IT Baseline Protection Manual T 2.54 Loss of confidentiality through hidden pieces of data.
T 2.54 Loss of confidentiality through hidden pieces of data.
During electronic data communication or transmission of data media, information that should not leave the institution is frequently passed. The possible reasons for an inadvertent transfer of information are listed below: .
A file contains some pieces of text formatted in a hidden or non visible mode. Such pieces of text can include statements, which are not addressed to a recipient.
Files created with standard software, including text processor or spreadsheet programs can contain additional information such as the structure of directories, version numbers, creator, modification time stamp, last time of printing, document name and document descriptions.
If a file is copied to a floppy disk, an entire physical memory block will be filled. If the original file does not require a complete memory block , the IT system fills up the unused section of the block with discretionary 'hidden' data.
All current releases of Winword offer the possibility of using the 'quick-saving' option for all created documents This ensures only that the modifications of a document will be saved. This takes less time as compared to a complete saving procedure, in which Winword has to save a completely modified file . However, a complete saving procedure requires less storage on the hard disk than does a 'quick-save' procedure. The decisive disadvantage, however, is the fact that a file can contain textual fragments which were not foreseen for distribution by the author.
Examples:
Due to the use of a different editor, a user accidentally discovered several URLs, followed by a user name and a password from a file which was ready and prepared for sending. The address of a WWW-document is called URL (Uniform Request Locator). The access to a WWW-page can be password-protected
Presentation slides built with Microsoft Powerpoint were handed over as files to a third party by a public authority. Later it was detected, that it was not only the presentation slides, but that it also included information about the user environment, such as information about the newsgroup subscribed to by the user and which articles from the newsgroups he had already read. Among other things the PowerPoint file contained the following entries:
