Slashdot Mirror
Online Document Search Reveals Secrets
An anonymous reader writes "New Scientist is reporting that many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques." Update: 08/16 19:06 GMT by H : The story is originally from Crypto-gram, not New Scientist.
Just go into the document properties section. This is why I publish everything to Adobe Acrobat before posting online.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
From the article:
I just created a Word document, blah.doc and put some text into it. I made sure I had a couple of undo points. I closed it and opened it back up, I couldn't undo SHIT. So where the hell am I being granted this mysterious "convenience?"
I know that the guy stressed the fact that Micrsoft isn't alone in this disctinction, but this is just another example of why Microsoft SUCKS.
I put the doc in a samba share and viewed it with vi. I found the path to the doc, the original name, my userid on my laptop, and the company name. All were hidden from the simple searches like this:
s.l.a.s.h.d.o.t...o.r.g
WTF?!?
Oh, WAIT a minute! This is also from the article:
WHEW! I feel so much better. Please disregard the first six paragraphs. Thanks.
Mom says my
It doesn't matter how good your corporate security is if you don't train your users (including managers) in basic security practices.
Lots of people put sensitive documents in public webspace, primarily because they don't know any better. Eventually the cost-benefit analysis will be done, and corporations will pay to have their users trained. Until then, this type of thing will continue to happen.
--
Use Vobbo for Video Blogs
Well, it is amongst people who object to being mailed Word documents, anyway. They're just a really bad format for publishing information in.
See Richard Stallman's 'no-word-attachments' article, for example...
Everyone should just be forced to use LATeX and then there won't be any hidden information. . .
No one can tell, man. That post is encrypted in itself.
Sure, but they point they're making is that it's not intuitively obvious to most people that there could be text in a Word document other than what appears.
So a relatively security-conscious person who just doesn't know anything about Word file formats could easily publish something online on purpose without knowing that there is (invisible) sensitive information in it, even if they'd never put that information in a public place on purpose.
[TMB]
A sysadmin once sent me a form letter type thing with my new password in it. The username/password was a spreadsheet object and I was able to open it to see everyone's passwords. He changed them all when I pointed this out. BTW, why do people send email messages that just say "see attached file" and the attached file is a memo with some trival content that could have been the text of the email??
Anyway, I have to admit that I was also burned by word. I was in the habit of opening the last memo I wrote from the recent documents list and using it as the starting point for newer ones. At some point, I put a bunch of policy statements on a CD and was later told that everyone was reading the hidden text. Doh!
This was back in the days of office 97 I believe. I'm not sure if Office 2k or XP still have this feature/bug.
Remind me not to save my importand documents to C:\My Documents\Porn\Annual Budget Report.doc anymore.
I have received two such word documents from two seperate job recruiters. The actual companies looking for the employee were hidden in the document, as well as contact information for the person at the company. Screw the middle man
Remember kids: strings is your friend. If you happen to get a job offer in the form of a Word document and the HR drone who sent it to you wasn't careful, you can often see the version that got sent to other candidates and, more importantly, how much money they were offered. It can do wonders for your bargaining position.
It looks like you're trying to post a document on the web.
Would you like to...
1. Divulge corporate secrets?
2. List your passwords?
3. Remove KB823980 and open port 135?
It looks like your trying to close Clippy.
Would you like to...
1. Shit in your hat?
2. Put fist through bling bling flat panel?
3. Go home for teh weekend?
View some of the past word docs you've received in a hex editor...
Near the bottom there is often information from other documents of the sender that they were recently working on. I don't know why it saves this. Maybe something to do with the undo buffer?
At work I used to look at internal memos that would be sent out on a weekly basis and find out all sorts of other stuff that was going on.
It's only going to get worse; google's really expanded on the number of File types it indexes and caches.
One of my clients was recently caught out when google indexed private metadata she didn't know was still there, so I can well understand the gravity of this situation.
455fe10422ca29c4933f95052b792ab2
it's called http://www.google.com and you search by "top secret documents filetype:doc".
- mpg
- mov
- mp3
- secret - doesn't have to be file extensions...
- "My Documents" - yeah, that's secure...
- etc
Anyway, as you can see, it's pretty effective. Sometimes admins wise up, and all you have is the Google cache. But sometimes they don't, and you get to look. Thanks Google!A programmer is a machine for converting coffee into code.
How many people actually protect their website
/stat/ or /stats/ or a variation
statistics?
Adding a simple
with a combination of "web" or the name of any of
the common statistic generation programs gets you
access to the statistics of a *lot* of websites.
Then from the stats you could find any "hidden"
data which is not linked on the site including
internal company documents, girlfriend's nude
photos or mp3s.
Alternately you could just google for the
statistic reports of sites and get there
more easily.
This is another case of ill informed or lazy
users not following what should be a simple
security policy which could cause serious
repercussions.
For those who want to know how to protect
yourself, read this link.
Tony Blair got busted in the WMD case because of the names of the people who revised the WMD Documents were still in the Word file. Now, it seems, that the Downing Street only puts PDF files on the web - and has removed all the MS word documents that were already there ....
Tools reveal secret life of documents - Documents like in Word save too much Info - Blair Episode
By Mark Ward
July 03, 2003
The UK Government was just the latest in a long line of organisations that has learned to its cost just how much information can be gleaned from innocent looking files. Earlier this year it issued a document called the 'dodgy dossier" about Iraq's concealment of weapons of mass destruction that was written using Microsoft Word. Every Word document remembers who made the last few revisions to it. The log reveals the names of four of the people who prepared the Iraq document for publication and the government Communications Information Centre that some of them work for. It was this log that Number 10 press chief Alastair Campbell had to explain to the House of Commons Foreign Affairs Select Committee in late June as part of its investigation into the Iraq dossier's history. Some of this information can be seen simply by right-clicking to view the properties of the downloaded document in a file listing. Utility programs can get even more information from Word revision logs.
The life stories of the documents we create are becoming increasingly important as the scrutiny of industries and governments gathers pace. Every time you write or edit these files you leave a trail of information revealing what you did and when you did it. With the right tools it is possible to extract this data and work out the trail of authors and workers who created a document. That is why we should all use opensource and open data formats - so that we can humanly read what all we are "putting" into the document. The Word version of this document has now been removed from government websites but copies of it are still available elsewhere on the net.
Unabridged and unedited article at
http://news.bbc.co.uk/2/hi/technology/3037760.stm
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
It does, however, save things like when the document was last printed, how often it has been edited and by whom, etc. unless you tell it otherwise. It's easy to get rid of the data (there is a huge "Delete" button in the properties dialog), but not many people will be aware of it.
So, basically, if you don't know what you are doing, you could give out more information than you want to with you OOo files.
Programming can be fun again. Film at 11.
By using tools that break the "encryption" on, for examply, the Washington Post .pdf file mentioned in the article, isn't the researcher violating the DMCA? Isn't his whole project bragging about doing this, a la 2600?
I hope he remembers a few packs of cigarettes in order to buy himself a few nights of sleep in the Big House.
It has been known for a long time that metadata are hidden within Microsoft Word documents. Microsoft even has Knowledge Base article 237361 explaining how to reduce the amount of metadata appearing in MS Word 2000 documents. Here's an excerpt:
This step-by-step article explains various methods that you can use to minimize the amount of metadata in your Word documents.
I'll bet there are more, but they won't disclose them.
It's a pity that more people don't just save as RTF. It's just as good for most uses, and it's a less obscure format.
You're not.
There are two ways of saving a word document:
Fast Save dumps the binary from memory into the file. Full Save compacts the binary image, and reorders it. This takes time.
Word's text stream is stored using a piece table. One of the benefits of a piece table is that if you keep the meta information about the text, you can get nearly infinite undo. The way it does this is by having an original data stream, and an appended data stream. Whenever you add data to the file, it gets added as a chunk to the end of the appended data stream. Whenever you delete, the meta table is updated to remove the text from the stream, but otherwise the text itself is left unaffected.
As a result, text is never removed from the document. A Fast Save (which is the default) under Word dumps the Piece Table as-is (there is probably some compaction over time to remove the no-longer-used data, but it probably only occurs above a given threshold of used to unused text). A full save deconstructs the piece table's meta information, and turns it back into one contiguous stream of data.
It's all just a function of the way the text is stored while it's being edited. Different editors have different mechanisms; some store data based on lines, and some store it using a gap buffer. But ultimately, the problem exists because Word uses a piece table, and it dumps the entire table to a file by default.
It's actually a sensible way of handling the text data. However, whoever designed the Fast Save algorithm probably didn't consider the ramifications of the text still being stored in the document. The best workaround? Wipe the unused sections of the piece table. But then you might as well return to using a Full Save, as you'll be ditching the performance benefits anyway.
Simon
Coming soon - pyrogyra
Once, when negotating an investment deal, we got a Word document with the investment bank's comments on our proposed contract.
:-)
They tracked changes. All we needed to do was display them... and we got juicy stuff like "if they accept either our fix for clause X or for clause Y we can still s---w them royally in scenario Z".
Made for a very effective negotiation. For us.
Oh, wait, the article was about the problems this raises for the document's _author_.
Never mind