Newsgroup: comp.risks


Delivered-To: dds@aueb.gr
Return-Path: <risks-bounces+dds=aueb.gr@csl.sri.com>
Received: from mailgate-internal2.sri.com ([::ffff:128.18.84.104])
by blue.servers.aueb.gr with esmtp; Thu, 26 Aug 2004 21:19:41 +0300
Received: (qmail 2560 invoked from network); 26 Aug 2004 18:19:31 -0000
Received: from localhost (HELO mailgate-internal2.SRI.COM) (127.0.0.1)
by mailgate-internal2.sri.com with SMTP; 26 Aug 2004 18:19:31 -0000
Received: from postal.csl.sri.com ([130.107.1.19])
by mailgate-internal2.SRI.COM (SAVSMTP 3.1.2.35) with SMTP id M2004082611193010054
for <dds@aueb.gr>; Thu, 26 Aug 2004 11:19:30 -0700
Received: from postal.csl.sri.com (localhost [127.0.0.1])
by postal.csl.sri.com (8.12.9p2/8.12.9) with ESMTP id i7QIJSZi032875
for <dds@aueb.gr>; Thu, 26 Aug 2004 11:19:30 -0700 (PDT)
(envelope-from risks-bounces+dds=aueb.gr@csl.sri.com)
From: RISKS List Owner <risko@csl.sri.com>
Date: Thu, 26 Aug 2004 10:47:55 PDT
precedence: bulk
To: risks-resend@csl.sri.com
Message-ID: <CMM.0.90.4.1093542475.risko@chiron.csl.sri.com>
Cc:
Subject: [RISKS] Risks Digest 23.50
List-Id: RISKS <risks.csl.sri.com>
List-Unsubscribe: <http://lists.csl.sri.com/mailman/listinfo/risks>,
<mailto:risks-request@csl.sri.com?subject=unsubscribe>
List-Post: <mailto:risks@csl.sri.com>
List-Help: <mailto:risks-request@csl.sri.com?subject=help>
List-Subscribe: <http://lists.csl.sri.com/mailman/listinfo/risks>,
<mailto:risks-request@csl.sri.com?subject=subscribe>
Sender: risks-bounces+dds=aueb.gr@csl.sri.com
Errors-To: risks-bounces+dds=aueb.gr@csl.sri.com
blue.servers.aueb.gr
version=2.63-20040415.180434
RISKS-LIST: Risks-Forum Digest  Thursday 26 August 2004  Volume 23 : Issue 50

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/23.50.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Sequoia's new paper audit trail voting systems (PGN)
New Mexico votes lost in 2000 (Jeremy Epstein)
Mac Year 2004 bug (Tom Van Vleck)
Ford dumps Oracle system after four years of trouble (Lindsay Marshall)
Don't get stuck in the dark: a year later (Jeff Jonas)
U.S. air travel without government identification (Dan Wallach)
U.S. military sites offer a quarter million Microsoft Word documents
  (Diomidis Spinellis)
The GTS Katie - A risk of privatization or outsourcing (Joshua Newman)
Fire engine startup risks (J.D. Baldwin via Gary G. Taylor)
Google as back door for pay-per-view information (Sergei Lewis)
Network vandals face prison sentences (NewsScan)
"EXIT" signs too high (Henry Baker)
Re: U.K.: Don't smile for your passport picture! (James Moyer, 
  Michael Bednarek)
Re: Airport Express crypto broken by DVD Jon (Marshall Clow)
REVIEW: "Computer Security for the Home and Small Office", Thomas C. Greene
  (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------
[...]

Date: Wed, 25 Aug 2004 23:33:02 +0300
From: Diomidis Spinellis <dds@aueb.gr>
Subject: U.S. military sites offer a quarter million Microsoft Word documents

I was Google-searching for the Air Force Operational Test & Evaluation 
Center publication "Software Maintainability - Evaluation Guide".  To 
make my search more efficient I restricted it to military (.mil) sites, 
using the Google keyword "site:.mil".

I was not able to find the publication I was looking for, but was surprised
to see a number of Microsoft Word documents in the search results.  Most
comp.risks readers are surely aware that earlier versions of Word, running
on earlier versions of Windows would include in unused portions of the
document file anything that was previously in the memory space where Word
was executing.  A number of past comp.risks articles have documented
embarrassing incidents of confidential data leaking through Microsoft Word
documents; see for example RISKS-17.76, Thomas Gebe, "Risks of using
Microsoft Word", and RISKS-21.40, Clive Page, "Word file turns into two
disjoint texts".

I then modified my search to look for Microsoft Word documents made 
available on the web by US military sites:
http://www.google.com/search?q=+site%3A.mil+filetype%3Adoc

The search reports about 266,000 results.  I am aware that the US military
implements a strict separation policy between operational computers and
machines connected to the Internet, and that truly confidential data is
probably stored in multilevel secure systems protected by mandatory access
controls.[*]  However, I doubt that no gems are to be found in such a large
volume of inherently leaky data.

Diomidis Spinellis -     http://www.spinellis.gr
Athens University of Economics and Business

  [* Probably not multilevel secure.  More likely "system high" all
  aggregated together at a particular level such as Top Secret.  PGN]

------------------------------
[...]

End of RISKS-FORUM Digest 23.50
************************




Newsgroup comp.risks contents
Newsgroup list
Diomidis Spinellis home page

Creative Commons License Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.