Date: prev next · Thread: first prev next last
2016 Archives by date, by thread · List index


I know developers love to add bells and whistles, and aiui when you "save as pdf" from LO it can now embed the original document in the pdf to make it easy to get the document back into editable form, but the attached email below makes me think "is this wise?".

As I've learnt from Groklaw, the amount of information leaked in documents because people did not know how to properly redact documents, makes me think that embedding an editable version in a pdf is not (certainly as a default) a wise thing to do.

I will add, I've never actually used the feature so I don't know what the defaults are, but if LO is like most other projects, it just hasn't crossed anybody's mind to think about it ... (having just looked at "export with pdf" I can't see any mention of including the document, so either LO doesn't which is fine, or it does and doesn't give the user the option, which imho is extremely dangerous ...)

Actually, I don't know how we'd do it, but this implies there could be a killer feature in here - a setting that warns about hidden data and possible security leaks. Probably not best enabled by default, but a nag feature that could be switched on to warn about hidden fields etc.

Cheers,
Wol

Date: Wed, 1 Jun 2016 12:09:59 +0100
From: "Patrick O'Beirne"<pob@sysmod.com>
Subject: An expensive Pivot Table

Recently discussed on the Eusprig (European Spreadsheet Risk Interest Group)
mail list:

A hospital trust in Blackpool (pop. 145,000) in the UK was fined 185,000 GBP
for leaking sensitive information via an Excel Pivotable.

https://ico.org.uk/media/action-weve-taken/mpns/1624118/blackpool-nhs-trust-monetary-penalty-notice.pdf

It is a problem of the sorcerer's apprentice - knowing enough to be
dangerous.  To paraphrase Barry Boehm, "[EUC gives] many who have little
training or expertise in how to avoid or detect high-risk defects tremendous
power to create high-risk defects. "

The key point is "The Trust knew or ought to have envisaged those risks and
it did not take reasonable steps to prevent the contravention."  So: if they
OUGHT to have known, by what means were they expected to envisage those
risks? What guidance is available that describes that issue? Is it part of
any accredited training materials? The answer I think is here:

"It is worth noting that the Commissioner' s office issued two monetary
penalty notices on 30 July 2012 (Torbay NHS Trust) and 20 August 2013
(Islington Council) which raised awareness about the issue of data that
could be hidden in pivot tables. The Commissioner's office also
published a blog on 28 June 2013 entitled The Risk of Revealing Too Much.

https://iconewsblog.wordpress.com/2013/06/28/ico-blog-the-risk-of-revealing-too-much/
This shows the pivot table feature in question.
Just to explain, if the pivotcache is present then even if the original data
sheet is deleted, the data can be recreated by a simple double-click on a
pivotable cell.

They reference:
https://iconewsblog.wordpress.com/2015/11/13/the-dangers-of-hidden-data/
https://www.mysociety.org/2013/06/13/whatdotheyknow-team-urge-caution-when-using-excel-to-depersonalise-data/

Read the "Five Key Messages" at the end.

This is of course just one such example. The hidden rows in the Barclay's
bid for Lehman assets, or the summary chart in a paper on hospital
treatments which had the entire Excel spreadsheet embedded in it, are more.

Patrick O'Beirne, Systems Modelinghttp://www.sysmod.com
http://ie.linkedin.com/in/patrickobeirne



Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.