I was Google-searching for the Air Force Operational Test & Evaluation Center publication "Software Maintainability - Evaluation Guide". To make my search more efficient I restricted it to military (.mil) sites, using the Google keyword "site:.mil". I was not able to find the publication I was looking for, but was surprised to see a number of Microsoft Word documents in the search results.
Readers of Peter Neumann's Forum On Risks To The Public In Computers And Related Systems (comp.risks) are aware that earlier versions of Word, running on earlier versions of Windows would include in unused portions of the document file anything that was previously in the memory space where Word was executing. A number of past comp.risks articles have documented embarrassing incidents of confidential data leaking through Microsoft Word documents; see for example RISKS-17.76, Thomas Gebe, "Risks of using Microsoft Word", and RISKS-21.40, Clive Page, "Word file turns into two disjoint texts".
I then modified my search to look for Microsoft Word documents made
available on the web by US military sites:
The search reports about 266,000 results. I am aware that the US military implements a strict separation policy between operational computers and machines connected to the Internet, and that truly confidential data is probably stored in multilevel secure systems protected by mandatory access controls. (Peter Neuman notes: Probably not multilevel secure. More likely "system high" all aggregated together at a particular level such as Top Secret.) However, I doubt that no gems are to be found in such a large volume of inherently leaky data.
(This entry appeared in comp.risks 23.50.)Read and post comments, or share through
Last modified: Tuesday, August 31, 2004 2:11 pm
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.