Catch up on stories from the past week (and beyond) at the Slashdot story archive

typodupeerror
• #### Whiteout (Score:2)

Blacking out the secrets clearly isn't a good strategy.
Next time, they should just put whiteout on the screen to cover up the secret parts.
• #### Re: (Score:3)

Blacking out the secrets clearly isn't a good strategy. Next time, they should just put whiteout on the screen to cover up the secret parts.

Blacking out the secrets is excellent strategy if the data is actually misinformation.

The cheapest way to win an arms race is to trick your opponent into believing that you've got better gear, without actually wasting billions of dollars on said gear.

• #### New career? (Score:1)

If the editor needs a new gig, I'm sure there's room for them at Slashdot!

• #### A NSA approach (Score:1)

by Anonymous Coward

Consider "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word 2007 to PDF" at http://www.nsa.gov/ia/_files/support/I733-028R-2008.pdf

• #### Seriously, again? (Score:1)

Isn't this like the third or forth time this has happened? I seem to recall both the FBI and TSA making the same mistake somewhat recently. At least within the last couple of years. I guess people can't learn from others mistakes after all...
• #### Re: (Score:2)

It's a fact of life that people will screw things up. You can attempt to reduce the number of screwups through training people, disciplining those that refuse to comply and reducing the number of people performing high risk tasks but it's almost impossible to reduce it to zero.

How many redacted documents do you think are released every year? Frankly i'm surprised we don't see stories like this far more often.

• #### Johnny English (Score:2)

Our secret service is just one big trailer for the forthcoming Johnny English sequel.
• #### Classification paranoia (Score:5, Interesting)

on Sunday October 09, 2011 @06:46PM (#37657058) Homepage

Having worked in the classified world (pre 9/11), it was surprising how little military information was classified. The front-line military view of secrecy is that secrecy is a short-term thing. "Where the ship was last week is unclassified. Where the ship was yesterday is confidential. Where the ship is now is secret. Where the ship will be tomorrow is top secret." Sooner or later, if it matters, the enemy will find out what you're up to. Preferably when your attack hits them.

On the other hand, what your troops, ships and planes can do is generally well known. Too many people have to know. Secret capabilities do exist, but, again, they're time-sensitive. Eventually you have to use the secret weapon, after which it's no longer secret.

Vulnerabilities are more of a problem. The U.S. Army tried to keep secret the vulnerable spots on a M-1 Abrams tank. But once Iraqi insurgents had found the places on the turret ring to aim at, trying to suppress the pictures of the damage was sort of stupid.

When planning proposals, we estimated that running a project at SECRET doubled the cost, and running at TOP SECRET quadrupled it. (The clearance process takes many months, the physical security is expensive and slows you down, and worst of all, the people who spend too much time in classified tanks get out of touch technically.) The intel community was willing to pay that price - the military, not so much.

• #### What morons (Score:1)

I mean really. Adobe Acrobat has an easy to use Redaction tool specifically designed for this sort of thing. Not only does it properly black out and remove the text underneath, it can also scrub the removed data from the PDF so that some smart fellow cannot undelete the contents. It's really not hard at all... unless of course you're paying peanuts to someone who doesn't give a shit about doing things correctly and instead just wants to give the impression of having done the job.

• #### "Looks good to me" doesn't work in security (Score:3)

on Sunday October 09, 2011 @07:23PM (#37657394) Homepage
Bruce Schneier said it best:

The problem with bad security is that it looks just like good security.

In this respect, the problem comes down to incompetence at some point in the chain of command, and (by transitive closure) lack of effective oversight at all points above that one. But that's not an excuse, just a description of the pathology.

• #### Sorry, funniest thing I read for a Monday morning (Score:1)

Poor receptionist is all I can say. She was trying to do her best but didn't know any better! Shame on them!
• #### For fucks sake! (Score:2)

Adobe Acrobat has a REDACTION feature built specifically to address issues like this.
It's not hard to use - arguably it's even easier than trying to find the text and putting a black background behind it.
It not only removes the text (or other objects) on the page that you are redacting, but it provides a very easy interface to use.
It also removes additional metadata (full text indexes, other personalised information such as document creator etc) and you can do a search and redact to redact specific strings.

• #### Redacting text in LaTeX (Score:3)

on Monday October 10, 2011 @03:08AM (#37659762)
A few years ago I also found I needed to redact text from a document.  I do most of my document processing in LaTeX, and found that the following works nicely.  It replaces (not overprints) all text inside \redact{...} with a black bar, and copes well with wrapping across lines and pages.

\RequirePackage{soul,color}
\sethlcolor{black}
\makeatletter
\def\phantom@SOUL@ulunderline#1{{%
\setbox\z@\hbox{#1}%
\dimen@=\wd\z@
\dimen@i=\SOUL@uloverlap
\rlap{%
\null
\kern-\dimen@i
}%
}}
\DeclareRobustCommand\redact[1]{\begingroup
\let\SOUL@ulunderline\phantom@SOUL@ulunderline
\hl{#1}%
\endgroup}
\makeatother
• #### Not 'cutting-and-pasting'. (Score:2)

making it possible for anyone to access the information simply by cutting-and-pasting.

Surely it's 'copying-and-pasting'?!

• #### Re: (Score:2)

The correct method for retrieving the text had been obfuscated for security reasons.

• #### I think they did this on purpose (Score:2)

The military-industrial complex would much prefer to operate with no oversight at all.

We have a perverse system where such oversight is acceptable only if it does not compromise security (rather than the other way around.)

So by screwing this up on purpose, the military can plead security concerns and never publish anything at all, because any public oversight whatsoever will be too risky.

Never ascribe to malice what can be explained by incompetence? Well, malice exists, even though

• #### Fake leaks ? (Score:2)

I know one should'nt attribute to malice what can be explained by incompetence but I can't prevent myself to think that if I wanted to leak fake informations, I would use exactly that kind of procedures.

Western governments jumped late in the infowar bandwagon but they are going there. Fake leaks are doomed to happen.
• #### Let the 'Hacking' begin... (Score:2)

Maybe next we can see people prosecuted for "hacking" for copying and pasting the text so they can read it. If truncating or guessing an URL can be considered hacking, surely this can be too.

#### Related LinksTop of the: day, week, month.

"If the code and the comments disagree, then both are probably wrong." -- Norm Schryer

Working...