The Transport Security Administration (TSA) and the US arm of bank HSBC have both failed to properly redact documents they published online. Blacked-out portions of a TSA document on screening techniques could be reversed by a simple cut-and-paste operation on supposedly sensitive portions of a PDF document. Security through …
Deficiency in the software
Lol. Good one.
"were offered a year's free credit monitoring as compensation"
But presumably they had to give their credit card details in advance and remember to cancel at the end of the first year?
"were offered a year's free credit monitoring"
Um, these people have just filed for bankruptcy...
It's like giving pedometers to people in wheelchairs.
"deficiency in the software..."
ITYM deficiency in the idiots who thought that they could simply put a black block over something and it was magically gone!
Comments about bad workmen blaming their tools come to mind.
The not-quite-as-redacted-as-we-intended bit of the TSA leak was a list of countries where the holders of such passports might be asked a few extra questions at check-in.
In case you (and the leaders of international terrorist groups) couldn't have guessed, the countries are:
Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria
Nice to see plucky little Cuba keeping top spot as the USA's most feared enemy.
Sad that Saudi Arabia didn't make the top ten, in spite of the 9/11 hijackers carrying Saudi passports - better luck next time guys ;-)
Tips on redaction
FYI - Adobe has a post at http://blogs.adobe.com/security with some recommendations on proper redaction techniques.
Security Solutions and Strategy
Adobe Systems Incorporated
TSA cockup detailed on the Beeb website
Read it...... It's in the public domain so in summary.... It goes beyond what the commenters here indicate and confirms to some degree that which El Reg readers have known for some time..... Exemptions to checking procedures for certain folks, reduced checking at peak times in order to increase throughput. Slackness and an indication that at the time the document was in effect, the TSA was more of a theatre group than about thorough security.
I don't think folk would mind minor inconvenience (and I mean, genuinely minor) if it was about honest improvement of safety, what we have here though, seems to have been more about politicians arse covering. My own view is that if it has to be done, it needs to be done properly and funded in such a way as to allow it to be done properly. Funding it to the level so that it takes 2 hours to get to the departure lounge and checks are cursory with the odd bit of arbitrary stupidity, driven by the frustration of minimum wage staff seems to me to be mis-spending of taxpayer funds and likely to give rise to artificial confidence in security systems that really aint as effective as they should be.
Maybe a couple of dollars on ticket prices could pay for better wages for the poor sods who administer the checks, properly useful equipment and the opening of more lanes through to the gate.....?
Anon because lack of humour and unwillingness to accept criticism on this issue is all to obvious.
As for HBOS - UK owned bank losing personal data is hardly news. It's practically a spectator sport for us denizens of Blighty, watching our government and our banks give away our personal data.
These redaction mistakes are completely avoidable!
These types of costly and damaging mistakes where sensitive information is accidentally released could easily be avoided by using redaction software designed precisely for eliminating sensitive information. ID Shield Redaction Software works in any environment, is easy to use, dependable and tested—our customers have securely redacted over one billion pages. Desktop and Server editions. www.extractsystems.com