How to sanitize Doc and PDF documents, by the NSA

meta data by itself it not a bad thing.
what is a problem is when it is put into your documents without your knowledge, telling people who know how to look for it and extract it anything from what text used to be there, and was then deleted. all the way to who originally wrote the document and who last updated it.

therefore, meta data is a serious issue, especially with word documents. what you usually can do is:
1. download a meta data remover program and hope it does it’s job.
2. download some plug-in for word to try and do the same.
3. attempt doing so yourselves.

or

4. do it my way, copy-paste the whole document to a newly created one (that will not remove your author information though, as an example).

you can find out more about meta data by going to.. google.

the nsa released an how-to on sanitizing meta data in doc and pdf files. check out their pdf.

i really see this as important as a lot of sensitive information gets stolen from many organizations (civilian and government) by using attack techniques for meta data gathering, and there have been big mistakes done in the past with sensitive information (such as marking lines black in a pdf while the real text is still there, just hidden).

an attacker does not even have to steal sensitive documents. as one example of an attack, he or she can go and check your company’s web site for officially released documents.

a couple of examples to past issues:
sco.
online document search.

gadi evron,
ge@beyondsecurity.com.

Share