funsec mailing list archives

Re: NSA issues guidance on redacting Word, PDF

From: John LaCour <johnlacour () gmail com>
Date: Tue, 24 Jan 2006 14:51:01 -0800

And a some what related story about the CIA:

http://www.theonion.com/content/node/43014

CIA Realizes It's Been Using Black Highlighters All These Years

November 30, 2005 | Issue 41•48

LANGLEY, VA—A report released Tuesday by the CIA's Office of the
Inspector General revealed that the CIA has mistakenly obscured
hundreds of thousands of pages of critical intelligence information
with black highlighters.

-J

On 1/24/06, Richard M. Smith <rms () computerbytesman com> wrote:


FYI




NSA issues guidance on redacting Word, PDF
By SHAUN WATERMAN
UPI Homeland and National Security Editor

WASHINGTON, Jan. 23 (UPI) -- The National Security Agency has issued
technical guidance for U.S. officials on redacting or editing sensitive
documents for release following a series of embarrassing incidents in
which so-called metadata stored in electronic formats like Microsoft
Word or Adobe PDF files has been accidentally exposed.

Both types of files are "complex, sophisticated computer data formats,"
reads the guidance document produced by the NSA's Information Assurance
Division, which is responsible for the integrity of U.S. government
computer networks.

The document, called "Redacting with confidence: How to safely publish
sanitized reports converted from Word to PDF," says that these files can
"contain many kinds of information, such as text, graphics, tables,
images, (and) meta-data."

Metadata is information associated with the file, like a note of the
author and the date the file was created.

This "complexity makes (documents in these and other formats) potential
vehicles for exposing information unintentionally, especially when
downgrading or sanitizing classified materials," the NSA concludes.

Although the document, dated December 2005 and posted on the Web site of
the Federation of American Scientists last week, provides no concrete
illustrations, there were at least two occasions last year when exactly
such unintentional exposure of U.S. official documents took place.

 ...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

NSA issues guidance on redacting Word, PDF Richard M. Smith (Jan 24)
- Re: NSA issues guidance on redacting Word, PDF John LaCour (Jan 24)
- <Possible follow-ups>
- RE: NSA issues guidance on redacting Word, PDF Richard M. Smith (Jan 24)
- Re: NSA issues guidance on redacting Word, PDF Michal Zalewski (Jan 25)