Wednesday, January 25, 2006

Metadata vanity

NSA Issues 'Metadata' Guidelines for Agencies

Following a series of foibles in which federal agencies and even the White House issued documents that contained hidden data that readers weren't meant to see, the the National Security Agency has issued guidelines for the federal government on removing revision histories and other so-called "metadata" from official documents before public release.

Metadata literally means "data about data", but that's not very descriptive. Essentially, metadata is automatically embedded in documents created with popular software such as Microsoft Word or Adobe Acrobat, and includes things like the document author's name, the date it was created, and often any changes or revisions that have been made and by whom.

... In a presentation at the recent Shmoocon hacker conference, Joe Stewart, a senior security researcher at LURHQ, talked about how authorities seized Essebar's computer and found a copy of the worm's source code. When they dissected it they uncovered some interesting metadata: Apparently Essebar had compiled the worm's source code with Microsoft Visual Studio, which embedded the text string "C:\Documents and Settings\Farid." Possessing source code for a worm that whacked a bunch of Fortune 500 companies is bad enough, but having your name engraved in the heart of it is downright damning.

It’s vanity that gets crooks every time.

No comments: