Storage News
Security News
Networking News

FREE NEWSLETTERS

internet.commerce

Be a Commerce Partner
GPS Devices
KVM over IP
Dental Insurance
Logo Design
Promotional Gifts
KVM Switches
Prepaid Phone Card
Compare Prices
Send Text Messages
Online Education
Online Education
Promotional Products
KVM Switch over IP
Promote Your Website

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

eKit: Essential HP Solutions for Your Data Center
Data protection and disaster recovery tools help keep data secure and available under the worst of circumstances.

Download this eKit and get:

eBook: Guide to Storage Networking
eBook: Storage Networking 2, Configuration and Planning
Whitepaper: Storage Management Costs in the Enterprise: A Comparison of Mid-Range Array Solutions
Whitepaper: Virtualization - It's Not Just for Enterprises Anymore
Whitepaper: Continuous Real-time Data Protection and Disaster Recovery

Click Here!

Security Products

• Message Classification / Document Classification (Titus Labs)
• IronKey (IronKey, Inc)
• Mazu Profiler (Mazu Networks, Inc)
• MHZ2 CJ Series (Fujitsu Computer Products of America, Inc)
• Secure Mail / Secure DOX (Echoworx Corp)
• Enterprise Security Reporter (ScriptLogic Corp)

» Enterprise IT Planet » Security » Security Features

Whitepaper: Innovate Faster with Oracle Database 11g. Learn how you can innovate faster with Real Application Testing, manage more data for less with Advanced Partitioning & Compression & more.

AntiOnline Spotlight: Microsoft Metadata Forensics

By Enterprise IT Planet Staff
March 11, 2004

Email Print Digg This Add to del.icio.us

AntiOnline: Maximum Security for a Connected World

Imagine that your staff sends a client a Word document outlining a proposal that's been edited and massaged to perfection. So compelling is your message and professional the presentation that your every instinct tells you that you've hit the bulls eye.

Instead, your client calls asking that you make some concessions and knock a sizable chunk off your price, suspiciously close to the bare minimum your team was considering charging for the job.

They know something.

Indeed, but they didn't have to snoop on your employees or mount a daring late night break-in. No, your workers simply e-mailed them all they wanted to know.

Microsoft Word has a handy feature that allows you to view revisions to a document so that you can chart its evolution. If you fail to strip the doc of the metadata that chronicles these changes, others can see the different forms this document took before it worked its way through your office.

From that they can "see" the author fix embarrassing mistakes, modify pricing info and hastily delete the expletives brought on by a bit of writer's block and an empty coffee pot.

Apart from this, metadata can also reveal who had a hand in the document's creation and where it's been.

Before you volunteer more information than you want your customers, friends, bosses and competition to know, be sure to read this week's spotlight thread.

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Microsoft Metadata Forensics

Soda_Popinsky provides this brief but telling tutorial on how metadata can betray what you put in the final version of your docs. Complete with downloadable examples!

What this tutorial will do is show you one way to extract information that may prove useful to an investigation. What makes this tutorial cool is that I'll be using docs from a government about WMDs in Iraq that was released to the public. Reporters used the metadata to see who had access to this file, and who edited it, and someone got it trouble because of it. Let's get started...

A little sleuthing can turn up some juicy tidbits...

Open .doc with non-rich text editor
Clean up text
Find interesting info
Clean up more
Organize and investigate
So what do we have? Here are the file paths:

cic22J C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecoverysave ofIraq-security.asd cic22J C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecoverysave ofIraq-security.asd cic22J C:\DOCUME~1\phamill\LOCALS~1\Temp\AutoRecoverysave ofIraq-security.asd JPratt C:\TEMP\Iraq-security.doc JPratt A:\Iraq-security.doc ablackshaw C:\ABlackshaw\Iraq-security.doc ablackshaw C:\ABlackshaw\A;Iraq-security.doc ablackshaw A:\Iraq-security.doc MKhan C:\TEMP\Iraq-security.doc MKhan C:\WINNT\Profiles\mkhan\Desktop\Iraq.doc

What we have are a bunch of usernames, and paths. These paths represent where the users saved this document. So what does this mean?
All these names took part in making this file. You can even see that ablackshaw transferred the file on a floppy disk, and MKahn uses WINNT. Turns out these people are:
Paul Hamill - Foreign Office official
John Pratt - Downing Street official
Alison Blackshaw - The personal assistant of the Prime Minister's press secretary
Murtaza Khan - Junior press officer for the Prime Minister

ric-o tells us a debacle like this can be avoided if you download a little utility from Microsoft.

If you didn't see this, Microsoft released a metadata-cleaning tool, although it only works for Office 2003, which many people haven't upgraded to yet.

Need to download that handy metadata-stripping utility? Visit this week's thread for the link and access to the tutorial files so that you too can play British investigative reporter for a day.

Email Print Digg This Add to del.icio.us

Security Features Archives

eBook: Evaluating Software as a Service for Your Business. Sponsored by Webroot
Trend Micro InterScan Trial � Block Spam and Viruses Today
Stay up to date! Get real-time news and reviews about the latest innovations in internet technology.
Is secure, available data a challenge? Try Symantec Online Backup free for 30 days.
Flash Demo: Learn how IBM Information Server Blade is easy to manage, highly scalable and efficient.


Featured Solutions for Technology Professionals from Internet.com
Whitepaper: Optimizing HP Servers with Microsoft SQL Server 2008 Sponsored by HP This whitepaper discusses how SQL Server 2008, particularly 64-bit server configurations, together with the resources and technologies available on HP ProLiant and Integrity servers, offers a valid option for consolidating corporate data on one single device. Learn more.

Search:
Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia
Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions

Whitepapers and eBooks

Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES