Security problem in PowerPoint

[pam]

For corporate and government security reasons as well as for certain issues
of personal privacy, the file names associated with images must NOT appear in
the presentation, especially when converted to a PDF. However, PowerPoint
automatically inserts the image file name as alternate text. There is no way
to search for alternate text and there is no way to turn off this automatic
"feature." Users dealing with classified and sensitive information thus
unwittingly insert restricted information into PowerPoint files that migrate
with the file when it is converted to other formats. It also allows users to
covertly insert hidden text into presentations.

There really needs to be an option to not automatically generate alternate
text, and there needs to be a way to examine a presentation to find alternate
text. The "Document Inspector" feature should also be able to remove all
alternate text from a presentation.

----------------
This post is a suggestion for Microsoft, and Microsoft responds to the
suggestions with the most votes. To vote for this suggestion, click the "I
Agree" button in the message pane. If you do not see the button, follow this
link to open the suggestion in the Microsoft Web-based Newsreader and then
click "I Agree" in the message pane.

http://www.microsoft.com/office/com...5-2e97e10dbbb9&dg=microsoft.public.powerpoint

 

[John Wilson]

Hi Pam

We use a small in house AddIn that removes all AltText from 2007
presentations. Drop me a line you would like a copy to test.

 

[pam]

I accidentally ran into this as I was looking at a pdf version of a
presentation dealing with trusted operating systems given at a security
conference. The mouse-over revealed the location of which missile defense
center command room was being pictured. I was able to finally figure out
where the unwanted text was "hidden" and was able to remove it before the pdf
went out. But I'm sure that this is a widespread issue.

 

[pam]

I imagine so, and it's unfortunate that there seems to be no way to set the
options permanently. To some extent, though, it has to be the responsibility of
those *concerned* about security to train users to enable security.

Sadly, there is nothing I have seen that mentions that file names of images
are embedded in the presentation as readable text, nor is there any
indication that this is going on under the covers.

I suspect the defaults are there to meet the needs of most government and
academic institutions for accessibility, a far larger audience.

I can't help but wonder why the file name of an image is of much use for
accessibility. So many are just of the form img0002.png or some such useless
thing. And I'm a bit surprised that it is done silently and without an
option to tell it not to. Oh, well. I'm not an expert in the area of
accessibility, just security.

Just the same, this is obviously something MS should be aware of.
I've passed it along to a contact there.

Thanks for doing that!