Domain: guillermito2.net
Stories and comments across the archive that link to guillermito2.net.
Comments · 14
-
More Frog Shite
-
Re:Debunked
Well, you specified "binary" in your post, so I started with
/bin/echo, but that was too big, but the only good smaller files I could find were text, so I decided to just use your post as it was rather apropos. (And then I zipped it for the "binary" part.)
Re OutGuess: It was actually the sixth steganography program I tried, and the only one I got working. I started by Googling "jpeg steganography" (I'm not familiar with any other way of embedding data in am image), which led me here, but all of the programs mentioned there were either gone or didn't compile, so I moved down in the results to OutGuess, which did work. (However, the command syntax is rather cryptic (ha): you use outguess -d DATA.BIN IN.JPG [OUT.JPG].)
Don't go gettin' yourself on no watchlists, now. ;) -
Re:Embedded Codes
One small beef though: Most steganography/watermarking I've seen focuses on the artist using the software to add a hidden mark in the image, and then verifying that the hidden mark also exists in an alleged rip-off.
It says nothing about entity doing metadata cataloguing automatically extracting the marks and putting the decoded marks in an easy-to-query database. You know, making the data searchable. Even if that's data that is supposed to be hidden, you know, to ward against this "watermark tampering" thing that's listed in Image Plagiarism for Dummies, page 3.
Now, what makes you think that steganography/watermarking vendors would willingly share the methods they use to hide the marks?
Further, the history has shown that both steganography and watermarking markets are full of products that are utter and pure snake oil. Telling apart the real thing and snake oil is sometimes difficult in computer security in general, and on this field in particular. The products that are being used might not lend themselves to be accurate detection to begin with...
-
Debunking steganography
In fact people like Guillermito has regularly showed that a lot point'n'click stegano softs are just completely useless. They either don't work at all (fail to transport data) or store the data in nearly not hidden at all way (payload stored as-is past the end of the file, or zero-padded and used for the least significant bit of the file without any encryption).
Specially if the marketing blurb mentions "military grade" (translation : triple AES is used to store the password. The reader software inputs a password from the user and if it matches the hash... the soft proceeds extracting the otherwise clear, non crypted and un-obfuscated payload).
So while it *is* possible to design actually working steganography, if a would-be pedo-terrorist-criminal tries to google for stenographic software, he'll most likely land on useless software. -
Copy-paste Linus' law
Call me stuborn, but I stick to Eric S. Raymond's philosophy :
"With enough eyes, all bugs are shallow".
If after years of public scrutinity, a very large community of cryptographer consider a given crypto-algo of not being flawed, chances are, that it'll be less flawed than something you secretly put together in hast in some dark and secret bunker.
Concerning the mention of "military-grade" :
I mentioned it because most of the time (as proved, for exemple by guillermito), when a program advertise itself as "military-grade" and "unbreakable", you're sure to end-up with something deeply broken like clear-text passwords or rot13 cypher. -
No details
You may notice the article has no details.
I did a Google News Search and found this one which is much better.
Also, the guys own website.
Hope this helps. -
Well...
The condemned seems to think differently.
-
Re:What is wrong with software patents
Well he did spent time in jail, pehaps he is no longer in jail, but I didn't lie. Check this and this out. You're right he's out of jail now, but he still in justice for a fine that accounts for many and many year of his income.
My keep my point, this guy is in deep trouble, has spent time in jail (31st cell in the Palais de Justice in Paris), for doing a good to the general public.
If in the end he will be considered inocent, let's all hope that, this is other thing, it is a win for the people, in this war against greed corporations. -
Re:What is wrong with software patentsDMCA and other laws that protect the "intelectual property" is already harming this. In France, Guillaume Tena, is in jail for the simple reason that he validate a piece of saoftware and found ou that it has bugs. The bad thing is that this not even involve patents, it is copywrite and anti-reverse-engenieer laws.
You know what's harmful too? Exaggerating to the point of lies to try to make your point. It only serves to discredit your cause. I don't like that, because I think it's an important cause.
As ZDNet reports. That case is in progress and due to be ruled on March 8. He is not in jail.
(Judging from his web page, he's currently in Boston. Which isn't quite as bad as that.)
Besides that, it is not even likely he will end up in jail. European law, under EU directive 91/250/EEC, (implemented in law in all EU member states) article 5, paragraph 1:
In the absence of specific contractual provisions, the acts referred to in Article 4 (a) and (b) [Note: Using and altering the program] shall not require authorization by the rightholder where they are necessary for the use of the computer program by the lawful acquirer in accordance with its intended purpose, including for error correction.
It's explicitly permitted under european law to reverse-engineer code to find bugs. This also means that an EULA cannot void this right either. -
Re:Tin Foil Hat Time...Relax dude, there's already the ultimate encryption scheme out there and it doesn't have anything to do with quantum mechanics. It's called steganography, and it works. Expect it to become more popular in the coming years as creating, processing, transmitting and storing huge quantities of data becomes easier and easier.
Steganography is the process of hiding (possibly encrypted) data in the low-order areas of other files, often multimedia files like pictures and music. This information is (often readily) detectable, and once detected is no more secure than any other information. In other words, right now most people would use PGP or the equivalent to encrypt the information they're hiding steganographically - which could be broken by quantum computers.
For more information, check out this, or for the more technically inclined read the steganography and steganalysis section here. Good stuff.
In order to do anything practical, all the qubits in a quantum computer must be entangled - which is apparently the hard part. So, in order to break information encoded with a 2048 bit key, 2048 entangled qubits will have to be available. Anyone have any insight as to when that might happen? Is there anything intrinsically harder about entangling more qubits, or is the leap from say eight to 2048 straightforward?
Quantum computers will, if they work as advertised, break all RSA type public key encryption. Does anyone know if ECC is also vulnerable?
OK, that's enough questions for now...
;-) TIA for any answers. -
Re:Steganography...
Hmmm, I recall reading another Slashdot article about a guy who, among other things, shows how to defeat several popular steganography packages. I'm certainly no expert. I just wonder how useful steganography can ultimately be. There just doesn't seem to be enough entropy in English (or any other language) text to serve as a useful medium for hiding stuff.
-
Re:Even though I am not a lawyer,
I couldn't agree less. As Guillermito says himself:
It's so easy to impress judges with heavily connoted words like "virus", "pirate", "terrorist", "hacker", and it's so difficult on the other hand to explain the scientific method and the deep curiosity that makes us analyze how software works and find their flaws... Words, knowledge, and information: the defense I prefer.
The courts could swallow this guy up: force a settlement and a non-disclosure on him and we'd never anything more about it. And this crucial issue -- that it's allegedly illegal to demonstrate security flaws -- would fail to achieve public recognition. Companies would continue to market security products that aren't actually secure, and their customers (including government departments!) would remain at risk.
-
Does this guy exist?According to the guy's web page he is a "researcher in molecular biology in
... the department of genetics of Harvard University". Yet his stated name, "guillermito", doesn't show up in a google search of harvard.edu. So I telephoned the Genetics department (617 432 7666) and they don't know of him.Could this all just be made up?
-
Re:Harvard? I think not.
Here, read it in french (his native language) and see if it flows better.