A Quick Security Reminder
Salon has a nice little article titled The secret Iraq documents my 8-year-old found. How exactly did the author's 8-year-old find these documents? If you guessed Microsoft Word's mark-up feature, you would have guessed correctly.
Over the last several years, there have been all kinds of little jewels like this that have cropped up. I used to pull up old versions of people's resumes by simply viewing Word documents using the Unix strings command. A previous employer changed their negotiation tactic with an OEM after clicking through undo a few times. And then there was that contract I rewrote for RSA... That was one of my favorites. Their legal department must have been steaming as they red lined the terms I added for charging them every time they used one of my new and improved contracts.
In case you haven't figured out my point yet... don't send Word documents around when you don't want to risk someone playing with it. Use PDF when you can. If you absolutely have to send a Word document, cut the entire document and paste it into a new document when you're done to get rid of all of fast saves, undo, and markup metadata.
Over the last several years, there have been all kinds of little jewels like this that have cropped up. I used to pull up old versions of people's resumes by simply viewing Word documents using the Unix strings command. A previous employer changed their negotiation tactic with an OEM after clicking through undo a few times. And then there was that contract I rewrote for RSA... That was one of my favorites. Their legal department must have been steaming as they red lined the terms I added for charging them every time they used one of my new and improved contracts.
In case you haven't figured out my point yet... don't send Word documents around when you don't want to risk someone playing with it. Use PDF when you can. If you absolutely have to send a Word document, cut the entire document and paste it into a new document when you're done to get rid of all of fast saves, undo, and markup metadata.
posted by Steve Shah at 11:41 PM
0 Comments:
Post a Comment
<< Home