Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Document Search Reveals Secrets

Posted by simoniker on from the when-is-delete-not-delete? dept.

An anonymous reader writes "New Scientist is reporting that many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques." Update: 08/16 19:06 GMT by H : The story is originally from Crypto-gram, not New Scientist.

17 of 271 comments (clear)

  1. WHAT?!?? by zedmelon · · Score: 5, Funny

    From the article:

    • "He says hidden information can "incredibly useful" in improving the functionality of the software. "But if some of that data is sensitive, there have to be ways of ensuring that it isn't distributed where it shouldn't be," he says."

    I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"

    I know that the guy stressed the fact that Micrsoft isn't alone in this disctinction, but this is just another example of why Microsoft SUCKS.

    I put the doc in a samba share and viewed it with vi. I found the path to the doc, the original name, my userid on my laptop, and the company name. All were hidden from the simple searches like this:

    s.l.a.s.h.d.o.t...o.r.g

    WTF?!?

    Oh, WAIT a minute! This is also from the article:

    • "The next edition of Office 2003 will include tools that will allow users to remove personal information from a document. It will also include new "information rights management" that will let an author specify who can read or forward a document."

    WHEW! I feel so much better. Please disregard the first six paragraphs. Thanks.

    --
    Mom says my .sig can beat up your .sig.
    1. Re:WHAT?!?? by wortelslaai3434 · · Score: 5, Funny

      As a sidenote...

      I. .t.h.i.n.k. .y.o.u.r. .s.e.e.i.n.g. .u.n.i.c.o.d.e. .t.e.x.t.

  2. Well... by CGP314 · · Score: 3, Funny

    Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques.

    Are you going to share that info or what?

    Throw it up on freenet man!

  3. LaTeX by ParadigmLA · · Score: 4, Funny

    Everyone should just be forced to use LATeX and then there won't be any hidden information. . .

    1. Re:LaTeX by GarvMaster · · Score: 5, Funny

      Because 99.9% of the world would go back to pen and paper

  4. Re:crypto by xv4n · · Score: 4, Funny

    No one can tell, man. That post is encrypted in itself.

  5. OMG by Anonymous Coward · · Score: 3, Funny
    Stupid people messing stuff up? I'm SHOCKED!

    How long until someone blames Microsoft, I wonder...

  6. Dang... by DarkBlackFox · · Score: 4, Funny

    Remind me not to save my importand documents to C:\My Documents\Porn\Annual Budget Report.doc anymore.

  7. Helpful Hint by cgreuter · · Score: 4, Funny

    Remember kids: strings is your friend. If you happen to get a job offer in the form of a Word document and the HR drone who sent it to you wasn't careful, you can often see the version that got sent to other candidates and, more importantly, how much money they were offered. It can do wonders for your bargaining position.

  8. Re:Nothing New by Frymaster · · Score: 4, Funny
    In the article they mentioned that this applies to pdf files too...

    which is why you should use latex! nobody understands that stuff. security through obscurity!

    --

    2 1337 4 u!

  9. Clippy did it by sbillard · · Score: 5, Funny

    It looks like you're trying to post a document on the web.
    Would you like to...
    1. Divulge corporate secrets?
    2. List your passwords?
    3. Remove KB823980 and open port 135?


    It looks like your trying to close Clippy.
    Would you like to...
    1. Shit in your hat?
    2. Put fist through bling bling flat panel?
    3. Go home for teh weekend?

  10. i have my own special program that does this... by jkitchel · · Score: 4, Funny


    it's called http://www.google.com and you search by "top secret documents filetype:doc".

  11. Re:I thought this was common knowledge? by Aidtopia · · Score: 2, Funny

    My friend go so tired of people on his team sending him word docs, that he learned TeX and started sending his replies that way. When he feels really nasty about it, he sends the .dvi files.

  12. Heh by dodell · · Score: 2, Funny

    He says hidden information can "incredibly useful" in improving the functionality of the software. "But if some of that data is sensitive, there have to be ways of ensuring that it isn't distributed where it shouldn't be," he says.

    Apparently they need to use some of the software he used to get a conjugation of the infinitive "to be" back into their text.

    --
    www.sitetronics.com/wordpress
  13. Re:Job Recruiters by bird · · Score: 3, Funny

    Back in 1997, we were interviewing my putative replacement, and one fine fellow sent us a Word resume and cover letter. In the cover letter, he shared with us the delightful sentiment that-- while he was interviewing several other places (1997, remember), we were his current top choice.

    A colleague on the review team who didn't use Windows turned to strings(1) to get the data from these documents, which yielded us the information that a *lot* of this guy's other prospects were also his current top choice. Maybe it was true every time he wrote it, but... I hate to think... could he have been trying to *manipulate* us?

  14. Re:It's easy... by Anonymous Coward · · Score: 1, Funny

    Wow... all i have to say is wow. so i figured it'd be fun to go find kids grades and i added "grades" to your "my documents" link. guess what popped up in google? Some teacher's affair. This is kind of scary when you think about it....

  15. There are advantages! by oren · · Score: 4, Funny

    Once, when negotating an investment deal, we got a Word document with the investment bank's comments on our proposed contract.

    They tracked changes. All we needed to do was display them... and we got juicy stuff like "if they accept either our fix for clause X or for clause Y we can still s---w them royally in scenario Z".

    Made for a very effective negotiation. For us.

    Oh, wait, the article was about the problems this raises for the document's _author_.

    Never mind :-)