2009-02-23

Kincaid, Jason. The AP Reveals Details of Facebook/ConnectU Settlement With Greatest Hack Ever. TechCrunch. Feb. 11, 2009.

For the past four years I have been talking at various conferences about this method of ‘unredacting’ improperly-redacted PDF documents by simply copying them and pasting into a new document.

Facebook/ConnectU just got stung, and this technique is getting a lot of publicity as a result.

It will only be a matter of time before someone takes the time to start searching other publicly-posted “redacted” documents to see which ones are similarly improperly redacted. When I first started talking about this method, I ran some tests against documents I found on websites of companies that are household names … I was shocked to see how many of them used this method of redacting.

What it boils down to is you can either:

  • 1. Cover the data you want to redact with a black square or set of squares (which leaves you open to the copy/paste technique)
  • 2. Replace the data you want to redact with black squares or [REDACTED] placeholder text

Obviously companies should be using the 2nd method.

Ignorance is no excuse.