .doc
google it baby

Check this out...

[Geminatron]

View some of the past word docs you've received in a hex editor...

Near the bottom there is often information from other documents of the sender that they were recently working on. I don't know why it saves this. Maybe something to do with the undo buffer?

At work I used to look at internal memos that would be sent out on a weekly basis and find out all sorts of other stuff that was going on.

Re:Check this out...

Quite possibly uninitialized memory.

Re:Check this out...

[Reziac]

Word thinks it needs some parts of its document format padded out to a certain size. To this end, it grabs random junk from RAM, other documents, or even the swapfile.

I've seen a case where someone whoopsidentally send a .DOC to a mailing list. Upon decoding it, I discovered not only the intended innocent joke, but also some bad porn written by the sender's boss, grabbed from gods know where (not originally part of this document).

Repost or just a big DUH!

[jriskin]

You mean word documents/[INSERT alternative MS product here] may contain crap you didn't think they did?! NO SH*T...

This has been a problem and reported for years now...

It's called Save As...

Oh? You say end users can't be trusted to understand technology and or can't be trusted to dispose of or not reveal sensitive information? Another...DUH!

OH NO!

[SatanicPuppy]

NOT MY PERSONAL INFO! NOOOOOOOOO!

This isn't just nothing new, it's old news. Wasn't this how they caught the guy who wrote the melissa virus? When that little popup window from MS Office came up asking for their personal info, did they just think Office was trying to get to know them better, in order to be their friend?

It's just silly pressmongering. Those dumbasses have to come up with a terrifying computer factoid every day, or the ignorant compu-phobes they prey on might come to their senses.

Just my opinion.

Re:OH NO!

[Gonoff]

I read the contents of that when It started arriving on our fileservers. It was pretty obvious that the guy who wrote it wasn't particularly worried about covering his tracks.

Re:OH NO!

Wasn't this how they caught the guy who wrote the melissa virus?

Can't say for sure, but this is how slashdotters found out the identify of the firm and the person who drafted the "Microsoft Switch" campaign. Through the word document that was linked.

Old News!

[ivanmarsh]

The fact that MS "productivity" products store user information in the files they produce hit the news very shortly after MS Office '95 came out.

It seems no one much cared back then because MS has obviously left this serious security flaw in their software.

Imagine that?

Re:Old News!

[ivanmarsh]

Thought I'd follow that up with a link from the hourse's mouth:

http://msdn.microsoft.com/library/default.asp?ur l= /library/en-us/dnword2k2/html/odc_ProtectWord.asp

Re:Old News!

[ratfynk]

The reason is obvious why they leave the security flaws intact. They are going to need to sell LONGHORNY big time to show corporated software sales growth to the stock holders. Their Xbox is still costing them money every time someone buys one, they are not making huge enough money from educational certification extortion any more, they are having a hard time keeping up with the number of software violation of patent law suits. They realy need to eat Symantec's lunch again without getting sued to the nines. They need Longhorn to sell in the Billions as soon as it is released, otherwise their paultry 30% margins will start to dry up. Their margins were over 40% before the 2000 dot com balloon blew up. They might have to settle for normal corporate profit levels if Longhorn takes to long to weasel its way into every computer.

My 2c.. and a terrible pun.

[zcat_NZ]

It's only going to get worse; google's really expanded on the number of File types it indexes and caches.

One of my clients was recently caught out when google indexed private metadata she didn't know was still there, so I can well understand the gravity of this situation.

Re:My 2c.. and a terrible pun.

[randyest]

Whoa, that's very cool. I love it when I learn a new google goodie.

If you didn't try that 'gravity' link in the parent, check this out. Google calculator -- takes input in standard algebraic format, and knows some variables and units too (such as "G" being the universal gravitational constant, "mass of earth", and "radius of earth"), so you can just use the variable name and google fills in the values, converts units as needed, and gives a numeric result. Nice.

However, unless I'm doing something wrong or they're stil updating, the known variables seem rather limited. ( population of china ) / ( surface are of earth) didn't work. Neither did ( 1 barleycorn ) / (1 mm).

Anyone have tips on this new google gem?

Re:My 2c.. and a terrible pun.

[inerte]

Anyone have tips on this new google gem?

Look, look:

http://www.kuro5hin.org/story/2003/8/14/21307/51 89

Re:My 2c.. and a terrible pun.

[pherris]

Just to build on this thought try searching google for +"internal use only" filetype:doc or +"internal use only" site:.gov filetype:doc.

Basic programming techniques, eh?

[Xeth]

Is that all it takes to hack into Microsoft's file servers anymore?

i have my own special program that does this...

[jkitchel]

it's called http://www.google.com and you search by "top secret documents filetype:doc".

Is this news to anyone?

I mean, c'mon. Anyone with half a brain can open a M$ Word document in a plain text editor and without and work whatsoever find out what the SMB name of that computer is, on what drive the OS is installed, what printer and what the name of that printer is and so on and so forth.

If this is newsworthy, so is telling "If you press F3 in Explorer, or if you start DirectPlay, your computer will try to connect to Microsoft servers to do stuff behind your back".

It's easy...

[inertia187]

This is the easy way:

"Index of" "Name Last modified Size Description"

Then you add file extensions or other things. For example:

• mpg
• mov
  
• mp3
• secret - doesn't have to be file extensions...
• "My Documents" - yeah, that's secure...
• etc

Anyway, as you can see, it's pretty effective. Sometimes admins wise up, and all you have is the Google cache. But sometimes they don't, and you get to look. Thanks Google!

Re:It's easy...

Wow... all i have to say is wow. so i figured it'd be fun to go find kids grades and i added "grades" to your "my documents" link. guess what popped up in google? Some teacher's affair. This is kind of scary when you think about it....

Re:It's easy...

[CSG_SurferDude]

OMG!!!

I'm ashamed to say that I never even thought of that one.

Thanks for the it, Now I have a chance of completing my bootleg collection of Pink Floyd albums ;-)

Re:It's easy...

[tfazzone]

here's another one to try in google: internal use only confidential

Re:It's easy...

[Reziac]

On substituting "hidden" for "secret", one of the first results was this amusing bit:

Index of /Courses/S03/ECSE-4961/Finding Hidden Things

Well, yeah, that was the whole idea... ;)

Re:It's easy...

[nicky_d]

Of course, once porn vendors latch onto this (they seem to have been onto the "index of" part for a while), going through the results will take long enough to invalidate the technique. Unless you add something like "-blowjob", I guess. Ah, Google wins again. Don't forger you can specify the above search strings as "intitle:" phrases to focus the results a little more.

Re:It's easy...

[inertia187]

Actually, the porn vendors have to be careful to keep things well behaved. For example, if they use a real Apache directory listing, they have to stock it full of html files, which are easy to spot an ignore. But if they use a copy of an Apache directory listing and modify it so that it can do popups, there might be a way to get google to filter it. For instance, an Apache directory listing has no business having a element. I just don't know if Google will let you filter based on HTML elements.

Re:It's easy...

[mcrandello]

I always added "Parent Directory" in to make sure I'm getting a real index. May help weed out porn pages as someone above me suggested may happen.

I hate to state the obvious but,

[pair-a-noyd]

how many incidents will it take before people realize that ALL Microsoft products are insecure?

What will it take? What happens when a script kiddie hacks a hospital and shuts down the life support systems in ICU? Or just juggles the meds for the patients so that everyone in the hospital gets the wrong meds?

Or perhaps they glitch the Air Traffic Control system and airplanes rain down from the sky and tens or hundreds of thousands of people die??

Before the last war in Iraq started they showed the "state of the art" US command center just across the border in a big tent.

Tens of dozens or more, soldiers and dozens upon dozens of PC's. You could clearly see on the displays that they were *ALL* running Windows.

I though, "Oh shit, the security of this country is being placed in the trust of the worst product ever..."

Those PC's I saw were NOT Tempest, for one, and then add the Windows factor in plus the state of war and you're asking for serious trouble.

Windows will at some point cause a massive catastrophe and cause great loss of life and property. You can bet on it.

This country is far too dependent upon computers to operate. When the computer goes down, well, sit on your hands for awhile...
I remember the days before computers, everyone got things done just fine. Now no one knows how to function without them..

Re:I hate to state the obvious but,

[lyingidle]

Ok,

I have worked in Hospital's IS departments and have also spent some time in the Army, and in neither place was any critical system run by Windows machines. What you do see are lots of cheap Windows boxes using terminals to access UNIX machines.

Think about it. Currently it's alot easier to support a bunch of Windows desktops than Unix or Linux desktops. More people are familiar with them. Most users know how to launch applications in windows (Double click the big "E"), all they need to learn now is one more app, THE ONE RUNNING ON UNIX, being presented to them in a friendly Windows context.

Done

- Learn from the mistakes of others. You can't live long enought to make them all yourself.

Re:I hate to state the obvious but,

[GigsVT]

alot easier to support a bunch of Windows desktops than Unix or Linux desktops

You picked a bad day to say that, after thousands of us spent last week running around putting patches on Windows machines.

A simple shell script would have done it all automatically had those clients been anything other than Windows.

Re:Mleh

[shades66]

The next edition of Office 2003 will include tools that will allow users to remove personal information from a document. It will also include new "information rights management" that will let an author specify who can read or forward a document."

So microsoft are going to add tools to remove what shouldn't be there in the first place? Can't they just fix their software to not include it in a first place! What is next? INTERNET EXPLORER 2008 will have a new feature that allows the user to stop virus's being automatically executed. Order now at $399 to protect your computer from our shoddy software!

Don't worry

[ratfynk]

Gates and co will take care of all your sensitive info, very soon. With the help of the DMCA Sen. Fritz and MS servers we all will be so secure that no one other than MS and the right Government agencies will be able to unlock your lock online .docs. So smarten up bow to Redmond and pay up suckers! Its upgrade or lose mania time again can your business not afford the wonderfull new security thats coming? Good luck getting your secretaries to use anything other than MS orafice!

Re:Don't worry

[ratfynk]

Wow I pulled a good spelling error SECRETARIES, a new job classification, for employees who do all your dirty work and keep their mouths shut!

Update: Because he confessed...

[finallyHasANickname]

...that he did that in public, a swarm of black helicopters arrived immediately in front of the laboratory. He was promptly hauled to jail for violating the DMCA.

At the courthouse, all people who use Google and who got caught were also standing in a queue to await indictment proceedings before a federal grand jury...

Microsoft blames the slowup on commodity protocols and recommends MS-Jailer 2.0 (just released) to speed up the whole process "with only one degree of separation".

Scott McNealy's face turned red, and he proclaimed, "Look. Those people are standing out there in the heat, which is about all you should expect with the power efficiency levels of throwback 32-bit CISC technology throwing the book at them and with Microsoft's jailing software countercompetitively tied to the kernel, which is in C++, not C, not Java, not standard, not open like..."

Another way to find "secret" data

[cnb]

How many people actually protect their website
statistics?

Adding a simple /stat/ or /stats/ or a variation
with a combination of "web" or the name of any of
the common statistic generation programs gets you
access to the statistics of a *lot* of websites.

Then from the stats you could find any "hidden"
data which is not linked on the site including
internal company documents, girlfriend's nude
photos or mp3s.

Alternately you could just google for the
statistic reports of sites and get there
more easily.

This is another case of ill informed or lazy
users not following what should be a simple
security policy which could cause serious
repercussions.

For those who want to know how to protect
yourself, read this link.

Word documents are stupid.

[rice_burners_suck]

This is WONDERFUL!!! This information should be pointed out to those annoying people who email you those annoying Microsoft Word documents, when the content could have been presented just as effectively (or more so) in plain ASCII text.

But instead of explaining it all technical and telling people how they can strip private information, you should use Microsoft's own techniques of FUD against them by telling people that Microsoft Word files contain all their private information and that information is gathered into a database by a ring of 1337 h4x0rz around the world, who then use the information to steal your credit card numbers.

People are so stupid that they will actually believe that.

Re:Word documents are stupid.

[bsd+troll]

But not stupid enough to listen to you, fortunately.

Re:flamebait ?!??

[zedmelon]

Kiss my ass. How is this flamebait?

MS Word got Tony Blair busted in the WMD case

[leoaugust]

Tony Blair got busted in the WMD case because of the names of the people who revised the WMD Documents were still in the Word file. Now, it seems, that the Downing Street only puts PDF files on the web - and has removed all the MS word documents that were already there ....

Tools reveal secret life of documents - Documents like in Word save too much Info - Blair Episode

By Mark Ward

July 03, 2003

The UK Government was just the latest in a long line of organisations that has learned to its cost just how much information can be gleaned from innocent looking files. Earlier this year it issued a document called the 'dodgy dossier" about Iraq's concealment of weapons of mass destruction that was written using Microsoft Word. Every Word document remembers who made the last few revisions to it. The log reveals the names of four of the people who prepared the Iraq document for publication and the government Communications Information Centre that some of them work for. It was this log that Number 10 press chief Alastair Campbell had to explain to the House of Commons Foreign Affairs Select Committee in late June as part of its investigation into the Iraq dossier's history. Some of this information can be seen simply by right-clicking to view the properties of the downloaded document in a file listing. Utility programs can get even more information from Word revision logs.

The life stories of the documents we create are becoming increasingly important as the scrutiny of industries and governments gathers pace. Every time you write or edit these files you leave a trail of information revealing what you did and when you did it. With the right tools it is possible to extract this data and work out the trail of authors and workers who created a document. That is why we should all use opensource and open data formats - so that we can humanly read what all we are "putting" into the document. The Word version of this document has now been removed from government websites but copies of it are still available elsewhere on the net.

Unabridged and unedited article at

http://news.bbc.co.uk/2/hi/technology/3037760.stm

Re:MS Word got Tony Blair busted in the WMD case

You trust the BBC?

BBC Leak Blows Al-Qaeda Sting Operation

They are obviously more concerned about getting attention then in things like accuracy and responsibility.

Re:MS Word got Tony Blair busted in the WMD case

I always said a responsible press does exactly what a foreign government tells them to do.

Re:MS Word got Tony Blair busted in the WMD case

You trust the BBC?

BBC Leak Blows Al-Qaeda Sting Operation

They are obviously more concerned about getting attention then in things like accuracy and responsibility.

I would have said, "they more concerned about accuracy and responsibility then furthering the agenda of a fascist goverment". Do you really think, that this guy (an east end barrow boy no less) should just be "disappeared" off of the streets with nary a word said in the press? That this was a clear case of entrapment is hardly relevent the really scary part of this story is that dolts like you are prepared to trade in liberty for an illusion of safety.

Re:MS Word got Tony Blair busted in the WMD case

[meringuoid]

They are obviously more concerned about getting attention then in things like accuracy and responsibility.

Irresponsible? Possibly... it's conceivable that someone might have escaped being disappeared to Gula^H^Hantanamo as a result of the BBC breaking the story so early. But inaccurate? As far as I am aware everything in the BBC's report was true.

Personally, I'd trust a news agency that broke the news regardless of whether or not Bush liked it, rather than one which only published news that the Party considered helpful.

The British experience - government stupidity

[pyrotic]

Have to post a link to this famous example, the dodgy dossier. There was a writeup here. If you're thinking of making the case for war, don't release Word documents to the press - unless they're very very docile.

Images too!

Cat Schwartz, of TechTV fame, discovered that cropped JPEG images may also contain uncropped thumbnail images (warning: PG-13 content). There's some debate whether the images in question came from Photoshop or from a thumbnail image stored by the digital camera, but it was a humbling oversight in either case.

Re:Images too!

I wish she had never found that out. There's no telling what we could have seen in other photos.

Re:Images too!

According to the EXIF information stored in the jpg, the camera was a Nikon D100. The thumbnails are created when you take the picture.

Nice camera, but nicer tits.

if anything, the opposite

[siskbc]

This will become a common way for 'big' corps to spy on 'small' corps (and individual users?), to find new ways to both screw them over, and appear 'omniscient'. They'll never (or rarely) get called on it. Meanwhile, anyone who tries to reveal information discovered in this way which is incriminating towards said big corps will get sued for being "hackers" and/or "terrorists".

Aside from the paranoia overtones, I still disagree. The tools for doing this are on the web. Right now. So in other words, a weapon has been released that is free and easy to use. If anything, this will help small, poor companies with no resources for industrial espionage get a little information out of people who don't know any better, including their large-company rivals. All they have to do is hire one of the celibate wonders that read slashdot, and they're in business.

DMCA violation?

[notcreative]

By using tools that break the "encryption" on, for examply, the Washington Post .pdf file mentioned in the article, isn't the researcher violating the DMCA? Isn't his whole project bragging about doing this, a la 2600?

I hope he remembers a few packs of cigarettes in order to buy himself a few nights of sleep in the Big House.

Re:It's been said hundreds if not thousands of tim

[shaitand]

Solution: stop installing word on your corporate network. Stop allowing users to install software. No more problem.

Re:Prediction (x1488)

Objection, your Honor, this is pure speculation. The prosecution has not established sufficient grounds that this witness is qualified to predict what dominant and powerful techniques will be used in the future.

SUSTAINED!

Re:WHERE ARE THE WMD'S

Thank you, Saddam.
Or, if you're not Saddam himself, you are at least his personal cock sucker.

Re:Slow news day

Actually, the truth is that the mosquito kills more humans each year than any other animal. Go look it up.

Didn't I already write about something similar?

[NewtonsLaw]

This isn't really new -- check out this story I wrote for CNet/ZDNet over a year ago.

This not anything new.

[gnuforpresident2004]

This type of thing happens all the time but just with digital media but with other media also. People go through others garbage recreating shredded documents, camcorders catching people in the act, carbon paper, copying machines. You always need to be careful when dealing yours and others information.

Newsflash: People shoot themselves in feet

[darthwader]

... then suffer foot wounds.

At the risk of being moderated Troll and Redundant,
Why are these people posting Word Documents online?

The Word Wide Web is not the Microsoft Wide Web.

Post in plain ASCII text, or HTML if you feel the need to pretty it up.

People keep using tools that are far more powerful and complex than they need, then they screw up, and blame the tools. Pick a simple tool to do a simple job, and you don't need to worry about your ignorance of the tools you are using causing you problems.

Re:Newsflash: People shoot themselves in feet

Why are these people posting Word Documents online?

Because they know how to use Word and perhaps a simple CMS, they don't know a lot of HTML. How would the average Wordphile go about putting a document with a chart in it on the web? Organisations with underdeveloped IT policies and staff are condusive to this kind of behaviour.

Re:Newsflash: People shoot themselves in feet

[chrislee35]

Typing in Word is convenient for most people because of simple speel-checking :). Then if they want to publish online, they have to export it, right? Well if you export from Word, then it add tons of meta-tags with possibly unwanted information in there as well, and Word does a crappy job of exporting to text. Besides, people don't like looking at boring monospaced text documents. HTML just looks better, right?

Re:Newsflash: People shoot themselves in feet

[ishmaelflood]

Well they'd probably hit the "Save s Web Page" command in the file menu.

If you don't mind the size it is pretty painless, and often works.

It comes down to one question

[Alethes]

Is security the responsibility of the software of the users? Should we point the finger at that horribly insecure software that shouldn't allow this sort of thing to happen or the ignorant users who put the sensitive data in the document? Both?

Re:Slow news day

No, it's an insect. We discount the people from the list.

UK govt caught out

[g_attrill]

This has happened to the UK government several times. The latter link shows whose sticky fingers were on the infamous "dodgy dossier".

Gareth

Re:Slow news day

Mosquitos just transfer viruses and existing diseases known to the humans. Mosquito byte by itself is harmless for humans, unless there's also a virus injected into the human blood. You're right in terms of numbers, but let's say we leave the mosquitos out of this list.

Re:WHERE ARE THE WMD'S

As Saddam's personal advisor, I'd advise you to crawl back into Dubya's stinking ass.

Re:Slow news day

Ok, time is up.

The most dangerous animals (counted by the number of humans, killed globally within the recent years):
1: Snakes.
2: Wasps and bees.
3: Alligators/crocodiles.

See the post above explaining why mosquitos is not exactly correct.

Re:Slow news day

let's say we leave the mosquitos out of this list

Okay. It's just that they are so small and easy to pick on.

It Must Be A "Technological Measure"

[John+Hasler]

So who is going to be the first to claim that running a Word document through strings violates the DMCA?

Just cat it

In some cases all you need to dig up the sensisitive information is to "cat word.doc". Assuming you have some *n*x utilities lying around. *n*x should be outlawed.

You belive the FBI ? ? Re:MS Word got Tony Blair

[leoaugust]

Well, interesting that you should hit BBC where it hurts, an in some cases maybe they deserve it. But, I think this "story" that you talk of is not one of those. Look at my take of the story behind the story behind the story .... The Blair-Bush team is more devious than you might want to believe ...

ALL Quotations below are from the MSNBC article ... my comments are in the [TT] [/TT] format ....

At the end of the day, officials say, the Lakhani case remains a story about potential threats and not the real-life terrorists they had once hoped to nail. For all the hoopla over the case, the official confirmed, it was essentially a government-arranged sting that never involved any contact with actual terrorists. If there was no contact with a "real" terrorist, how were they supposed to trap these "real" terrorists ??? But, wait, it gets even better .. the terrorists in the case were essentially all actors -undercover informants playing associates of terrorists for the purposes of making a case against Lakhani, an international arms dealer who, according to Christie, has a history of alleged criminal activity. So, now a person who tends towards a certain kind of behavior is now enticed ... Does this bring to mind the word "entrapment?" They noted that Lakhani, in taped conversations with undercover operatives, expressed his hostility for the United States, his sympathy for bin Laden and his willingness to work with terrorists to supply them with the weapons they needed to shoot down airliners. Is this hostility really surprising when it is known that majority of the world population thought Mr. Bush's actions have been consistently unjust and immoral? We didn't want this to get out before we could determine whether this guy would cooperate or not.? So, now you tempt him even more. Promise the fix to the junkie. Even if the tendency to additction is genetic.

And what better thing to do to tempt the suseptible by playing both sides - being the buyer, and being the supplier. It sort of reminds me of the "Truman Show." The FBI and Department of Homeland Security agents then arranged to involve the Russian FSB, that country's security service. When Lakhani flew to Moscow last month to actually inspect the missile he would be buying, he met with two FSB agents posing as missile suppliers. Looks like a scene from a C grade movie. The snookered Lakhani then arranged for the missile to be shipped from St. Petersburg and made a commitment to the two FSB undercover operates to buy 50 more such weapons as well as a multiton quantity of C-4 plastic explosives. Snookered Lakhani ... yes, snookered .. you know what snookered means ? It means Fooled or duped

When you wake up, ask yourself ... could you be living in times scarier than these ....

Re:OMG-Crimes of the century.

Microsoft is to blame for:

Bubonic Plague.
Baldness.
The Hair Club For Men president, getting run over.
Sonney and Cher breaking up.
Sonney smacking into that tree.
The Solid Gold Dancers sucking.
Michael Jackson turning white.
Global Warming.
The previous Ice Age.
WMD's in Iraq.
Dogs and Cats living together.
That birthmark on Gorbachev's forehead.
Plastic fake vomit.
Fake switch ads.

morons almost choking on smoke&mirrors ?pr?..

execrable.

fauxking ?pr? ?firm? 'information'/blame filtering(tm) is worse than useless. in fact, it's a crime against humanity. those who practice deception for a living, will take their place among the walking dead.

the lights are coming up now (no pun intended).

the stars were quite visible for folks who almost never see them, last night. don't forget to glance skyward tonight/often.

you can pretend all you want. our advise is to be as far away from the walking dead contingent as possible, when the big flash occurs. you wouldn't want to get any of that evile on you.

as to the free unlimited energy plan, as the lights come up, more&more folks will stop being misled into sucking up more&more of the infant killing barrolls of crudeness, & learn that it's more than ok to use newclear power generated by natural (hydro, solar, etc...) methods. of course more information about not wasting anything/behaving less frivolously is bound to show up, here&there.

cyphering how many babies it costs for a barroll of crudeness, we've decided to cut back, a lot, on wasteful things like giving monIE to felons, to help them destroy the planet/population.

no matter. the #1 task is planet/population rescue. the lights are coming up. we're in crisis mode. you can help.

the unlimited power (such as has never been seen before) is freely available to all, with the possible exception of the aforementioned walking dead.

consult with/trust in yOUR creator. more breathing. vote with yOUR wallet. seek others of non-aggressive intentions/behaviours. that's the spirit, moving you.

pay no heed/monIE to the greed/fear based walking dead.

each harmed innocent carries with it a bad toll. it will be repaid by you/us. the Godless felons will not be available to make reparations.

pay attention (to the weather, for example). that's definitely affordable, plus you might develop skills which could prevent you from being misled any further by phonIE ?pr? ?firm? generated misinformation.

good work so far. there's still much to be done. see you there. tell 'em robbIE.

Re:It's been said hundreds if not thousands of tim

Since when is .la Los Angeles? Wtf??

mynuts won, again

just kidding robbIE.

Heh

[dodell]

He says hidden information can "incredibly useful" in improving the functionality of the software. "But if some of that data is sensitive, there have to be ways of ensuring that it isn't distributed where it shouldn't be," he says.

Apparently they need to use some of the software he used to get a conjugation of the infinitive "to be" back into their text.

Re:Heh

That's ok, when you run the documement through 'strings', everything looks fine.

In Capitalist America...

In Soviet Russia, you make document with Word.

In Capitalist America, Word documents you!

--AC

Online what's that?

[qat]

Rights online? What? Where did THEY come from?

Here's the doc

[Pentagram]

The Word version of this document has now been removed from government websites but copies of it are still available elsewhere on the net.


Here's a copy of the document. Should save anyone else the trouble of googling for it </karmawhore>.

Re:Here's the doc

Can't find anything in that doc other than "MKahn". Does say 4 revisions tho. What am I missing? Strings doesn't seem to return anything useful

Sanitizer

[Spunk]

Certainly, the best solution would be not to use proprietary formats.

But for those who don't want to change, is there a "Word sanitizer" tool available? Something that will convert one Word doc to another, minus the hidden text?

I stopped reading after "Microsoft Word documents"

[sproketboy]

This is old news. Anyone who would post a DOC file on the web is a dunce anyway. My 2 cents. :)

up to parent directory leaks

[whovian]

Finding personal information in the document metadata is one thing, but finding the documents is another.

I still find user accounts on which if you do a manual "up to parent directory" and the user has no index.htm{,l} file, you often get a fully navigable listing of their entire html directory.

Sometimes you find personal files that were never directly linked to, nor intended to be.

Word doc Cleaning Program?

[superyooser]

Does anybody know of a program that can clean up deleted info in Word docs? I'm thinking of something like Ad-Aware that scans for certain files, shows you possible security issues (supposedly deleted text, metadata in document properties, etc.), and asks you what action it should take (wipe out/edit text, delete file, etc.).

Microsoft's article on reducing MS Word metadata

[200_success]

It has been known for a long time that metadata are hidden within Microsoft Word documents. Microsoft even has Knowledge Base article 237361 explaining how to reduce the amount of metadata appearing in MS Word 2000 documents. Here's an excerpt:

This step-by-step article explains various methods that you can use to minimize the amount of metadata in your Word documents.

Whenever you create, open, or save a document in Microsoft Word 2000, the document may contain content that you may not want to share with others when you distribute the document electronically. This information is known as "metadata". Metadata is used for a variety of purposes to enhance the editing, viewing, filing, and retrieval of Office documents.

Some metadata is easily accessible through the Microsoft Word user interface; other metadata is only accessible through extraordinary means, such as opening a document in a low-level binary file editor. Here are some examples of metadata that may be stored in your documents:

• Your name
• Your initials
• Your company or organization name
• The name of your computer
• The name of the network server or hard disk where you saved the document
• Other file properties and summary information
• Non-visible portions of embedded OLE objects
• The names of previous document authors
• Document revisions
• Document versions
• Template information
• Hidden text
• Comments

• Metadata is created in a variety of ways in Word documents. As a result, there is no single method to remove all such content from your documents. The following sections describe areas where metadata may be saved in Word documents.

I'll bet there are more, but they won't disclose them.

It's a pity that more people don't just save as RTF. It's just as good for most uses, and it's a less obscure format.

Why Word Does This

[spectecjr]

I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

You're not.

There are two ways of saving a word document:

• Fast Save
• Full Save

Fast Save dumps the binary from memory into the file. Full Save compacts the binary image, and reorders it. This takes time.

Word's text stream is stored using a piece table. One of the benefits of a piece table is that if you keep the meta information about the text, you can get nearly infinite undo. The way it does this is by having an original data stream, and an appended data stream. Whenever you add data to the file, it gets added as a chunk to the end of the appended data stream. Whenever you delete, the meta table is updated to remove the text from the stream, but otherwise the text itself is left unaffected.

As a result, text is never removed from the document. A Fast Save (which is the default) under Word dumps the Piece Table as-is (there is probably some compaction over time to remove the no-longer-used data, but it probably only occurs above a given threshold of used to unused text). A full save deconstructs the piece table's meta information, and turns it back into one contiguous stream of data.

It's all just a function of the way the text is stored while it's being edited. Different editors have different mechanisms; some store data based on lines, and some store it using a gap buffer. But ultimately, the problem exists because Word uses a piece table, and it dumps the entire table to a file by default.

It's actually a sensible way of handling the text data. However, whoever designed the Fast Save algorithm probably didn't consider the ramifications of the text still being stored in the document. The best workaround? Wipe the unused sections of the piece table. But then you might as well return to using a Full Save, as you'll be ditching the performance benefits anyway.

Simon

Re:Why Word Does This

[Psychic+Burrito]

What I don't understand is why Microsoft even does this distinction between fast and full save when it would be possible to create a single save mode that is both fast and full, bear with me for a moment:

At the moment the user hits "save", "fast save" is faster because Word doesn't has to do any re-interpreting of what is already in memory. This step is what makes full save slower. But the re-interpreting doesn't has to happen at the moment the user hits "save", it can happen all the time while the user is editing his document. During editing, the performance of the machine is largely unused anyway. And when the user hits "save" in this better version of Word, the application can just save the interpreted data to disk, which is even faster than "fast save", since it's less data!

Any comments? Thanks! :-)

Re:Why Word Does This

This doesn't sound bad to me, and I write software for a living.

But I think you are missing the point. When you are developing a large complex software project, there are always hundreds of different trade-offs and design decisions to be made everywhere. In general, each design decision needs to be examined for exactly the gotchas that caused this article to be written in the first place. That simply is not done at Microsoft. Not that other software deveopers don't skip this kind of analysis, but at Microsoft, it seems to be a standard way to do anything! And the result is the insecure, hacked-up, unstable piece of crap software mess that Windows and Windows software has grown into.

Everyone on /. seems to be hung up on the monetary cost of Windows and Office software. I am far more concerned with the hidden dangers mentioned in this article.

As for the stupidities mentioned in the article about PDF files, this is a problem with training. Too much computer software "training" is a rote description of "point here, click there" with absolutely no understanding of what the underlying processes are.

Re:Why Word Does This

[blibbleblobble]

"However, whoever designed the [MS-Word] Fast Save algorithm probably didn't consider the ramifications of the text still being stored in the document."

I have to say, emacs is probably one of the worst offenders in this regard: there must be loads of people with the source-code to their web pages available as index.php~ or #index.php# which they've forgotten to delete.

Re:Why Word Does This

You sir, are full of shit.

SCO vs. Microsoft lawsuit in the works already!

Not sure if you read the article, but certainly Microsoft does deserve part of the blame. How much - it will be up to the courts to decid.

McBride's still working on his angles here with his team of lawyers, but you can be assured mr. bill bigpockets will pay for this.

Something to do with proprietary, copywrighted Xenix code comments being published in Word documents on a Microsoft.com server...

Not Just for Fast Save Anymore?

[ewhac]

Back in the days of Word 5.1a (the last good version), I recall hidden data only getting saved if you used Word's "Fast Save" feature. Since Fast Save wasn't measurably faster, I turned it off. Is this no longer the case? (A quick look through the preferences panel in my copy of Word reveals a Fast Save option; it's turned off.)

Schwab

Best way to avoid this

[foniksonik]

The absolute best way to avoid this happening.

Copy your final text from your working draft into a brand new document. Yep good ol' copy and paste. You will only copy the selected text. All the auto-save data and edit history will not be copied into the new document. If your document has charts/graphs/placed images, etc. You will need to do a select all to be sure you got it.

If you always do this for final drafts you won't ever have a problem again. If in doubt of whether your current copy is clean.. just do it again, then delete the old copy.

Try it out. If you need to confirm... go ahead save as plain text, or whatever. It works as advertised.

Re:Best way to avoid this

[Reziac]

Not exactly.

What gets saved out as plaintext doesn't include the "hidden" stuff. So it's not a good test of what's under a .DOC's covers.

What your paste-to-new-document method does, is get rid of the "deleted" stuff. However, it does nothing for padding (random junk which can be grabbed from anywhere, including the swapfile) that may occur when you save the new document, nor for your UID string. And it assumes that your normal.dot (or whatever file Word now uses as its empty-document template) hasn't accumulated any "deleted" data.

Some of the template .DOTs that ship with Word contain leftovers straight from Microsoft. Nothing too entertaining -- just a few employees' names, working paths, and default printer IDs.

Slightly OT: just read Crypto-gram

[bmckeever]

If you're interested in these articles, read them on the Crypto-Gram newsletter instead of waiting for /. ers to read it and post them here.

DRM

Don't worry, happy, happy not-stalinist-totalitarian-at-all-honest DRM will make sure this can't happen in future!

Comment removed

[account_deleted]

Comment removed based on user account deletion

MS Word

[drakewyrm]

Unfortunately, a great many companies require documents to be in MS Word format. I have heard horror stories about people being required to submit MS Word resumes for jobs working with open/free software. What /is/ the attraction of that particular file format, anyway?

I know. Vendor lock-in. Still hadda ask.

Re:MS Word

[little_fluffy_clouds]

I hardly see that as a horror story. In my experience, the HR dept run what the HR dept wants to run (guess). The backbone of the organisation may very well be open source, but it's HR that do the employing.

You can read old .doc files with Kwrite

[mistermax]

The ability to read deleted/old info is not new to me. Recently my girflriend was updating her Curriculum Vitae. It had been edited on several versions of Word,on a 3.5 floppy. When we opened it in OpenOffice, we got the last version she had edited. Then she reopened it in Kwrite, and we saw there an entirely different document- in fact, the same CV, but from a whole year prior to the last version. Maybe other people have noticed you can do this?

duh

[simontek2]

i find those all the time, i enjoy searching for files and such people do not intend for the mass public to see. you just need to know how and where to search. heck, have fun looking at Gov't spending.

PDF

If you make a PDF with ghostscript or PDFTex is there still metadata in them?

Re:flamebait ?!??

[drakewyrm]

What /are/ you ranting about?

There are advantages!

[oren]

Once, when negotating an investment deal, we got a Word document with the investment bank's comments on our proposed contract.

They tracked changes. All we needed to do was display them... and we got juicy stuff like "if they accept either our fix for clause X or for clause Y we can still s---w them royally in scenario Z".

Made for a very effective negotiation. For us.

Oh, wait, the article was about the problems this raises for the document's _author_.

Never mind :-)

Word attachments

[BrokenHalo]

I've started getting nasty about Word attachments. I've set up my mail transport agent to send automatically send spurious responses to messages with .doc attachments with a polite policy message to the effect that their attachment had been rejected as being prepared with potentially insecure and malicious code, and if they care to send it in a sensible format I might deign to read it. If the sender isn't in my whitelist, I just consign it to the spam bin. Saves a lot of time, and some people have got the message. And if they don't get the message, I don't much care if I don't hear from them.

Re:Word attachments

Send them *roff documents. When they complain about not being able to open it, say "What do you mean? this format has been around forever! If I can open a .doc, you can open this!"

I hate stereotypes

It's articles like this that really kind of tick me off. I'm CONSTANTLY telling my customers that regardless of what they heard, Windows is not the best way to go. I'm informing them about the ups and downs of linux, and Mac. I also happily inform them that I can build their networks with a Linux main and windows in vmware which minimizes the amount of damage that can happen due to viruses. I've gone so far as to bring clients to my home to see my personal network so they can make an educated decision about if linux/vmware is the right choice for them. And I show them the mac machines I have.

But when people read articles like this...it makes my job all that much harder. While it's true that MANY of the people in my feild in this area do just that, I've worked for YEARS to prove I'm trustworthy, things like this cause my clients to have doubts in my dedication to THEIR needs, security, and functionality and quite frankly it #$%#$% me off.

Re:It's been said hundreds if not thousands of tim

[MegaFur]

Yes, but it's precisely because it isn't intuitive that training is required. In theory, tips along the lines of "don't-put-MSWord-documents-on-the-web" would be covered in the security thingie.

http://www.tu-darmstadt.de/~rkibria

I use a free hex editor called frhed. The product says its home page is http://www.tu-darmstadt.de/~rkibria

Its great for checking AND CHANGING the actual contents of ANY file.

Re:http://www.tu-darmstadt.de/~rkibria

[Reziac]

Thanks -- it's moved to http://www.kibria.de/frhed.html
(but a redirector is in place from the old link). Will give it a whirl; sounds nicely featureful.

For hex editing, I'm still using the ancient and tiny CalTech FM, "File Modify" -- dated 1985! Some good programs never die. :)

Internal Dutch Microsoft Marketing powerpoint file

[cerberusss]

I actually experienced something like this myself. My gf was working on her graduation report and while googling, she found a powerpoint file on the Dutch Microsoft site. It was about their partner strategy, i.e. who would manage their partners and in what way. I mailed it to the director of my division, who found it rather interesting. Some days later, it was gone from the MS site.

Re:Slow news day

[ComaVN]

Snakes just transfer poisonous chemicals known to the humans. Snake byte by itself is harmless for humans, unless there's also a poisonous chemical injected into the human blood. You're right in terms of numbers, but let's say we leave the snakes out of this list.

www....

www.internalmemos.com :D

Re:Microsoft's article on reducing MS Word metadat

[mnewton32]

It's a pity that more people don't just save as RTF. It's just as good for most uses, and it's a less obscure format.

If you've every tried opening an RTF document from MS Word in any other program, you'll realise why this is a bad idea.
You know what HTML from Word looks like, right?...

Who the hell needs that

[Snaller]

you can get nearly infinite undo

A paragraphs worth is should suffice.

great dept.

[McAddress]

The first thing that came to mind when I saw the article's de[t. when-is-delete-not-delete? dept was the press release from the Windows XP London launch

Re:It's been said hundreds if not thousands of tim

[shaitand]

interesting, we have a story about word being nasty, bloated, and most importantly, a security risk. I suggest getting rid of the security risk since there are plenty of other choices.

Somehow this makes me a troll? What do we mod down ANYTHING that even hints at being a negative statement about microsoft products now days? How slashdot has changed...

Re:flamebait ?!??

[zedmelon]

I viewed my original post by clicking the link to it in my comments page, the same link can be found here, and it gives you more info about moderation:

WHAT?!?? (Score:5, Funny)
by zedmelon (583487) on 2003.08.15 15:36 (#6708189)
(Last Journal: 2003.08.02 12:09)

...and I saw that some assmonkey had moderated me as flamebait. I suppose I can see a staunch MS fan could see it as flamebait, but I didn't think they were allowed to post on /.
;)

Plus, you can train users until the end of time...

[laupsavid]

...and they still won't give a fraction of a shit about security. Convenience is God to 98% of all the users out there. Their attitude is, "the (programmers/techs who installed this) shouldn't have made it possible, anyway. I have no responsibility for anything I do. Plus I hate to learn and think at all."
And of course their managers are just as irresponsible and hold no one accountable except for tech people, for anything that happens via computer.

Old News

[outanowhere]

This news is so old it has fossilised.

Shouldn't someone as why was nothing done when this was first publicised?

Re:-1 Troll, -1 Overrated, -1 Redundant

[Litta_Feller]

So that's how it works, now, huh?

1. An AC posts a message purporting to be helpful, but it's not.
2. The post contains a nice little troll hidden in what appears at a glance to be helpful text.
3. The post still gets moderated as 'informative.'
4. While the troll post is still at +2 informative, someone observes both that the post is NOT helpful and that it is also a troll.
5. They also get moderated as offtopic.

...which brings us to

6. We see so many posts that say /. sucks and wonder why they say so. I wish I had been around to see it in all its glory, before this stupid shit became the norm.