[Fsf-friends] Wealth of corporate secrets on the Web...
Frederick Noronha (FN)
fred@bytesforall.org
Sat Aug 16 00:47:08 IST 2003
WEALTH OF CORPORATE SECRETS ON THE WEB
Many documents posted online may contain sensitive corporate or personal
information, according to AT&T researcher Simon Byers, who was able to
unearth hidden information from thousands of Microsoft Word documents
posted on the Web using an ordinary search engine and a random selection of
keywords. Byers targeted Word documents because they're so common, but he
stressed that other document formats, such as Adobe PDF, may contain
similar hidden information. After downloading the Word files, Byer used the
free software tools "antiword" and "catdoc" to convert them to plain text.
Then, using a simple script he wrote, Byers was able to locate text that
had been deleted from the original Word files, including people's names and
other personal identifiers, e-mail headers, network paths and text from
related documents. "The worst is erased text. This has bitten people
surprisingly often," says Bruce Schneier, a security expert with
Counterpane. Microsoft Office UK marketing manager Neil Laver says the
company is working on ways to better ensure sensitive information is not
inadvertently leaked in files. The next version of Office 2003 will include
tools that will allow users to remove personal information from documents
as well as new "information rights management" software that will enable an
author to determine who can read or forward a document. Meanwhile, Schneier
recommends converting documents to plain ASCII before publishing online: "I
don't know of any programs that effectively clean out the extra text." (New
Scientist 15 Aug 2003)
http://www.newscientist.com/news/news.jsp?id=ns99994057
More information about the Fsf-friends
mailing list