Sanitizing Word documents

A new document from the National Security Agency is getting a lot of link love, thanks to a recent mention by Cory Doctorow at BoingBoing.

Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF, which has a publication date of December 13, 2005, covers an important topic, and the authors do a good job of getting across their primary message: If you plan to publish a document originally created in Word, you have to look very carefully for sensitive information that you don’t want to reveal. When you find it, you have to delete it, permanently, not just hide it or cover it up.

So far, so good. But I was taken aback by this statement:

The following steps were tested with MS Word 2000 and Acrobat 5.0 and 6.0. Other recent versions should work similarly.

“Should work similarly”? That doesn’t give me a lot of confidence. If you’re going to go to the trouble of producing a definitive set of guidelines for such a crucial subject, why use only one seven-year-old version of Word? How long could it have taken to test these procedures with Word 2002 (from Office XP) and Word 2003 (from Office 2003)? And why not give it a run-through with Acrobat 7.0, the current version?

Q&A: Windows Product Activation

Two system builders left interesting questions in the comments section of my earlier post, Everything you always wanted to know about Windows Product Activation.

TJ asks:

I was just wondering if anyone knows of any tool out there that is able to validate a keycode, I mean to check if this keycode is still valid, has not been activated. I know I can call MS but when you have to check over 100’s of licenses its not really convenient.

I know of no way to check the validity of a Windows product key except by trying to activate an installation. In fact, if such a tool did exist, I presume hackers would target it immediately with a flood of requests to find valid, unactivated keys.

The answer (and it doesn’t work retrospectively) is good record-keeping. If you keep unactivated license codes in one file folder, you can pull one out and use it when needed. As soon as that code has been activated, write down the customer’s name and invoice number and then move the paperwork to a second folder, where you keep “used” (i.e., activated) license codes.

Next up, Jake Andrews asks:

We are a small Computer Repair service, and System Builder. We use nothing but legit software and operating systems, all are sold with the OEM OS package: CD/COA-Sticker.

However, we repair lots of Dell/HP etc systems, and often require an OS re-install, and the Keys on the COA sticker do not work without a 10 min call to Microsoft. This has begun to drive us crazy, is there no way around this? Of course the clients don’t have the original CD’s even if they were provided from the manufacturer, but with a legit Key there should be a way around this.

This one’s tricky. If the client brings in the original recovery CD provided by Dell or HP (both royalty OEMs), you can reinstall the operating system and no activation is required. If you use the key on the sticker, however, you have to call in. No way around it, as I explain in the Royalty OEM section of the original post.

If it were my business, I’d tell clients upfront that there’s a $20 extra service charge if they own an SLP-locked operating system and don’t bring in their original distribution media when they bring their PC in for repair. That should cover the 10-minute phone call.

Skype fixes the DEP bug

That was fast,

Skype has released Skype 2.0.0.73 for Windows, which contains a fix for the bug I wrote about earlier.

If you use Skype, be sure to upgrade right away.

Nope, there’s no secret Windows backdoor

If you’re even remotely interested in Windows security, you’ve probably seen the sensationalist claims from Steve Gibson that the WMF vulnerability was actually a secret backdoor into Windows, deliberately placed there by Microsoft.

I’ve tried to steer clear of this claim so far, because the last thing I want to do is add to the hype over what is at best a highly suspect conspiracy theory. I thought the explanation and rebuttal from Stephen Toulouse of the Microsoft Security Response Center made good sense, but I also understand that some people are going to be justifiably skeptical of any official statement that comes out of Redmond.

But I’ve just run across Mark Russinovich’s detailed analysis of Gibson’s claim, and I feel confident that his conclusion is correct:

In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge.

Mark’s body of work and impressive library of utilities at Sysinternals proves that he knows more about the guts of Windows than just about anyone else on the planet, including lots of Microsoft lifers. He’s also the guy who broke the Sony rootkit story.

When Mark says there’s no conspiracy, that ends the discussion for me.

A visual view of unread feeds

Greg Reinacker of NewsGator has hacked together aprototype of a visually based aggreagtor view:

I’m a visual person, and a lot of the feeds I subscribe to have images in the posts. If I could see all of those images together, I could make some quick decisions about what I want to read now, vs. what I will read later. …

[I]f you have unread stuff, you’ll see a compilation of all of the images in your unread posts. If you click on one, that post will get marked as read in NG/Online, and you’ll get linked out to the post.

If you have a NewsGator account, follow the links to Greg’s post, where you’ll find out how you can use this prototype for a quick visual view of your unread feeds.

No NewsGator account? Here’s a sample of what Greg’s account looked like:

I wouldn’t want to use this all the time, but it sure does offer a different view of my feeds.

Would you use something like this?

Hello Vienna

You know that you’ve reached a lull between beta builds of Windows Vista when bloggers latch onto the code name of the next version of Windows.

According to a comment by Robert Scoble on this thread at the Channel 9 forums, the N+1 version of Windows is no longer code-named Blackcomb. Instead, it’s going to be called Vienna.

Although Scoble is normally a reliable source, in this case I have my doubts. Vienna was the code name of Live Communications Server 2005, which was announced nearly two years ago, as this press release attests:

Microsoft Corp. today announced the opening of the beta program for Microsoft® Office Live Communications Server 2005, previously code-named “Vienna.”

It’s not like Microsoft to reuse code names. So what’s the real story? And does anyone outside of a small circle of Windows uber-geeks really care?

Update: Mary Jo Foley confirmed the new code name with a Microsoft spokesperson, who said: “The codename for Blackcomb has changed to ‘Vienna’. This does not reflect a big change for us; we have used city code names in the past. These code names are derived from cities/locations in the world known for great ‘vistas’. The kinds of places we all want to see, experience and that capture the imagination. Vienna fits with this concept. There are no additional details to share about Vienna at this time.”

Visitor #600,000

Somewhere in Arnold, Missouri, a Charter Cable subscriber clicked on a link to this site from Memeorandum.com and became visitor #600,000.

Thanks!

Score one for the good guys

Congratulations to Eric L. Howes on his new position as Director of Malware Research at Sunbelt Software.

My favorite part? Eric has two degrees in English literature, proving that fancy engineering credentials aren’t essential to earn a reputation as one of the world’s undisputed authorities on spyware and other nasty stuff.

Good hire, Sunbelt!

600 thousand visitors to this site

Sometime in the next, oh, 12 hours or so, someone is going to be Visitor number 600,000 to this site since I started keeping track back in May 2004.

It hasn’t been a linear curve. In fact, at current traffic rates visitor number 1 million will show up in the next five or six months. And that doesn’t count the 1800+ people who regularly read this site in an RSS aggregator.

This world map (Flash required) offers a fascinating view of where folks are visiting from. I thought it was pretty cool to see a visitor from Mauritius.

More coverage of Office 12

Joe Wilcox of Microsoft Monitor has posted his first impressions of Office 12 Beta 1.

Unfortunately, because of the terms of the NDA I signed as an Office 12 beta tester, I place myself in serious danger of losing access to future builds of Office 12 if I do anything more than repeat what Joe wrote.

I’m growing increasingly frustrated with Microsoft’s stand on this issue. A dozen Microsoft bloggers are writing extensively about all the products in the Office family, and members of the press and analyst community are writing, apparently with no restrictions, on their experiences.

I’d love to tell you about my experiences with Office 12. But as a member of the beta test community, I can’t.

Scoble said he was going to talk to the Office group about this a month ago. The silence from Redmond is deafening.