Online Document Search Reveals Secrets 271
An anonymous reader writes "New Scientist is reporting that many documents published online may unintentionally reveal sensitive corporate or personal information, according to a US computer researcher. Simon Byers, at AT&T's research laboratory in the US, was able to unearth hidden information from many thousands of Microsoft Word documents posted online using a few freely available software tools and some basic programming techniques." Update: 08/16 19:06 GMT by H : The story is originally from Crypto-gram, not New Scientist.
Nothing New (Score:5, Insightful)
Prediction (Score:2, Insightful)
It's been said hundreds if not thousands of times: (Score:5, Insightful)
Lots of people put sensitive documents in public webspace, primarily because they don't know any better. Eventually the cost-benefit analysis will be done, and corporations will pay to have their users trained. Until then, this type of thing will continue to happen.
Re:It's been said hundreds if not thousands of tim (Score:5, Insightful)
So a relatively security-conscious person who just doesn't know anything about Word file formats could easily publish something online on purpose without knowing that there is (invisible) sensitive information in it, even if they'd never put that information in a public place on purpose.
[TMB]
Re:Prediction (Score:3, Insightful)
I had no idea that the sloppy handling of non-displayed data in output files (not just Word, mind you), and their publication on the web was actually Another Way For The Man To Keep Us Down...
Re:WHAT?!?? (Score:5, Insightful)
"You only have the convenience while the file is open. If you could undo after you re-opened a file, these "hidden secrets" wouldn't be hidden at all!"
Exactly. I knew that to begin with, but I did it and then vi'd the file to confirm. If I delete text from a document, that means I don't want that text in the document. Neil Laver says "...hidden information can "incredibly useful" in improving the functionality of the software."
So my main point is, if I am being supposedly CONVENIENCED by this "feature," HOW is the software helping me by storing these things in my document?
OH NO! (Score:3, Insightful)
This isn't just nothing new, it's old news. Wasn't this how they caught the guy who wrote the melissa virus? When that little popup window from MS Office came up asking for their personal info, did they just think Office was trying to get to know them better, in order to be their friend?
It's just silly pressmongering. Those dumbasses have to come up with a terrifying computer factoid every day, or the ignorant compu-phobes they prey on might come to their senses.
Just my opinion.
Re:crypto (Score:3, Insightful)
"It is feasible that an individual may include their social security number on copies of a resume sent to prospective employers, but delete it from the version put online to guard against identify theft," Byers writes.
Who in their right mind puts their SSN in any version of a resume??!
I hate to state the obvious but, (Score:2, Insightful)
What will it take? What happens when a script kiddie hacks a hospital and shuts down the life support systems in ICU? Or just juggles the meds for the patients so that everyone in the hospital gets the wrong meds?
Or perhaps they glitch the Air Traffic Control system and airplanes rain down from the sky and tens or hundreds of thousands of people die??
Before the last war in Iraq started they showed the "state of the art" US command center just across the border in a big tent.
Tens of dozens or more, soldiers and dozens upon dozens of PC's. You could clearly see on the displays that they were *ALL* running Windows.
I though, "Oh shit, the security of this country is being placed in the trust of the worst product ever..."
Those PC's I saw were NOT Tempest, for one, and then add the Windows factor in plus the state of war and you're asking for serious trouble.
Windows will at some point cause a massive catastrophe and cause great loss of life and property. You can bet on it.
This country is far too dependent upon computers to operate. When the computer goes down, well, sit on your hands for awhile...
I remember the days before computers, everyone got things done just fine. Now no one knows how to function without them..
Re:Prediction (Score:3, Insightful)
I recall an article (possibly here) about companies using this "feature" on job applicants to read what was in previous versions. For example, you overwrite this letter
with It would be easy for MS to see that you are asking IBM for $10,000 less. Letter-writing skills notwithstanding, I don't expect this would help your negotiating position.Re:Why Word Does This (Score:3, Insightful)
At the moment the user hits "save", "fast save" is faster because Word doesn't has to do any re-interpreting of what is already in memory. This step is what makes full save slower. But the re-interpreting doesn't has to happen at the moment the user hits "save", it can happen all the time while the user is editing his document. During editing, the performance of the machine is largely unused anyway. And when the user hits "save" in this better version of Word, the application can just save the interpreted data to disk, which is even faster than "fast save", since it's less data!
Any comments? Thanks!