Word.
Of course all of us knew this. The article is good for explaining to non-technical friends. http://interactive.wsj.com/articles/SB972002214791170991.htm October 20, 2000 Electronic Form of 'Invisible Ink' Inside Files May Reveal Secrets By MICHAEL J. MCCARTHY Staff Reporter of THE WALL STREET JOURNAL ST. PAUL, Minn. -- For weeks this summer, Mike Ciresi's campaign staff was baffled by a strange series of e-mail messages slamming the U.S. Senate candidate. Sent to Minnesota Democratic Party officials, the messages were signed by a Katie Stevens. But after a failed attempt to track her down, Mr. Ciresi's staff began to suspect foul play. The first e-mail, which arrived in May, impugned the candidate's ethics and those of his Minneapolis law firm. It was accompanied by six pages of court cases, citations and footnotes. The attachments convinced Mr. Ciresi's staff that the e-mail was part of a well-funded "opposition research" effort. But two months and three negative e-mails later, his staff still had nothing to go on. Then in July, one tenacious Ciresi aide, playing a hunch, made a few mouse clicks and uncovered an intriguing clue: hidden text that seemed to link the e-mail to the campaign of the Republican incumbent. Tracking the Metadata It turns out there's more than meets the eye in the average word-processing document. A typical Microsoft Word file, for example, can include the author's name, the name of his or her company, the names of each person who has worked on the document and, depending on the options selected, deleted text and other revisions, all hidden from view, as if written in invisible ink. That's because Word, the dominant word-processing software, contains a lot of what Microsoft Corp. calls "metadata," information that doesn't appear on a user's screen simply because commands in the file tell computer monitors and printers to ignore it. But a savvy reader can peek at much of this behind-the-scenes fiddling by using widely available text-reader programs, such as Notepad, or by simply selecting the right word-processing options. Sometimes, depending on a computer's settings, Word revisions that weren't at all visible to the writer are obvious to the recipient. And when those documents get zapped through cyberspace as e-mail attachments, the inside information they contain can set the sender up for embarrassment or worse. 'Highlight Changes' One such e-mail snafu in Seattle sent both parties scrambling for fixes. In late 1998, Payne Consulting Group received an e-mail that included an attached contract prepared for it by its law firm, Davis Wright Tremaine. By clicking on the "highlight changes" option, Payne and the law firm say, Payne could clearly see revisions that revealed the contract had originally been drafted for another Davis Wright client. The law firm quickly devised security procedures for removing hidden text from its files. Payne, meanwhile, developed a free program called Metadata Assistant to purge any unseen, unwanted information from documents. The program can be downloaded from the firm's Web site, www.payneconsulting (www.payneconsulting.com). One reason Payne doesn't charge for it: "We can't guarantee everything is stripped out," says Robert Affleck, vice president of development. "The big concern is that people are sending around things they don't know they're sending around," says Steve McDonald, associate legal counsel at Ohio State University, who teaches a class in cyberspace law. Microsoft has "gotten few customer complaints" about the problem, says Lisa Gurry, a product manager for Microsoft Office. But she adds that those will be addressed in late spring in the next version of Microsoft Office, which will include a "privacy option" to allow a Word document's author to "remove all personal information with the click of one button and be warned if you're saving tracked changes and comments." For now, Microsoft offers a nine-page article through its Web site on "How to Minimize Metadata in Microsoft Word Documents." It was this kind of data that gave Ciresi campaign aides the first break in their investigation of the e-mails plaguing their candidate. The first in the series, titled "Who Is Michael Ciresi?", arrived May 19. It described the clients of law firm Robins, Kaplan, Miller & Ciresi as "a rogues' gallery of polluters, price fixers, tortfeasors, predators, civil-rights violators and frauds." A second searing e-mail arrived just before Minnesota Democrats convened in early June to endorse a candidate in the state's senatorial race. A third followed. Then, a fourth. "I was getting so frustrated trying to figure out where these came from," r
Re: Word.
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 20, 2000 13:29 PM
Subject: Word.
> Of course all of us knew this. The article is
> good for explaining to non-technical friends.
>
> http://interactive.wsj.com/articles/SB972002214791170991.htm
>
> October 20, 2000
>
> Electronic Form of 'Invisible Ink'
> Inside Files May Reveal Secrets
> "Come here, you gotta see this," Mr. Hinds says he called out to fellow
> campaign workers, who gathered around his computer. They started
> searching through the previous e-mails. The first one said "Last Saved
> by: Kinko's Customer" and listed "gunhus" as the author. They found
> other names and more dates and times that the documents had been created
> and stored.
>
> The Ciresi campaign alerted local authorities to its discoveries, which
> were first reported by the Minneapolis Star Tribune.
Naturally, statists always run to the government for backup (gun-wielding
thugs) when they are in trouble.
> The campaign
> alleged that the masquerade wasn't just a political dirty trick but
> a possible misdemeanor
So why is this even called "a political dirty trick?" Don't they call this
"opposition research"?
>. A Minnesota law, which was designed to
> discourage anonymous attacks on politicians, requires those involved
> in election campaigns to disclose that fact in any political literature
> they prepare or distribute.
Obviously a 1st-amendment violation.
[deletia flagrante]
> County investigators, however, proceeded carefully, after learning
> that anyone could easily have framed Ms. Gunhus by entering her name
> in the properties box. "I could put in that 'William Shakespeare' is
> the author," says Bryan Lindberg, the assistant attorney leading the
> inquiry.
"Plausible deniability is maintained!"
> But then, Mr. Lindberg says, his team uncovered a more substantive
> link. Subpoenaed phone and Internet-access records linked the "Katie
> Stevens" Hotmail account used to send the attack e-mails to a Kinko's
It seems there's a real problem with this. Even if we assume the "legality"
of the anti-anonymous-attack law mentioned above, it seems to me that the
police would have no probable cause to investigate an incident when they had
no evidence that a crime had actually yet occurred. This would be
particularly true if there was no other obvious crime being committed: A
publication of true facts about a political candidate, even anonymously,
would not necessarily trigger the law's $300 limit.
Looks to me like the police were doing a political favor in looking into
this case.
> document-processing center and a phone line listed as belonging to
> Ms. Gunhus's home, according to an affidavit filed by the county
> attorney's office as part of its search-warrant request. "The telephone
> number back to the Gunhus residence in Ham Lake gave us the probable
> cause to look at her computers," Mr. Lindberg says.
Actually, it probably DIDN'T _really_ give them genuine "probable cause."
It gave them what should be best described as "possible cause": It
indicated that Gunhus had POSSIBLY violated a (unconstitutional) law. (Or
someone living with her, etc...)
("Probable cause" is one of the most seriously abused concepts in American
law these days, even more then "beyond a reasonable doubt." IMNSHO, they
can't possibly have "probable cause" if they can't prove at least a 51%
probability that a crime has been committed and the location of the search
contained evidence of the crime. They probably rarely have this.)
> Mr. Ciresi lost his state's Democratic primary last month.
Seems he deserved it.
> The investigation into the e-mail messages continues.
The word "gullible" is not in any dictionary
At 8:08 PM -1000 7/25/00, Reese wrote: >At 12:15 AM 25/07/00 -0700, Tim May wrote: >> >>In my view, what I heard did far more bad than good. Witnesses were >>babbling about the need to see what the Carnivore system did, so that >>the rights of the unpersecuted whom the warrants did not apply to >>could be protected. >> >>Fuck that noise. > >You mean, the rights of the innocent, who are presumed to be innocent, >don't you? Get a clue. You do know, don't you, Reeza, that neither "irony" nor "gullible" are in any English dictionary? --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
Disk INsecurity:last word on deletes, wipes & The Final Solution.
Disk INsecurity:last word on deletes, wipes & The Final Solution. My fellow Cypherpunks, On the matter of getting rid of dangerous info on your hard disk, here is a very interesting quote from The GIANT BLACK BOOK of COMPUTER VIRUSES, second edition by Dr. Mark Ludwig American Eagle Publications,Inc P.O. Box 1507 Show Low, Arixona 85902 see http://www.logoplex.com/resources/ameagle QUOTE If one views a diskette as an analog device, it is possible to retrieve data from it that has been erased. For this reason even a so-called secure erase program which goes out and overwrites clusters where data was stored is not secure. (And let's not even mention the DOS delete command, which only changes the first letter of the file name to 0E5H and cleans up the FAT. All of the data is still sitting right there on disk!) There are two phenomena that come into play which prevent secure erasure. One is simply the fact that in the end a floppy disk is analog media. It has magnetic particles on it which are statistically aligned in one direction or the other when the drive head writes to disk. The key word here is STATISTICALLY. A write DOES NOT simply align all particles in one direction or the other. It just aligns enough that the state can be unambiguously interpreted by the analog- to-digital circuitry in the disk drive. For example, consider Figure 36.2. It depicts three different "ones" read from a disk. Suppose A is a virgin 1, written to a disk that never had anything written to it before. Then a one written over a zero would give a signal more like B, and a one written over another one might have signal C. All are interpreted as digital ones, but they're not all the same. With the proper analog equipment you can see these differences (which are typicall 40 dB weaker than the existing signal) and read an already-erased disk. The same can be said of a twice-erased disk, etc. The signals just get a little weaker each time. The second phenomenon that comes into play is wobble. Not every bit of data is written to disk in the same place, especially if two different drives are used, or a disk is written over a long period of time during which wear and tear on a drive changes its characteristics. (See Figure 36.3) This phenomenon can make it possible to read a disk even if it's been overwritten a hundred times. The best defense against this kind of attack is to see to it that one NEVER writes an unencrypted disk. If all the spy can pick up off the disk using such techniques is encrypted data, it will do him little good. The auto-encryption feature of KOH can help make this NEVER a reality. 1.2 | 1 | ..CM | ..AA 0.8 | ..BG | . N 0.6 | . E | . T 0.4 | . I | . Z 0.2 | . A |T 0 -I O Figure 36.2N \\\ ||previous write | p | \\ | R |\ | | e | last | | v | write | | i | | | ous| | \--- \ \ \|--\--\ Figure 36.3 UNQUOTE Another problem with wipes is that, as long as 5 years ago, manufactures of disk drives were adding caching functions to the hard drives that were not visible to software. Maybe you can program around a software cache when writing a wipe program but a hardware cache looks like a real problem. Are writers of wipe programs aware of disk hardware caches? With disk caching, you may get one real wipe and several virtual wipes. When I started writing my wipe program, SUPERWIPE, I was not aware of hardware caches. THE FINAL SOLUTION The only way to make sure of disk security is to use encrypted disk programs. That way dangerous plain text never touches your hard drive. I would recommend SECUREDEVICE & SECUREDRIVE. Both are excellent. SECUREDEVICE is easier to use but SECUREDRIVE is a better product. Both may be found on the Internet. Yours Truly, Gary Jeffers BEAT STATE! WAKE UP AND SMELL THE CLINTONS!!! __ Get Your Private, Free Email at http://www.hotmail.com
Disk INsecurity:Last word on deletes, wipes & The Final Solution.
Jim Choate writes "...Fourier Analysis..." for ressurecting wiped data. This is interesting but a question arises: How do you interrogate the data? That is: what INT's (pc interrupts) do you use to look at the data? Actually, maybe I should say the sectors rather than the data. Are these undocumented DOS? Also, I hear stories of companies that unwipe data. Who are these companies? What is the name of the software that they use? Is it available to cops only? Where can we get it? Yours Truly, Gary Jeffers BEAT STATE __ Get Your Private, Free Email at http://www.hotmail.com
Re: The word "gullible" is not in any dictionary
At 9:18 PM -1000 7/25/00, Reese wrote: >At 11:19 PM 25/07/00 -0700, Tim May wrote: > > >Get a clue. > > >>You do know, don't you, Reeza, that neither "irony" nor "gullible" > >are in any English dictionary? > > >And that subject line? What, am I supposed to provide a link from m-w.com >now? Get a life. No further comment is needed. --Tim May -- -:-:-:-:-:-:-: Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.
