13 November 2006
US and UK government documents leak confidential data
The Ministry of Defence and the US Department of Defense are inadvertently
disclosing confidential information, thanks to the workings of Microsoft
and Adobe software. Ronald D. Hackett, a former USAF major who works
for SRS Technologies, urged authorities to take action to stem the
information flow at the CSI conference in Florida last week.
In a presentation about scrubbing classified data from documents,
Hackett warned against the ‘Ad hoc review’ feature in
Windows XP and 2003. This gets triggered when you email an attachment
using Outlook, and applies to Excel and Power Point documents as
well as Word. It discloses tracked changes and documents supposedly
written over.
In response to the problem, the US’s NSA issued a guidance
paper in December 2005 on how to safely publish sanitized reports
when converting them from Microsoft Word to PDF files. However,
said Hackett, “Adobe PDF is not a safe file format.
"There is no recognition that this is a problem among government
agencies”, he said. Neither the MoD nor the DoD “see
the depth of the issue ... Microsoft is getting away with murder”.
Links to news stories on the disclosure of hidden data at http://www.stg.srs.com/eds/docdet/incidents.htm
Back to news index
|
|
