Subscribe (RSS)
Subscribe (Email)Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF
Ever wondered exactly what the NSA does? Well a guidance paper they released a couple of years ago sheds some light on one area of their work. The guidance paper deals with how to properly edit PDF documents which are going to be released into the wild. It contains some great tips, and not surprisingly, would have saved some people a lot of embarrassment if they had have read it before publicly releasing documents that contained sensitive information.
The guidance paper highlights three common mistakes:
Redaction of text and diagrams
Covering text, charts, tables or diagrams with black rectangles, or highlighting text in black…is not effective, in general, for computer documents distributed across computer networks (i.e. in “softcopy” format). The most common mistake is covering text with black.
Redaction of images
Covering up parts of an image with separate graphics such as black rectangles, or making images “unreadable” by reducing their size, has also been used for redaction of hardcopy printed materials. It is generally not effective for computer documents distributed in softcopy form.
Metadata and document properties
In addition to the visible content of a document, most office tools, such as (Microsoft) Word, contain substantial hidden information about the document. This information is often as sensitive as the original document, and its presence in downgraded or sanitized documents has historically led to compromise.
Source: NSA Information Assurance Division report
An article at cnet news called “Editing tips from the NSA” provides an analysis of the paper along with a few additional tips.
The 13 page (PDF) guidance paper can be downloaded from here:
Redacting with confidence: How to safely publish sanitized reports converted from Word to PDF
No related posts.
(No Ratings Yet)
Loading ...
Leave your response!