Brian Krebs’ Security Fix blog at the Washington Post discusses document security. Anyone who has been a consultant has likely been a victim of information leakage associated with metadata. Most of the time, this is harmless, though possibly embarrassing. Other times, as with some of the incidents Krebs describes, it is worse. I wrote about 29 specific content attributes back in May. Bitform, the company that provided the list, recently released a study of Fortune 100 websites with over 8,000 Microsoft Office files on them. Here are the results:
|
Target Element |
Occurrence Rate |
Files Affected |
|
Audio and Video Paths |
0.4% |
36 |
|
Author History contains paths contains network share names |
46.4% 36.7% 14.4% |
3733 2950 1158 |
|
Comments |
2.1% |
165 |
|
Content Properties |
99.8% |
8020 |
|
Custom Properties |
5.5% |
446 |
|
Database Queries |
0.0% |
1 |
|
Embedded Objects |
24.8% |
1994 |
|
Encryption |
1.1% |
92 |
|
Fast Save Data |
10.1% |
813 |
|
Hidden Cells |
3.9% |
315 |
|
Hidden Slides |
1.9% |
151 |
|
Hidden Text |
0.9% |
76 |
|
Linked Objects |
0.1% |
11 |
|
Macros and Code |
5.1% |
409 |
|
Office GUID Property |
17.2% |
1386 |
|
Outlook Properties |
17.1% |
1378 |
|
Presentation Notes |
13.6% |
1093 |
|
Printer Information contains network share names |
30.9% 18.0% |
2480 1447 |
|
Routing Slips |
0.0% |
0 |
|
Scenario Comments |
0.0% |
0 |
|
Sensitive Hyperlinks |
0.4% |
29 |
|
Sensitive Include Fields |
0.3% |
22 |
|
Statistic Properties |
99.9% |
8028 |
|
Summary Properties |
99.3% |
7978 |
|
Template Name |
7.4% |
592 |
|
Tracked Changes |
6.5% |
521 |
|
User Names |
98.9% |
7950 |
|
Versions |
0.0% |
4 |
|
Weak Protections |
3.5% |
278 |
For detailed descriptions of each of these target elements, get the paper. Btw, the level of diligence assigned to this information is virtually nil – it is taken at face value. Given that it always appears that public incidents involve the government and/or politics, I wouldn’t put it past political operatives to insert bogus information to harm a competitor or foe.
Here at Workshare, we run a public benefit site at http://www.metadatarisk.org which catalogs all major document leaks of this type. Those who are interested may find it to be a useful resource.
Ken Rutsky
Information is leaked when you forget to make clean of digital data physically clean of metadata. These are simple precaution that is necessary steps. For more information you can see http://www.PinionSoftware.com