OK, this is an old one (dating back to 1994 according to the RISKS archive),
but it was new to me when I came across it recently, and thought people
might be interested in a couple of real life scenarios:
I received an MS Word document from a software start-up regarding one of
their clients. Throughout the document the client was referred to as "X", so
as not to disclose the name. However I do not own a copy of Word, and was
reading it using Notepad of all things, and discovered at the end the name
of the directory in which the document was stored -- and also the real name
of the client!
I checked on a number of other word documents I had for hidden info,
especially ones from Agencies who are looking to fill positions -- and yes,
again I was able to tell who the client was from the hidden information in
the documents.
Finally, I had a look at the Lockerbie Judgment document:
http://www.scotcourts.gov.uk/html/lockerbie.htm
Hoping to find something that would cause international uproar -- alas, no,
just an ironic hidden message: "Are you surprised?". Yes, I was, actually
-- I thought Ahmed Jibril did it.
Risks: What potentially damaging information is hidden in published
documents in Word, PDF and other complex formats?
Mitigation: Use RTF when you can -- no hidden info, no viruses.
Paul Henry, emmo@hotmail.com ["Paul Henry" via risks-digest Volume 21, Issue 25]
0:00
#
G!
