Corporate, Personal Secrets Revealed In Online Word Docs

from the what-have-you-written-lately? dept

A researcher from AT&T Labs is demonstrating just how easy it is to find confidential (either corporate or personal) information online with a simple test. He did some random online searches for word documents, downloaded them, and then looked at what data had been “deleted”, but which the document still had hidden. Basically, the problem here is that most people don’t realize just how much extra and “deleted” information programs like Word store. Microsoft claims that in the next version of Office they’re going to have tools to help prevent this sort of thing.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Corporate, Personal Secrets Revealed In Online Word Docs”

Subscribe: RSS Leave a comment
Ed Halley says:

No Subject Given

In such cases, the applications save very simplified “dumps” of their internal data structures including the recent revision history and other elements. They do this for two reasons: it’s faster, and having editing records enable neat “group” work flow concepts.

Two ideas come to mind:

(1) disable the fast-and-historical save options until the user specifically chooses to enable them; the oblivious user should be protected.

(2) when you save historical information, save it encrypted by default. The worst case is when the user can’t unlock their own hidden historical data, which isn’t all that bad. Encrypt to a machine+user specific metric, which automatically unlocks when opened by the same detected machine+user, or offer a more complete encryption path that encrypts according to a provided pki or simple password. Even WEAK encryption would be a big win here, but there are plenty of much stronger crypto standards *built into everyday operating systems*.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...