Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Streamend, Stego, Patches

Posted by ryuzaki0 on from the secnarf dept.

The first Slashback of 2002 brings you updates on Ogg streaming (listen in while it lasts, and send feedback if you like it!), Qwest and your privacy, holes and patches for products from the MS-AOL-Time Warner Industrial Complex, and even more steganographic images failing to appear.

Getcher hot streams while they last ... jmoffitt writes: "In his post to the Vorbis list, Ciaran announced that the Ogg Vorbis BBC streams of Radio 1 and Radio 4 that we've enjoyed since early November would go offline as the test is ending. Everyone is encouraged to send their encouragement for these streams to continue to webweaver@bbc.co.uk. Also, as a special treat, the Radio 4 Ogg stream has been extended a week - just enough for all to catch the first episode of Lord of the Rings on Saturday at 1430 GMT."

Please mind the people interrupting your privacy. Matt Clauson writes: "Discussion list for the Qwest privacy issue and possible protest action has been set up -- send an email qwest-action-subscribe@dotorg.org to subscribe to it."

Plug, plug, plug ... timekillerj writes "Well it looks like AOL jumped right in and fixed that pesky hole. We can all go back to speculating how insecure it is now. An article on Yahoo has more info, including a short debate on w00w00 disclosing before getting a response from AOL."

Backstepping by any other name ... dagoalieman writes "It appears the FBI has decided that MS's patch is sufficient. According to CNN, they announced this earlier today in a rather quiet fashion. While MS may see it as good news, I think the fact that the hole is coming back to public attention just blackens the eye a little more for them. It will be interesting to see future ramifications of the government getting involved in these issues, too..." It can't look good when your company's software is called into question by some of your largest customers.

Nope, still don't see any. Niels Provos writes: "I just updated http://www.citi.umich.edu/u/provos/stego/usenet.php to reflect the final results from our search of hidden messages in USENET images. We did not find a single hidden message.

I also released a new version of stegdetect.

The disconcert cluster that we used for the dictionary attack contained more than two-hundred workstations, mostly from CAEN (that is the computer aided engineering network at UMich). The peak performance is comparable to 72 1200 MHz Pentium III machines :-) ...

Below my mail to the cryptography mailing list.

------- Forwarded Message
From: Niels Provos <provos@citi.umich.edu>
To: cryptography@wasabisystems.com
Subject: Stegdetect 0.4 released and results from USENET search available
Date: Fri, 21 Dec 2001 12:16:14 -0500
Sender: provos@citi.umich.edu

I just released Stegdetect 0.4. It contains the following changes:

- Improved detection accuracy for JSteg and JPhide.
- JPEG Header Analysis reduces false positives.
- JPEG Header Analysis provides rudimentary detection of F5.
- Stegbreak uses the file magic utility to improve dictionary
attack against OutGuess 0.13b.

You can download the UNIX source code or windows binary from

http://www.outguess.org/download.php

- -----

The results from analyzing one million images from the Internet Archive's USENET archive are available at http://www.citi.umich.edu/u/provos/stego/usenet.php.

[...]

After scanning two million images from eBay without finding any hidden messages, we extended the scope of our analysis.

This page provides details about the analysis of one million images from the Internet Archive's USENET archive.

Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS. However, we have not found a single hidden message. [...]
Comments and feedback are welcome. We have an FAQ at http://www.citi.umich.edu/u/provos/stego/faq.html"
Thanks for the update, Niels!

3 of 150 comments (clear)

  1. Pot/Kettle? by DavidJA · · Score: 0, Flamebait

    "Well it looks like AOL jumped right in and fixed that pesky hole. We can all go back to speculating how insecure it is now

    Michael seems to think that anything that is not open source has to be insecure.

  2. The Biggest Security Hole by Renraku · · Score: 1, Flamebait

    The Biggest Security Hole is stupid users. Since AIM is mostly comprised of AOL users (henceforth known as lamers), we can also assume that the service is quite insecure. However, the lamers don't really care, as they don't realize just how easy a bug would be to exploit (people make scripts, scripts give rise to script kiddies). So...AIM is bad.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  3. Re:So that's who that fiery bastard was. by QuasEye · · Score: 0, Flamebait

    This reminds of a problem we had at work. A guy I know had a slight configuration problem where every file he created started out with execute permissions. Occasionally he would go to edit a .c file and forget the editor command (aliased to "n", so it only took missing one keystroke.)

    Even though these were just ASCII text files, they'd actually execute, filling his terminal with garbage and making it beep continuously. What's worse, they'd start spawning child processes, and if you killed one, three more would pop up. Eventually the machine would get so bogged down that no one on it could save their work. The only way to fix it was to reboot the machine, necessitating a call to the IT department.

    This was on HPUX on an HP-RISC machine - I'd never have believed it if I hadn't seen it.

    --

    woxy.com - Bam! The Future of Rock and Roll