Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Document Search Reveals Secrets

Posted by simoniker on from the when-is-delete-not-delete? dept.

An anonymous reader writes "New Scientist is reporting that many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques." Update: 08/16 19:06 GMT by H : The story is originally from Crypto-gram, not New Scientist.

3 of 271 comments (clear)

  1. It's been said hundreds if not thousands of times: by NightSpots · · Score: 5, Insightful

    It doesn't matter how good your corporate security is if you don't train your users (including managers) in basic security practices.

    Lots of people put sensitive documents in public webspace, primarily because they don't know any better. Eventually the cost-benefit analysis will be done, and corporations will pay to have their users trained. Until then, this type of thing will continue to happen.

    --

    --
    Use Vobbo for Video Blogs
  2. Re:It's been said hundreds if not thousands of tim by TMB · · Score: 5, Insightful

    Sure, but they point they're making is that it's not intuitively obvious to most people that there could be text in a Word document other than what appears.

    So a relatively security-conscious person who just doesn't know anything about Word file formats could easily publish something online on purpose without knowing that there is (invisible) sensitive information in it, even if they'd never put that information in a public place on purpose.

    [TMB]

  3. Re:WHAT?!?? by zedmelon · · Score: 5, Insightful

    "You only have the convenience while the file is open. If you could undo after you re-opened a file, these "hidden secrets" wouldn't be hidden at all!"

    Exactly. I knew that to begin with, but I did it and then vi'd the file to confirm. If I delete text from a document, that means I don't want that text in the document. Neil Laver says "...hidden information can "incredibly useful" in improving the functionality of the software."

    So my main point is, if I am being supposedly CONVENIENCED by this "feature," HOW is the software helping me by storing these things in my document?

    --
    Mom says my .sig can beat up your .sig.