Secrets put on internet in Whitehall blunders (2011)
telegraph.co.uk> Some officials use a software programme such as Photoshop to paste a black patch over secret text, obscuring it but not removing it. When documents are edited in this way, normal home or office software can disclose the obscured text.
Ahha! Yet another unquantifiable-but-potentially-very-expensive mistake caused by users assuming their tool was WYSIWYG when really it did more than that.
A similar thing happened last year, when someone "leaked" documents regarding Macron in the French election. Opening said documents in any professional PDF viewer showed the layers on top of the original photo, exposing it as a fake.
https://mobile.twitter.com/Numerama/status/86047888323742105...
Secrets put on internet in Whitehall blunders (telegraph.co.uk)
11 points by nthcolumn 1 hour ago
Thanks, belatedly added.
I know someone who tried to forge a material inspection certificate using MS Paint to edit some numbers. Unfortunately the color depth on her monitor was lower than the customer's and he could clearly see the scribbling out of the old numbers. However, this was in an industry with fairly low trust and people still need to get their work done so he just point out her mistake and asked for a real one rather than firing her.
Makes print-it-and-scan-it policies seem less insane! Is that still what we've got in the USA? It was last I heard.
That's not insane but actually quite sensible: it guarantees that lack of IT related skills does not compromise security. If I had to guess, that policy is the result of a risk assessment that did exactly what it was supposed to do.
The bit where it might be seen to have gone wrong is that you personally have not formally been made aware why it is a policy.
I'm trying to figure out what actually happened, technically:
> Some officials use a software programme such as Photoshop to paste a black patch over secret text, obscuring it but not removing it. When documents are edited in this way, normal home or office software can disclose the obscured text
They probably mean Adobe Acrobat, to modify pdf documents.
> The names of officials and outside experts involved had simply been blacked out with a marker pen, and could be read by printing the document and holding the paper up to the light.
Not sure, here - a /software/ "marking pen" that obscured the text, but the underlying text, presumably in a different shade, would be printed by a printer?
Interesting.
Probably editing the pdf in photoshop or illustrator, but not flattening the layers back down before exporting the document, causing the underlying information to be retained. The PDF format doesn't just function as a container for an image, it supports all kinds of layers.
In (perhaps another) instance, they set the background colour of a section of text to black, meaning the black text was not readable, but could still be copied away.
Makes you wonder what kinds of juicy stuff could be found by a web crawler that specifically looks for inadequately redacted PDFs.