Worldwide, more Hepatitis C patients have been treated with generic medication than the overpriced branded medication.

Over 90% of patients who have treatment will achieve SVR12 and the data has been presented at the International Liver Congress.

YOU CAN SAFELY ACCESS GENERIC MEDICATION VIA THE REDEMPTION TRIALS

Welcome, Guest
Username: Password: Remember me
Login With :

TOPIC: Security Breach Regarding Redacted PDF attachments

Security Breach Regarding Redacted PDF attachments 1 year 5 months ago #1062

  • emilio
  • emilio's Avatar
  • Offline
  • Moderator
  • In the field of opportunity its ploughing time
  • Posts: 371
  • Thank you received: 447
  • Karma: 6
Hi Everyone

I have been contacted by a senior member on our forum who had previously uploaded redacted PDF files, meaning that names and personal details where removed via the Acrobat tool. Our member was then advised through an acquaintance that their documents were searchable on google by entering in the members name. Meaning that anyone could type in the members name and those documents would come up un-redacted with our members name exposed. Sorry I hope I've explained that clear enough suffice to say that this is pretty concerning and I'm not sure what the purpose of this action is, maybe big pharma, I don't know?? Our member may wish to elaborate however I'm wanting to hear from the IT and security team is there anything we can do to ensure that this doesn't happen again. Until we have an answer I would suggest that any blanking out of names should be done via permanent marker before scanning and uploading. Em
Geno 1b F2/3 snce early 80s. Treated in 2008_9 for 63 weeks on INF/Riba. Commence Sof/Dac on 6 October 2015 and completed 18 weeks of tx. UND at 4-6 weeks, UND at EOT, SVR 2, SVR 6 and SVR 12 on 6 May 2016.
Last Edit: 1 year 5 months ago by emilio. Reason: added an omitted word
The administrator has disabled public write access.

Security Breach Regarding Redacted PDF attachments 1 year 5 months ago #1063

  • Chester
  • Chester's Avatar
  • Offline
  • Elite Member
  • Posts: 209
  • Thank you received: 260
  • Karma: 4
I think these links might explain what's happened. The ACT Government did the same thing a few years back.

blogs.adobe.com/security/2009/12/how_to_..._redact_pdf_fil.html
blogs.adobe.com/security/2010/04/are_you...ng_pdf_document.html
Huon Valley, Tasmania
Hep C+ since 1980s
Genotype 1b
F3/4
VL 480,000
Started Indian Sof and Riba, BMS Dac (comp access) 28 August 2015
UND at 4 weeks
Finished treatment 19 November 2015
12 February 2016 UND SVR12
The administrator has disabled public write access.

Security Breach Regarding Redacted PDF attachments 1 year 5 months ago #1064

  • Alsdad
  • Alsdad's Avatar
  • Offline
  • Moderator
  • Posts: 329
  • Thank you received: 297
  • Karma: 5
I found this:

hackaday.com/2008/08/01/exposing-poorly-redacted-pdfs/

It's difficult to know why this might have happened. The www is full of malicious hackers trawling sites and looking for opportunities simply because they can.

I think the important thing is that we should be ultra-careful with personal info on places such as this if we want to retain anonymity. Obviously, there has to be a balance, otherwise there would be a lot of useful info that we wouldn't share. Anyone with the will, a large budget and prepared to put in physical detective work can have a good chance to track down someone from snippets of general personal info that person has put online. But, as I said, that would take a major effort.

Just think twice about what info you are posting. I certainly will.

Btw, good advice from Em about making a copy of documents you want to upload, and physically obliterating personal info before uploading.
Last Edit: 1 year 5 months ago by Alsdad.
The administrator has disabled public write access.

Security Breach Regarding Redacted PDF attachments 1 year 5 months ago #1065

To redact a digital document you need to understand a few things:

1) Digital documents can consist of layers so although what you see looks like you scribbled over the top of something it could be that you scribbled on a new layer - as a result the old layer still exists intact, and although the visual representation might look like what's underneath is hidden, to a computer it is still their plain as day.

2) With all digital documents there is METADATA soft-xpansion.eu/files/cc/Metadata.pdf - so if you create a document on your device, chances are details about you were automatically added into this metadata and will still be there even if you made the entire content of the document blank. You can use this tool to read it:

www.extractmetadata.com/

For example if you download and check this document fixhepc.com/images/coa/NMR-spectra-of-sofosbuvir.pdf

You will see
Result

Mimetype   	application/pdf
Title   	Reports template
Author name   	National Measurement Institute
Created by software   	Microsoft® Word 2010
Produced by software   	Microsoft® Word 2010
Page count   	24
Format   	PDF 1.5
Creation date   	20150925095622+10'00'
Modification date   	20150925095622+10'00'
Mimetype   	application/pdf

If you check some of the other documents here: fixhepc.com/blog/item/16-testing-provisions-patient-safety.html

You will find for example this for the document: fixhepc.com/images/coa/NMI-NATA-Sofosbuvir-Certification.pdf
Result

Mimetype   	application/pdf
Title   	Analysis report template
Subject   	Steroid RMs analysed by GC-FID
Author name   	PSRM-NARL
Created by software   	Microsoft® Word 2010
Produced by software   	Microsoft® Word 2010
Page count   	3
Format   	PDF 1.5
Creation date   	20151007171208+11'00'
Modification date   	20151007171208+11'00'
Mimetype   	application/pdf

Which tells us that NMI used a Template and that it was probably a document called "Steroid RMs analysed by GC-FID".

3) Ever wonder how the "Undo" button works?

The undo button on (say) word works like this. For each change a "note" is added saying "user changed this".

The version you see represents the original + all the changes you have made since the last "Save As".

So if you send a Word document that has not had a "Save As" for a while the recipient will be able to use the back button to read previous versions.

"Save As" flattens the document - combining all the changes into one fresh document that has the "Undo" button disabled simply because all the changes got incorporated and the change notes were deleted.

Graphics programs that have layers have a function called "Flatten" then adds all the layers together to produce a single image, however Graphics Program, Word Doc, or PDF there will still be Metadata in there.

Please take steps to protect your privacy. Although there is nothing to be ashamed of for having contracted an infectious disease, if you don't want to have people find out your name make sure it's not there to be found.....
YMMV
Last Edit: 1 year 5 months ago by James-Freeman-facebook.
The administrator has disabled public write access.

Security Breach Regarding Redacted PDF attachments 1 year 5 months ago #1066

  • emilio
  • emilio's Avatar
  • Offline
  • Moderator
  • In the field of opportunity its ploughing time
  • Posts: 371
  • Thank you received: 447
  • Karma: 6
Thanks everyone for your explanations of how this happens. I have never redacted a document b4 and it makes sense that the process involves layering over graphics of which can be undone by removing that layer if you have some tool. Makes you wonder why someone would go to this trouble? Anyway just be careful using pdf redaction and as Alsdad and I have mentioned ;permanent marker, scan and upload and or/similar. Em
Geno 1b F2/3 snce early 80s. Treated in 2008_9 for 63 weeks on INF/Riba. Commence Sof/Dac on 6 October 2015 and completed 18 weeks of tx. UND at 4-6 weeks, UND at EOT, SVR 2, SVR 6 and SVR 12 on 6 May 2016.
The administrator has disabled public write access.
Time to create page: 0.172 seconds