On Sun, Jun 26, 2011 at 9:44 AM, Nadav Har'El <n...@math.technion.ac.il> wrote: > A trivial (though > perhaps suboptimal) way to do this is for that machine to export the document > to PDF; Presumably this conversion will lose all invisible information,
I suppose a sophisticated attacker may, in principle, devise a way to create a, say, Word file that will preserve hidden data even when converted into PDF or another format. I don't know how, but things like font metadata, white-on-white text, whatever, come to mind as possibilities. > and > if you assume your human verifier can verify the visible information somehow > (it isn't clear how...), you're safe. Not really as extra information may be hidden in the (plain) text itself. It's a tough problem. It is a lot more difficult than AV since you want to prevent essentially arbitrary data from leaking, not just data that may damage another machine. In fact, I would not be surprised that resisting a theoretical attacker may be a hopeless proposition in practice. If you know what I mean. -- Oleg Goldshmidt | o...@goldshmidt.org _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
