Wednesday, December 09, 2009


Simply blacking out information in a Portable Document Format file won't keep data from prying eyes.

TSA officials posted what they thought was a redacted version of the TSA's airport security operating manual on a Web site used by private contractors looking for government work. The problem: the officials didn't actually delete sensitive parts of the document—they just blacked them out using a graphics tool.

That method left the underlying words intact, and they were exposed when readers cut and pasted pages from the document, "Screening Management Standard Operating Procedures," into a new file. The vulnerability isn't technically a bug in Adobe's product, but its existence shows how those handling secure information should be fully trained in the software they're using.

The end result of the foul-up was that highly sensitive information about TSA screening methods, interviewing procedures, X-ray machines and other terrorist prevention tools became easily available to millions of people on the Web.

This is just another case of the user failing to distinguish between a graphical blackout and deleting information. There have been many such incidents and Adobe invariably blames user error. But the Adobe design is completely counter intuitive. Adobe needs to correct this before someone gets killed.

No comments: