Leaky images and other foibles of office documents

[harlan4096]

If you work with sensitive data, these obscure features of PDF, MS Office, and cloud documents are worth knowing.

Reports, articles, marketing materials — all are document types most of us handle at some point. We write and edit them on computers, e-mail them to colleagues or friends, share them in the cloud, hand them to clients, and so much more.

If a file you intend to show to others contains information they shouldn’t see, however, you could run into problems. Let’s figure out how to prevent that.

Capricious images

Secrets such as passwords in the background often show up in images, and by no means do all editing tools get rid of them properly. For example, even if you thoroughly blur over sensitive information with a semitransparent brush, simply tweaking the brightness and contrast is sometimes enough to reveal the secret.

To find out how an image can inadvertently spill confidential information — and how to hide it — read this post.

In a nutshell, to really hide passwords, bar codes, names, and other secret data in images you work with in a graphics editor, you need to remember two things.

First, perform any blurring with 100% opaque tools. Second, publish the image in a “flat” format such as JPG or PNG to prevent others from stripping it into separate layers.

But what if you see secret information in an image that’s embedded into a text document?

Mischievous PDFs

Let’s say you’re about to send a brochure to a client when you realize one of the images contains a colleague’s personal data. You draw a black rectangle over it, using the paid version of Adobe Acrobat on your office computer. All set, right?

Alas, if you send that document, the client will still be able to glean too much information about your colleague. Acrobat is not made for image editing, and it has no function to combine a picture with whatever you draw on top of it, so anyone who opens the file can delete or move rectangles and other surface graphics.

Exporting from Word to PDF

In some cases, it’s handy to adjust an image in the format in which you created the document (for example, DOCX), and then export it to PDF format. For example, if you crop an image, the trimmed part will not transfer to the PDF. Many people use that simple method for light edits on an image in a document.

However, it’s important to remember that not every image edit works to hide information in that way. For example the black rectangle trick will still fail.

If, after exporting the MS Word file to PDF, you open the resulting file in Adobe Reader and then copy and paste the image back into Word, you will see the original image with no obscuring rectangle.

When you export from Word to PDF, the original image and the object drawn on top are not combined. They’re saved separately. Any concealed bits remain in the file as well.

Ultimately, Microsoft Word is not designed for image editing any more than Acrobat Reader is. If you see a picture that needs altering in a text document, do the editing in a proper graphics editor and then reinsert it in the document.

Microsoft Office Document Inspector

Images are not the only items in a document that can retain private information. Others include headers and footers; tracked revisions, comments, and hidden text; linked files such as Excel spreadsheets that form the basis of charts in a report; sometimes even the name of a document author meant to be anonymous.

A single file can be full of such trifles, and it’s easy to forget any or all of them.

To help detect such potential information breaches in good time, Microsoft Office provides the Document Inspector tool. It scans everything mentioned above, including metadata (such as author’s name), headers and footers, hidden text, embedded objects, and so on.

To inspect a file using Document Inspector in Office 365:

• Open the File tab;
  
• Select Info;
  
• Click Check for Issues;
  
• Select Inspect Document.
  

The names of the settings may differ depending on the version of Word.

If Document Inspector finds sensitive data, it suggests removing it or recommends a safer alternative. For example, if you added a chart from Excel as an interactive object, the tool recommends inserting it as a picture instead — that way the recipient will see it but not be able to examine the original table.
...

Continue Reading