http://www.gcn.com/vol1_no1/daily-updates/37688-1.html By Patience Wait GCN Staff 12/05/05 Government agencies continue to stumble over security procedures designed to conceal certain information embedded in documents posted to the Internet. In the latest error, the White House posted a copy of President Bush's "Plan for Victory in Iraq," the heart of his speech last week at the Naval Academy. But the Adobe portable document format file on the Web site also contained the hidden name of the original author of the document: Peter Feaver, a Duke University political science professor who joined the National Security Council staff last June as a special adviser. The discovery that Feaver was the originator of the plan has stirred controversy in Washington. The New York Times has reported that Feaver co-authored an analysis of surveys regarding the popularity of the Iraq war with the American public and concluded that citizens will support the war, despite fairly heavy casualties, as long as they believe it will ultimately succeed. "The recent disclosure of the original authorship of the [plan] document underscores once more why all organizations must put policy and technology in place to prevent the leakage of damaging information," said Joe Fantuzzi, CEO of Workshare Inc., a document integrity solutions company based in San Francisco. It "is unfortunate that the White House allowed this distraction to unnecessarily politicize the debate over policy." The White House did not return a phone call asking for comment. Earlier this year, the Multi-National Force-Iraq issued a report on the killing of an Italian security agent after he rescued a countrywoman who had been held hostage by insurgents. The report, posted to the Web as a PDF file, was supposed to be redacted but a simple text cut and paste into other document formats revealed [1] the redacted information. A military investigation later determined that the disclosure was the result of user error. In October, a U.N. report on the assassination of a popular Lebanese politician opened an ongoing controversy [2] when a "technical error" allowed online readers to look at changes made to the document, revealing that names of specific Syrian officials had been removed from the final report. "The complexity of technology continues to befuddle even sophisticated users," Fantuzzi said. Organizations "must recognize that PDF is not inherently secure, and policy, education and automation of document security must be implemented to prevent these costly mistakes." [1] http://www.gcn.com/24_11/news/35808-1.html [2] http://www.gcn.com/vol1_no1/daily-updates/37416-1.html _________________________________________ Earn your Master's degree in Information Security ONLINE www.msia.norwich.edu/csi Study IA management practices and the latest infosec issues. Norwich University is an NSA Center of Excellence.
This archive was generated by hypermail 2.1.3 : Tue Dec 06 2005 - 22:58:35 PST