Home » Adobe Acrobat

PDF redaction uncovered …. again!

4 Sep 2008 | | 2 Comments

A cursory glance, or rather quick search at Google will reveal that the topic of redacting PDF has been hot for a looong time.

During my time at Planet PDF, we even ran a review of a US government employee’s efforts at redaction gone wrong in which a thought-to-be-redacted report revealed names, training procedures and other secrets.

Nope, this is not a new issue — there’s a swagger of “paid-for” software you can find (in addition to functionality included in Acrobat 8 and 9), using all types of methods — usefully listed by PDF ganglord, Duff Johnson.

But if you don’t have a fat wallet and you’re making use of some simpler methods — such as using the built-in text editing tool of previous Acrobat versions to remove information (or other editors), Didier Stevens (as mentioned in this Computerworld article) provides a warning:

If you produce PDF documents with a PDF editor that supports incremental updates, be aware that previous versions of your document could be included in the final document, and that this could lead to information disclosure.

My tip — be very careful to perform a full Save-As on the document (which regenerates the document completely). A normal File, Save which will be quicker, yet will use the incremental update method which means that the original document remains intact, and changes to it are added to the end. This means, that in the event of removing information, the original data still exists in the first portion of the file.

If you want to find more about the innards of a PDF file, then see Didier’s piece Solving a Little PDF Puzzle.

As for ensuring PDF metadata has been created and edited properly (or perhaps stripped) — that’s a story for another day….

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

2 Comments »

  • PDFescape - free online PDF editing tool said:

    […] This is bad if you’re trying to hide sensitive information. And many, many people have been burned by this. If you want to properly delete senstive information, you need a PDF redaction […]

  • PDFescape - free online PDF editing | 4xPDF said:

    […] This is bad if you’re trying to hide sensitive information. And many, many people have been burned by this. If you want to properly delete sensitive information, you need a PDF redaction […]

Leave your response!

You must be logged in to post a comment.