Jump to content

Hidden Info in Word docs


Guest ellas
 Share

Recommended Posts

Guest ellas

copy and paste job some might find interesting

Quote:by Woody Leonard

I'm astounded at how many people just don't get it. Word hides important, personal information inside its documents. You can get rid of some of the information most of the time - but it's very, very difficult to delete potentially embarrassing information all of the time.

I've seen some documents posted on the Web lately that leave me shaking my head. That's why I decided to release this Special Edition of WOW - to raise a warning flag for any who will listen. Later this week, in our next regular issue of WOW, we'll return to Bill Coan's excellent series on XML and Office 2003. For now... pay attention, class!

1. The Personal Info Harvesting Shtick

2. A Simple Bit of Internal Details

3. A More Complex Example

4. A Smoking Gun?

5. Other Examples

6. The latest - Office 2003

1. THE PERSONAL INFO HARVESTING SHTICK

Man, if Microsoft can't get it right, how can you?

The folks in Redmond continue to post documents with all sorts of internal details on their Web site. While I haven't found any earth-shattering anti-trust-busting bits of "metadata", the stuff I have found leaves me wondering if anybody can get it right.

We're going to show you just how easy it is to publish Word documents with information you might not want others to see. We'll do that by taking examples from Microsoft itself.

Having shown how even the supposed Word experts can get trapped, in future issues Woody's Watch (WOW and WOW-MM) we'll show you and Microsoft how to publish just the document and no more.

In WOW-MM 4.15, I talked about two documents with embarrassing embedded data. One contributed to the downfall of one of England's most influential politicians. The other exposed a Microsoft dirty trick.

A WOW-MM reader pointed me to an entire collection of documents posted by one state's Supreme Court. I didn't see anything particularly damning in the documents, but they're strewn with names and email addresses of clerks, law firms, and individuals; file locations, server names, and so on - a few hours' worth of harvesting could lead to a credible blueprint of sections of this Supreme Court's word processing system.

Worth noting: few (if any) US federal agencies - from all branches of government - post Word documents on the Web any more. Everything from the White House to the CIA to the US Supreme Court appears to be in PDF. Bravo.

AT&T researcher Simon Byers has a report on the hidden data problems facing the Word-using world today - all 400,000,000 of us. You can download it at

http://www.user-agent.org/word_docs.pdf

One part of his conclusion really hits home:

"...typical behavior patterns of Word users and the default settings of the Word program leads to an uncomfortable state of affairs for Word users concerned about information security."

This isn't strictly a voyeuristic exercise. When you leave dribs and drabs of information floating around on the Web, there's no telling how it can be used. I would guess that a dedicated cretin with a fast Internet connection could come up with a working roadmap to parts of Microsoft's development and marketing networks, just by looking at the flotsam and jetsam buried in readily available documents - documents posted on Microsoft's own Web site.

To recap, if you use Word 97 or 2000, Word maintains a detailed log of who has edited the document, and where it was located when it was opened - and there's nothing you can do about it.

If you use Outlook 2002 (the version in Office XP), and you send a document by attaching it to an email message, Outlook brands the document with the email address, name, and a number that can be traced to the PC that was used to send the file (although you need access to the PC to nail it for sure). It also brands the document with the subject of the email message that carried the file.

If you explicitly tell Word 2002 to remove personally identifiable information (Tools | Options | Security, check the box marked Remove Personal Information From File Properties on Save, and uncheck the box marked Store Random Number to Improve Merge Accuracy), and you send the document with Outlook 2002, Outlook still sticks the number that can be traced to your PC inside the file. I talked about that number - the _AdHocReviewCycleID - in

http://www.woodyswatch.com/office/archtemplate.asp?v7-n50

I'm very happy to report that Outlook 2003 seems to be doing it right. Finally. Telling Word 2003 to remove personally identifiable information is sufficient, in a default installation of Outlook 2003, to keep any personal info from being "branded" onto a doc when it's sent attached to a message.

Microsoft's Knowledge Base talks about the kinds of data that can be squirreled away in Word documents, and gives some tips for removing that data (when it's possible). But the simple fact is that most people, most of the time, don't bother.

Word 97 discussion:

http://woodyswatch.com/kb?223790

Word 2000 discussion:

http://woodyswatch.com/kb?237361

Word 2002 (Office XP) discussion:

http://woodyswatch.com/kb?290945

Three weeks ago, in WOW 8.45, I also mentioned an article from Frank Rice on the Microsoft Web site,

http://msdn.microsoft.com/library/en-us/dn...protectword.asp

that gives an excellent overview of the problems and some solutions. Microsoft still hasn't posted a similar article for Word 2003, but I noticed that they updated one of their key personal info articles for Office XP, KB 223396, just last week.

2. A SIMPLE BIT OF INTERNAL DETAILS

Microsoft posts Word documents all the time, and many of those docs include "metadata" with information that identifies individuals inside the company.

For example, the Licensing 6.0 changes for the Home Use Program in the "Software Assurance Customer Guide" posted at

http://download.microsoft.com/download/a/9...tomer_Guide.doc

was originated by David Lasky. He sent it out for review in an email message with the subject line "Change to HUP in Customer Guide & Website", and he was either using Outlook 2002 or 2003 at the time. Darrell Craig edited the file.

It's easy to confirm all of that: just download the file, open it in Word, and click File | Properties | Custom.

3. A MORE COMPLEX EXAMPLE

Microsoft's documents on the Web can contain much more than simple personal information like that detailed above.

For example, there's a document on Windows 2003 Server Virtualization at Code:

http://www.microsoft.com/windowsserver2003...tualization.doc

It was written and edited by "Judith Bloch (Independent Contractor)". She sent it out for review in an email message with the subject line "VM release anticipated to today at noon -- press release link needed for Microsoft.com product page".

The template Judith used was located at P\\online\omvss\Shadow\Windows\WNETServer\templates\WindowsServer2003Template.dot. (Remember six months ago when we had such a brouhaha about how difficult it would be to discover the names and precise locations of templates and documents?)

Ah, that's not all. There was a fellow named Alfredo Pizzirani, involved in the reviews. Michael Kessler, Jane Dow and someone named seaton also made changes to the document. At least one of the pictures in the document was created in Adobe Photoshop.

I sure hope MS has its Photoshop licenses up to date.

4. A SMOKING GUN?

Microsoft's Web site contains a document that says it's an analysis of Office XP vs. Office 2000, from the "American Institutes For Research" - "AIR Project No. 01674.001" it says (AIR must have a lot of projects, eh?)

http://www.microsoft.com/usa/presentations...blic_Report.doc

As you might expect, the report comes to the conclusion that Office XP is vastly superior to Office 2000, and customers should immediately shell out the bucks and shekels and dinars to make the upgrade.

Funny thing, though. If you look inside the document, you'll see that it was edited by Nicole von Kaenel. At the time, Nicole was one of the Product Managers for Office XP - a Microsoft employee. It was also edited by someone named Lydia V, who appears to be an AIR researcher. Dennise Heitkemper changed the document, too. I Googled her, and found the title "Microsoft Partner Development Manager".

It certainly appears as if Microsoft got to make changes to the AIR report before it was published.

The file itself was last sent attached to an email message from Eric Ligman, with a Subject line of "Value of $$$... Strong ROI".

Hey, draw your own conclusions! Download the file (if Microsoft hasn't yanked it already), click File | Open, in the Files of Type box, choose Recover Text From Any File, and open it. Look down at the end of the file for all of these details.

5. OTHER EXAMPLES

Lest you think these are isolated examples, they aren't. In fact, Microsoft has a hell of a time reliably wiping personal information off of Word documents before they get posted to

http://www.microsoft.com.

There's a document on Windows 2003 scalability at

http://www.microsoft.com/windowsserver2003/docs/Scale.doc

. It was also written and edited by judithb. The template she used is at C:\Documents and Settings\kls\My Documents\Clients\Microsoft\AndiStarkNetProj2002\Windows.NETServerTemplate.dot.

There's a document on migrating Windows apps to Windows 2003 at

http://www.microsoft.com/windowsserver2003/docs/Migwin32.doc

. It appears to be from the same person or company ("KLS"??), although I couldn't find any direct references to judithb. The template is at C:\Documents and Settings\kls\My Documents\WORDTEMP\32xMSWinnetServerWPProject.dot.

Apparently Sara Snyder and Matter of Fact Communications wrote the "Case Study" of a wireless implementation at Calpine Corp

http://www.microsoft.com/resources/casestu...ResourceID=2565

Although neither Sara's name nor "Matter of Fact" appear in the report, references to both are hidden inside the file. Marc Strauch wrote or edited the case study about Epicor at

http://www.microsoft.com/resources/casestu...ResourceID=2701

Again, his name doesn't appear in the report, but it's buried in the file itself.

I've seen many dozens more.

6. THE LATEST - OFFICE 2003

What, you aren't impressed?

Let's take a look at the crop of Office 2003 documents. Download Microsoft's latest Office 2003 Reviewer's Guide (also called the "Office 2003 Editions Product Guide"), at

http://www.microsoft.com/office/editions/prodinfo/guide.mspx

Open the document, click File | Properties | Custom, and you'll find that the doc was last sent by email from Noelle Robertson,, at Sakson & Taylor, in a message with the subject "Office 2003 Product Guide -- access issue with ftp". "Access issue with FTP"? Hmmmm...

If you open that doc using Recover Text From Any File, you find that Noelle stored the document at C:\My Documents\a_Sales\MS_DAD\BrokenOut_docs\Office2003_ProductGuide_WP.doc , and that she crashed Word at least once while editing the document, retrieving a copy from C:\Documents and Settings\NoelleR\Application Data\Microsoft\Word\AutoRecovery save of Office2003_ProductGuide_WP.asd . The document was also changed by KarenJ, ShannonS, and Jeune Ji (a Product Manager for Office, who apparently edited it on September 18, 2003).

What worries me: these people should be the most knowledgeable - and most cautious - Office 2003 users around. They're using the latest technology, and they're certainly sensitive to the fact that their documents can be viewed by anybody. Brad Sills left his name inside the Office 2003 Licensing document at

http://www.microsoft.com/Office/editions/howtobuy/brief.mspx

. Scottxx edited the Microsoft Office Live Communications Server 2003 Deployment Guide at

http://www.microsoft.com/downloads/details...&displaylang=en

Ramkumar Dixit and Marc Strauch left their names hidden inside the Outlook 2003 Reviewer's Guide

http://www.microsoft.com/office/outlook/prodinfo/guide.mspx

which was based on the template C:\Documents and Settings\Patricia Ruffio\Application Data\Microsoft\Templates\BV_WP_StyleTemplate.dot . And on and on.

(I also note with no small amount of glee that the poor 'Softies who wrote the Publisher 2003 Reviewer's Guide,

http://www.microsoft.com/office/publisher/...info/guide.mspx

got bit by the Word 2002/2003 style naming bug/inanity which produced styles called (I kid you not) Body Text, Body Text Char1, Body Text Char Char, Body Text Char1 Char Char, Body Text Char Char Char Char and Body Text Char, Body Text Char1 Char, Body Text Char Char Char, Body Text Char1 Char Char Char, Body Text Char Char Char Char Char among others. The Outlook 2003 Reviewer's Guide mentioned earlier has a deleted style called F Char Char Char Char Char Char Char Char Char Char Char Char Char Char. I feel your pain, folks!)

Microsoft employees and contractors forget to wipe all the personal information from their files before they get posted on the Internet. How can you expect your employees, co-workers and friends to do any better?

Get a clue: post in PDF.

Or, post as an .rtf file

7. POST IN PDF

When the time comes for Microsoft to post a document on the Internet, they'll post it in Word format, right?

Welllll... no, not always.

I was surprised when I downloaded the coupons for the Office 2003 "Technology Guarantee" program - the one that offers you a free copy of Office 2003 if you buy one of the qualifying versions of Office XP that are available now. See

http://www.microsoft.com/office/preview/techguarantee.asp

The coupons - you guessed it - are all in Adobe PDF format.

A very quick trip through Google brings up thousands of PDF files on microsoft.com: an Office XP flyer for students, an Office XP deployment guide, a Visio brochure. There's even a new OneNote marketing document that's in PDF format.

I guess eating your own dog food can only go so far.

Oh. No, I won't tell you which state's Supreme Court posts documents laden with personal information on the Web. I'll leave it to them to figure it out.

MORE HIDDEN INFORMATION IN POSTED WORD DOCS

Last week I talked about the importance of stripping "hidden" information from Word documents before posting them on the Internet. I took you through a bunch of examples of docs on Microsoft's own site that included detailed - in some cases potentially embarrassing - "metadata" that Microsoft itself has posted.

MS isn't the only group that's waving its dirty laundry in the wind. No sirreee.

That state Supreme Court I told you about last week still has documents on the Web that are filled with names and file locations and all sorts of detailed information about the Court's data processing operations. (Those of you who wrote on behalf of other Supreme Courts - nope, you folks don't work for the one I was talking about.)

This week, I was stunned to discover even more detailed information posted in docs related to the Department of Homeland Security. (The Dept of Homeland Security itself, dhs.gov, doesn't appear to have any Word docs on its site. Bravo!) More about that in a moment.

The point of all of this: don't post Word documents on the Web. Don't do it. Even with the best intentions, using the latest tools, you or one of your co-workers will eventually slip up and stick something out there that you don't want to be public knowledge. Any kid with a copy of Word can see an eyeful.

On September 9, 2003, Newt Gingrich gave a speech to the US House Committee on Homeland Security. If you download his speech from...

http://hsc.house.gov/files/Testimony%20Gingrich.doc

...open it in Word, and click File | Properties | Custom, you'll see that the file was last sent in an email message from Susan Sheybani with the Subject "for the website...thanks!".

If you close the document, click File | Open, in the Files of Type box choose "Recover Text from Any File" and open the document again, you'll see some of the people who edited the file:

Someone working with the i.d. AEI (American Enterprise Institute, which is credited as the author's company) stored the file as C:\Documents and Settings\mkester\My Documents\Newt research\NG 030904 MASTER.doc and there was a backup made at C:\Backup\AutoRecovery save of NG 030904 MASTER.asd

Rick Tyler edited it at C:\Documents and Settings\rtyler\Application Data\Microsoft\Word\AutoRecovery save of NG 030909 MASTER DHS Testimony.asd and C:\Documents and Settings\rtyler\My Documents\rtyler\gingrich communications\testamonies\NG 030909 MASTER DHS Testimony.doc

Wm. D. Sanders (who's credited as the document's author) edited it at C:\Documents and Settings\Administrator\Local Settings\Temp\NG 030909 MASTER DHS Testimony.doc and C:\Documents and Settings\Administrator\My Documents\Homeland Security\NG 030909 Homeland Security Testimony.doc

Why are the file names and locations important? See the last section in this newsletter.

HOMELAND SECURITY ACT D WEB SITE

Download the file at

http://www.homelandsecurityactd.org/downloads/BROCB2048.doc

Open it normally, then click File | Properties | Custom. You'll see that the file was last sent by email by Sharon Powell, [email protected], in an email message titled "Attachments for the Homeland Security ACTD Website".

Close it, then open it with "Recover text from any file": Adobe Photoshop was used to edit some of the pictures. (I sure hope ST Associates has an up-to-date license!) Lisa Dodaro (who apparently used a Mac) edited it a lot, storing the file at various times at:

D:Users:ldodaro:Documents:HLS:HLS C2 ACTDBROC 0#B2048-lad.doc

D:Users:ldodaro:Documents:Microsoft User Data:Word Work File A_22

D:Users:ldodaro:Documents:Microsoft User Data:Word Work File A_2998

Then it looks like her machine generated an AutoRecover file at

D:Users:ldodaro:Documents:

Microsoft User Data:AutoRecovery save of HLS C2 ACT

Then she went back to:

D:Users:ldodaro:Documents:Microsoft User Data:Word Work File A_1318

D:Users:ldodaro:Documents:Microsoft User Data:Word Work File A_1974

Lisa wasn't the only one who edited the doc. I also see:

Glenn Cooper

Cooper Consulting

Remove Hidden Data from Office Documents

Office 2003/XP Add-in: Remove Hidden Data

With this add-in you can permanently remove hidden data and collaboration data, such as change tracking and comments, from Microsoft Word, Microsoft Excel, and Microsoft PowerPoint files.

Overview

With this add-in you can permanently remove hidden and collaboration data, such as change tracking and comments, from Word 2003/XP, Excel 2003/XP, and PowerPoint 2003/XP files.

When you distribute an Office document electronically, the document might contain information that you do not want to share publicly, such as information you’ve designated as “hidden” or information that allows you to collaborate on writing and editing the document with others.

The Remove Hidden Data add-in is a tool that you can use to remove personal or hidden data that might not be immediately apparent when you view the document in your Microsoft Office application.

You can run the Remove Hidden Data add-in on individual files from within your Office XP or Office 2003 application. Or, you can run Remove Hidden Data on multiple files at once from the command line. In either case, to run the tool you must have the application installed in which the document was created.

The Offrhdreadme.htm file included with the add-in includes a complete list of all of the types of data that the tool will help to remove. By default, you can locate this file in the \Program Files\Microsoft Office\Remove Hidden Data Tool\1033 directory in the drive where you installed the tool. If you installed the tool to a different directory, you can locate this file in the \1033 directory, a subdirectory of the add-in installation folder.

Notes

You should run the Remove Hidden Data add-in on files when you are ready to publish them. This is because some of the data that the tool removes is used by Office for collaboration features, such as Track Changes, Comments, and Send for Review.

You should always save to a new file name, rather than overwrite the original file with the new document, in order to preserve a copy of the document containing the original data.

The Remove Hidden Data add-in does not work with Information Rights Management-protected or digitally-signed files.

System Requirements

Supported Operating Systems: Windows XP

Note: The Remove Hidden Data add-in has not been tested on Microsoft Windows 2000. Also, the add-in cannot be installed on Windows 98 or Windows Millennium Edition.

This download works with the following Office applications:

Microsoft Office Excel 2003

Microsoft Office PowerPoint 2003

Microsoft Office Word 2003

Microsoft Excel 2002

Microsoft PowerPoint 2002

Microsoft Word 2002

Instructions

To install this download:

Download the file by clicking the Download link (above) and saving the file to your hard disk.

Double-click the rhdtool.exe program file on your hard disk to start the setup program.

Follow the instructions on the screen to complete the installation.

Instructions for use:

After you install the Remove Hidden Data add-in, open the document you want to review then, on the File menu, click Remove Hidden Data.

Note: If you do not see the Remove Hidden Data command on the File menu, check the following:

On the Tools menu, point to Options, and then click the Security tab.

Under Macro Security, click Macro Security.

Click the Trusted Publishers tab.

Select the Trust all installed add-ins and templates check box, and then click OK twice.

Alternatively, after you’ve installed the Remove Hidden Data add-in, you can run it from a command line prompt. For complete instructions see the Offrhdreadme.htm file, located in the add-in installation folder.

To remove this download:

To remove the download file itself, delete the file rhdtool.exe.

On the Start menu, point to Settings and then click Control Panel.

Double-click Add/Remove Programs.

In the list of currently installed programs, select Remove Hidden Data tool and then click Remove or Add/Remove. If a dialog box appears, follow the instructions to remove the program.

Click Yes or OK to confirm that you want to remove the program.

http://www.microsoft.com/downloads/details...&displaylang=en

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy