CNET tech sites: Price comparisons | Product reviews | Tech news | Downloads | Site map
Front PageEnterpriseE-BusinessCommunicationsMediaPersonal TechnologyInvestor

News.context: Special Reports | Newsmakers | Perspectives
Email attachments can be pretty revealing
By Brian Livingston
October 5, 2000, 12:00 PM PT

People routinely attach word processing documents to email messages without realizing that the attachments may reveal more than they ever intended.

For example, law firms commonly attach legal contracts to email. But it's easy for documents from word processing programs, such as Microsoft Word, to contain material that was supposedly deleted.

Kevin Lyda is a Unix programmer who said he recently received an employment contract in the form of an attached Word document. Since his computer didn't have a copy of Word, Lyda said he ran the attached file through "strings," a Unix utility that displays only the text characters in a file.

He said he found that Word had saved within the file at least five previous versions of the same employment contract--including the terms that had been offered to previous job applicants.

"It's the one time I've found a Microsoft product useful," Lyda quipped. "I discovered that my offer was quite competitive compared to others in the company. Only one person got a better bonus."

The old versions of the document were probably retained because of Word's "Allow fast saves" feature. The feature can be turned on or off by clicking Tools, Options and then checking or unchecking the box that is found under the Save tab. Few Word users know this trick exists.

The "fast save" feature tacks a record of each change onto the end of the computer file that is written. This cuts down on the time the program spends saving files. But it also retains older sections that may have been deleted from the visible document.

Turning the feature off causes the program to rewrite each document from scratch, removing older wordings.

But it's not just Word that can expose your darkest secrets to email recipients. A different problem affects any word processing program that permits revisions to a document to be highlighted, accepted and rejected.

This feature, which in some programs is called "Track changes," allows several people to make edits to a document. A reviewer can then examine the document and accept or reject individual changes.

But unfortunately, you may someday write, "The jerk wants the following changes"--and then find that "the jerk" found all the supposedly invisible revisions.

In Word, for example, revisions like these remain in a document unless a person clicks the program's "Accept all" changes command.

An unwitting Word user may simply turn off the "Highlight changes" feature. In that case, all comments and revisions remain in a document, waiting for a recipient to turn the feature back on.

Avi Rubin, a correspondent of the security-oriented Risks Digest newsletter, said a single command in Word exposed the revisions in a contract sent to him by a lawyer.

"We got a good look at the previous version of the contract," Rubin said, "as well as a bunch of comments and justifications that the lawyer wrote to his client."

In extreme cases, documents made available on the Web can endanger lives.

Last June, The New York Times posted on its Web site a classified CIA report on the 1953 overthrow of the government of Iran.

To prevent reprisals against the coup plotters or their descendants, the newspaper's staff "blacked out" several names in the report, which had been scanned page by page.

But the names were available to anyone with a graphical editing program. That's because the Times had drawn boxes over the sensitive names using Adobe Photoshop.

As described by security site Cryptome, the black boxes the Times had drawn over the names could be removed using any similar program. Even halting a browser while it drew certain pages could reveal some of the names before the boxes were fully formed.

The Times revised the pages on its Web site to eliminate the problem.

When distributing sensitive documents, you may want to consider formatting them as HTML, as this Web format is much less likely to store old revisions. And for the truly paranoid, there's always plain text.

Consumer advocate Brian Livingston appears at CNET every Friday. Do you know of a problem affecting consumers? Send info to He'll send you a book of high-tech secrets free if you're the first to submit a tip he prints.

More Perspectives

Brian Livingston has published 10 books, including "Windows 2000 Secrets" and "Windows Me Secrets." He has been a contributing editor at PC World, Windows Magazine, InfoWorld and other magazines for more than 10 years. Before his work as an author, Livingston was a management consultant advising financial institutions on computer technologies. In 1991, he received the Award for Technical Excellence from the National Microcomputer Managers Association for his efforts to develop standards in the computer industry.


Latest Headlines
display on desktop
GE sparks market rally
Loss grows for Corel
Microsoft puts a price on IM features
Prices fall for CD rewritable drives
Homestore execs agree to plead guilty
Hotwire double-bills customers
Penguin on the prowl
Web leak of Linux lets Hat out of the bag
PayPal goes international
Who's living large at Terra Lycos?
Crooks will still be crooks
Handspring lays off 20 percent
Nvidia chips grease faster PC link
Bell Labs fires researcher
Enron auction hampers DoveBid site
China arrests Web writer for subversion
Vivendi lays out new strategy
Study: Stop trying to lock out pirates
Computer makers gird for holiday battle
Ulead updates photo software
This week's headlines

News Tools
Get news by PDA
Get news by mobile
Listen live to CNET Radio

CNET newsletters Daily Dispatch

News.context (weekly)

Investor Daily Dispatch

Week in Review

All newsletters | FAQ
Manage my newsletters

Send us news tips | Contact Us | Corrections | Privacy Policy

   Featured services: CNET SearchBar | Hosting Providers | IT Resources | Back to School Guide | Tech Jobs   
  CNET Networks: | CNET | GameSpot | mySimon | TechRepublic | ZDNet About CNET  

Copyright ©1995-2002 CNET Networks, Inc.All rights reserved. CNET Jobs