Friday 27 July 2007

Too much exposure in images - more on EXIF

Following the Harry Potter story, EXIF stores even more personal information than I first thought in images – as you’d expect Wikipedia has all the details. The camera serial number is the obvious personal information you might want to remove, but date and time are stored which could be tricky. And cameras with GPS capability can store the location the photo was taken as well. Scary!

One of the least obvious but perhaps potentially most embarrassing aspects, though, is that if you edit a photo, the EXIF data may still contain a thumbnail of the original photo. Can you guess where this is leading? Yes, a certain Cat Schwartz (who’s apparently a minor celebrity in some circles) posted cropped photos of herself on her blog, and the EXIF data contained thumbnails of the original, uncropped photos that showed her posing topless. Full story here (but the links to Schwartz’s blog and the photos are now dead).

Tuesday 24 July 2007

Harry Potter and the hidden metadata

Wouldn’t that be a great book title?

Sadly not yet written, but there’s an interesting story doing the round about how metadata could catch the culprit who leaked ‘Harry Potter and the Deathly Hallows’ on the internet.

The leaked copy was actually painstakingly-taken images of each page of the book, and the hidden EXIF metadata in the images contains the camera’s serial number. It’s a Canon Rebel 350D, apparently, and the company is trying to find out if the camera was registered and therefore they can use the serial number to track down the errant photographer.

It certainly puts me off registering the products I buy.

Thursday 19 July 2007

UK threatens prison for information misuse

Is it just me, or does it feel like some companies don’t take data security seriously? Well, the UK government is threatening to get tough – in a damning report the Ministry of Justice (love that new name) has said prison sentences could be handed down to anyone deliberately misusing personal data. And they’re not happy with accidental breaches either.

The Information Commissioner, Richard Thomas, told the BBC, “Frankly these [security breaches] are inexcusable. None of this is really rocket science - security is fundamental.” Couldn’t agree more. He also said, “The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

The press release on the report is here, which includes a link to the full report.

Wednesday 11 July 2007

When does open mean shut - follow on

It is all covered in this BBC news article from today.

Monday 9 July 2007

When does open mean shut?

Interesting story on the BBC on Tuesday about Microsoft working with the UK National Archives to ensure documents can be read in the future. I’ve posted on this problem before, but Microsoft’s move to promote its Open XML file format is really getting some attention.

From the BBC story, it seems that Microsoft is admirably helping out the National Archives with virtualisation technology to help it read old documents. Microsoft is then hoping to use the halo of this good deed to persuade everyone that it’s got our best interests at heart by pushing its own Open XML “standard” as a rival to the Open Document Format (ODF). I’m less than convinced, as are many others. What do you think?

Friday 6 July 2007

The psychology of security

I missed posting a link to this when it came out, but Infosecurity Today has got a great interview with Bruce Schneier of BT Counterpane in its May/June issue and on its site. They also link through to a longer essay on this topic that Schneier has posted on his website here.

It’s pretty much essential reading. He also talks about the insider risk that I’ve previously mentioned, and says “I think companies underestimate the severity of insider threat”, as well as proposing why.