Slashdot Mirror
Slashback: Streamend, Stego, Patches
Getcher hot streams while they last ... jmoffitt writes: "In his post to the Vorbis list, Ciaran announced that the Ogg Vorbis BBC streams of Radio 1 and Radio 4 that we've enjoyed since early November would go offline as the test is ending. Everyone is encouraged to send their encouragement for these streams to continue to webweaver@bbc.co.uk. Also, as a special treat, the Radio 4 Ogg stream has been extended a week - just enough for all to catch the first episode of Lord of the Rings on Saturday at 1430 GMT."
Please mind the people interrupting your privacy. Matt Clauson writes: "Discussion list for the Qwest privacy issue and possible protest action has been set up -- send an email qwest-action-subscribe@dotorg.org to subscribe to it."
Plug, plug, plug ... timekillerj writes "Well it looks like AOL jumped right in and fixed that pesky hole. We can all go back to speculating how insecure it is now. An article on Yahoo has more info, including a short debate on w00w00 disclosing before getting a response from AOL."
Backstepping by any other name ... dagoalieman writes "It appears the FBI has decided that MS's patch is sufficient. According to CNN, they announced this earlier today in a rather quiet fashion. While MS may see it as good news, I think the fact that the hole is coming back to public attention just blackens the eye a little more for them. It will be interesting to see future ramifications of the government getting involved in these issues, too..." It can't look good when your company's software is called into question by some of your largest customers.
Nope, still don't see any. Niels Provos writes: "I just updated http://www.citi.umich.edu/u/provos/stego/usenet.php to reflect the final results from our search of hidden messages in USENET images. We did not find a single hidden message.
I also released a new version of stegdetect.
The disconcert cluster that we used for the dictionary attack contained more than two-hundred workstations, mostly from CAEN (that is the computer aided engineering network at UMich). The peak performance is comparable to 72 1200 MHz Pentium III machines :-) ...
Below my mail to the cryptography mailing list.
------- Forwarded MessageThanks for the update, Niels!
From: Niels Provos <provos@citi.umich.edu>
To: cryptography@wasabisystems.com
Subject: Stegdetect 0.4 released and results from USENET search available
Date: Fri, 21 Dec 2001 12:16:14 -0500
Sender: provos@citi.umich.eduI just released Stegdetect 0.4. It contains the following changes:
- Improved detection accuracy for JSteg and JPhide.
- JPEG Header Analysis reduces false positives.
- JPEG Header Analysis provides rudimentary detection of F5.
- Stegbreak uses the file magic utility to improve dictionary
attack against OutGuess 0.13b.You can download the UNIX source code or windows binary from
http://www.outguess.org/download.php
- -----
The results from analyzing one million images from the Internet Archive's USENET archive are available at http://www.citi.umich.edu/u/provos/stego/usenet.php.
[...]
After scanning two million images from eBay without finding any hidden messages, we extended the scope of our analysis.
This page provides details about the analysis of one million images from the Internet Archive's USENET archive.
Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS. However, we have not found a single hidden message. [...]Comments and feedback are welcome. We have an FAQ at http://www.citi.umich.edu/u/provos/stego/faq.html"
In plain English, does this mean that the whole 'warning' by the FBI was FUD, plain and simple?
Kind of surprised no one uploaded a bunch of steg'd images just for laughs.. encrypted messages like "No, this isn't from a terrorist", "Windows/Bill Gates/Microsoft Blows", "steg _this_, buddy"... or "First Post!"
Skivvy Niner? Email me!
HEY! Look left just ONE MORE TIME!
The streaming test made by the BBC is definitely a good thing. It brings credibility to open source projects. Ogg Vorbis is really an amazing format, but nobody uses it because of the lack of advertisement.
Succesful experiences like the BBC one can change this.
{{.sig}}
OK w00w00 sends an Email to AOL, get's no response, and then publishes. to this, AOL said,
``We'd encourage any software programmer that discovers a vulnerability to bring it to our attention prior to releasing it,'' Weinstein said.
Sorry if your organiuzation is too big to react that quickly...
Open Source Identity Management: FreeIPA.org
What if the messages are not in english or god forbid use a non arabic script?
The disconcert cluster that we used for the dictionary attack contained more than two-hundred workstations, mostly from CAEN (that is the computer aided engineering network at UMich). The peak
Ok, i give up -- where did you steganographically hide the rest of that sentence?
--
Mod up a post Rob doesn't like and you'll never mod again
If someone wanted to hide a message in images on newsgroups, they wouldn't put a plaintext msg that any newb running a dictionary based attack could find, unless they wanted it to be found. It would be trivial to add one more step of xor'ing the msg with a random key first, then putting the key in a second image, or evern better sending it through another conduit. I know if I was going to use something as lame as stenography to send an important msg, I would go to the trouble of not sending plaintext.
...doesn't mean it's not there, does it? How confident are the makers of stegdetect that no steganographic images would slip past their program? Does their program simply work for all known steg. algorithms, or would it detect some or all kinds of new algorithms?
Also, if I was going to try to send a message via steganography, I wouldn't be doing it with images on Usenet. I'd make some useless personal homepage (god knows there are enough of those already, and nobody visits them), and put my steg. image on there. Or, I would use a more primitive kind of steganography--code words embedded in seemingly innocent messages. There's a hell of a lot more spam on usenet than images, so it would be better concealed that way.
Here's the deal with AOL... since everything runs through centralized servers, they've been able to apply filters to catch erroneous message packets.
Big deal!!
Their "fix" is roughly equivalent to using duct tape as a contraceptive. Its just not right.
They havn't changed the fact that there is a buffer overflow in the IM client. This means that AIM users (using the official client) are still vulnerable. AOL has simply made it a bit more obscure, and we all know that security through obscurity is not secure at all.
Skiers and Riders -- http://www.snowjournal.com
Well perhaps some people use stego and might actually have used strong passwords that could not be guessed by a dictionary attack. If I were communicating secretly using the internet, I would first encrypt the message with pgp, then place the encrypted text into a large jpeg WITH a strong password, and post to a half dozen groups. How would any kind of attack (well any reasonable attack) be able to detect my message? Even if the dictionary attack worked, how would you know the result was the real message, since it would appear to be random garbage, just like all the incorrectly passworded dumps? Just doesn't seem like this is something you can do, its taking distributed.net several years to crack ONE message. How would you go about finding a needle in a haystack, and THEN decoding it? We are talking tens of millions of images. What is the point of this? I'm sure people use stego, for whatever reason, why wouldn't they? Some hacker group, or warez group, or terrorists or whatever, somewhere, at some time, posted stego'd images to usenet.
Does anyone know a faster way to contact the major software vendors about a severe security issue BESIDES letting them read about it on the front page of their favorite news portal?
(Note, I only said faster, not better)-- Dan
I remember from last winter term some guy had a background process running on every single workstation in the CAEN labs. If you killed it (users logged in at the console can kill large/cpu hungry apps with a special script) it would just come back. It used lots of CPU cycles. It made it hard to get work done. It pissed us all off, and was made worse by his dismissive responses to requests to cut it out.
Basically, we all wanted to kick his ass, and now we know who he is. Unless I'm wrong... but I'll ignore that possibility, because it'd get in the way of a good wupin'.
The enemies of Democracy are
Dear Friend , Especially for you - this red-hot intelligence . If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list . This mail is being sent in compliance with Senate bill 1622 ; Title 1 ; Section 307 ! This is not a get rich scheme ! Why work for somebody else when you can become rich within 60 days ! Have you ever noticed society seems to be moving faster and faster and nobody is getting any younger ! Well, now is your chance to capitalize on this ! WE will help YOU deliver goods right to the customer's doorstep and decrease perceived waiting time by 160% ! You can begin at absolutely no cost to you ! But don't believe us ! Mr Simpson of Connecticut tried us and says "My only problem now is where to park all my cars" . We are a BBB member in good standing . We beseech you - act now ! Sign up a friend and you'll get a discount of 60% ! Thank-you for your serious consideration of our offer ! Dear Professional , Thank-you for your interest in our letter ! If you no longer wish to receive our publications simply reply with a Subject: of "REMOVE" and you will immediately be removed from our mailing list ! This mail is being sent in compliance with Senate bill 1620 ; Title 9 ; Section 306 . This is different than anything else you've seen ! Why work for somebody else when you can become rich in 37 days ! Have you ever noticed the baby boomers are more demanding than their parents & society seems to be moving faster and faster . Well, now is your chance to capitalize on this . WE will help YOU increase customer response by 170% and deliver goods right to the customer's doorstep . The best thing about our system is that it is absolutely risk free for you . But don't believe us ! Mr Ames who resides in Delaware tried us and says "I was skeptical but it worked for me" ! This offer is 100% legal ! We implore you - act now . Sign up a friend and your friend will be rich too . Thanks !
I suspect there are several reasons why they haven't found any Stegonography in Usenet pictures:
- Very few people find it necessary to hide information in Usenet.
- Of those who might find it necessary, few actually have heard of Steganography and know how to use it.
- Those who know enough about Stego have encypted their messages first; you won't find these with dictionary attacks - the method the article suggests they used on "suspicious" images.
It is impossible to differentiate between random numbers (noise) and strong encryption. Are there not places within certain images where low order bits have noise that is completely random and thus a perfect hiding place for encrypted messages?This Article seems to suggest that it isn't possible to hide info in gifs such that it is undetectable and that more research should be done on JPEGs. Anyone know the state of the art on this?
Really, even with a Beowulf cluster, processing that many images so soon makes it seem like they gave it only a cursory examination.
Friends don't let friends use multiple inheritance.
This was likely just a reason for the group to download and view millions upon millions of pr0n pics. Then again I was always knew pictures like that carried hidden messages :)
..."There must be a hidden message, let's just stare at it a little longer"...
-Wrexsoul
--- Need web hosting?
My previous comment states:
Well Charter Cable customers now have the wonderous Tioga spyware installed on their systems. It's been posted to slashdot a few times and been rejected. Members from the MadLug (Madison, WI). Have noted that the new service listens on a specific port to monitor and "Assist".
The county board is also investigating this. The software is supposed to be a VNC-Type program that helps Service Reps service computers. Basically I see this as a way for them to not only monitor, but have their way with your system. Along with this software also comes a real annoying Internet Explorer with Charter MSN crap everywhere, diabling network shares, and reformating TCP/IP to their network. Basically everything you can do yourself, but they won't tell you because they want you to install their software.
The whole thing stinks and the company is hiding behind lawyers and PR reps to try and get the whole situation worked out. Basically they released a new service, and the MadLUG guys were on them in 2 days when they noticed weird activity.
Moral of the story ... don't screw with geeks ... we'll find you ... we know who you are :-)
Which is still the case and is still "required" to use their service or receive any help from their helpdesk.
I still think this stinks and is definantelly not neccessary for the service to be availalbe. I have taken screen captures of Linux, BSD, QNX, BeOS, Win95/98/NT/ME/2K/XP all running the software (even though they say it only runs on 98/2K/and XP). And I know from witnessed experience that it works on Mac OS 9&X ... basically any OS that can do TCP/IP and has DHCP support.
So not only is this software not neccessary but it seems to be some sort of ploy to promote WinBlows and crap on other OS's not just linux.
Ignore the "p2p is theft" trolls, they're just uninformed
I read the linked message in the original post and saw the phone number to call. After waiting for their normal office hours, I called and talked to a human. I asked that they not rent or sell my personal information or calling patterns internally or with their marketing partners.
The response was that the agent had removed my authorization to share that information among the different parts of qwest. This was not specifically what I asked for. So I called that to his attention and he said he would do that. On questioning about why it had not happened when I first asked for it, he said that you had to specifically ask for it.
Note that in the end, he just said he would take care of it.
I am crankish about snail spam and make it point to do my best about getting off mailing lists and I have learned there a number of sleazy companies out there. For instance, you have to not only get off a mailing list, but specify that your name not be rented or sold. Most people I think would not have caught the qwest deceit.
A good source of information on what to do about snail spam is junkbusters
fhuweioqrywrhlfasdofuoeqr
jghgjklsdnmvxhjsohfweffhi
ueruioywerueyoryprqypwpwe
dieamericaninfidelsiwillb
ebackforthewhitehousesign
edosamabinladenjoiwejrorj
uytutuiyroiyquirywroqyiwr
rjweoirjeroewiroijwjrvvds
ewqbejrkqhrhuewqhrquirqow
uireqryupqtrghjgfhgfhjafa
keqjrbjrbuiewhruqiwurihuf
This ascii art is a conversion of a picture of the rubble at the world trade center, can anyone find the hidden message?
This comment does not represent the views or opinions of the user.
grc.com has some more info on how the FBI messed up ... again.
Note to moderators: the following has to do with Windows XP (SatanOS 5.1), so don't let that influence your moderation.
PLEASE NOTE: There is a great deal of confusion being caused by Microsoft's non-obvious naming of the two UPnP services. This situation is exacerbated by the FBI's NIPC web site, which has unfortunately posted wrong information over the holidays. People are led to believe that disabling the service named "Universal Plug and Play Device Host" disables the UPnP system. But it does not. That service is not even running by default. The correct action is to STOP then DISABLE the service named "SSDP Discovery Service".
You can demonstrate this for yourself by issuing the command "netstat -an" at a command prompt. While the SSDP Discovery service is running, Netstat will show that TCP port 5000 is in the listening state and UDP port 1900 is accepting inbound datagrams. After the SSDP Discovery Service has been stopped those Netstat lines will disappear.
I tried decrypting the "die american infidels" text through the extremely strong ROT13 cipher, but all I got was this junk:
suhjrvbdeljeuysnfqbshbrde
wtutwxyfqazikuwfbusjrssuv
hrehvbljrehrlbelcedlcjcjr
qvrnzrevpnavasvqryfvjvyyo
ronpxsbegurjuvgrubhfrfvta
rqbfnznovaynqrawbvjrwebew
hlghghvlebvldhveljebdlvje
ewjrbvewrebrjvebvwjweiiqf
rjdorwexdueuhrjduedhvedbj
hverdelhcdgetuwtsutsuwnsn
xrdweoweohvrjuehdvjhevuhs
What version of MPACK do I have to use to see the naked Lewinsky JPEG?
Oh, go on, check out my job.
I need to post some stego'd pics just so these guys can find some stuff.
Bleh!
According to many links in an earlier /. story, color Xerox copy machines currently embed a serial number in every copy they make. So has anybody tried making a color copy of something, scanning it, and using stegdetect on the result?
I play Nerd-Folk!
If the purpose of steganography is to conceal the very existence of a message; and, a tool (stegdetect) exists which attempts to spot concealed messages; then it seems to me that if you are trying to conceal a message into a picture on usenet and on the web that you would at least run all your images through stegdetect to be sure that it cannot detect the concealed message.
Could this be why no stego messages are being detected?
I'll see your senator, and I'll raise you two judges.
I think that only true of their ancient, private dialup network (which is still what most people use). However, a lot of AOL customers are now using their own cable/dsl ISP, so their AIM client would be running on a public, non-filtered IP.
Let me tell you how AIM, IRC, Jabber, and other popular real-time messaging systems work. Alice and Bob each send name, password, and client binary hash to server. Server responds with buddy list, including presence information. Alice wants to send message to Bob. Alice sends packets to server, which processes those packets and forwards them to Bob. Now, if Alice wants to send a packet containing a sploit, the server can clean up the packet before Bob gets it.
Will I retire or break 10K?
This is a two level challenge. I have steganographically hidden data in two pictures on E-bay. The first level picture contains 32 bytes of steganographicly embedded data. The second level picture contains 256 bytes of steganographicly embedded data.
The first person to locate the first level data will receive a public congratulations on the official challenge web site. The first person to locate and correctly identify the second level data will receive ONE MILLION DOLLARS!
The 32 bytes of the first level challenge consists of a string of zeros.
The 256 bytes of the second level challenge consists of white noise.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
In an effort to make a "first post" that would be found by stegdetect i failed so far:.
Making a small image that contains "first post" with jhsteg stegdetct fails to find it.
If i make a big picture jpsteg warns it fails to insert to complete file.
By simply resizing the picture(paint shop pro) it should hide in stegdetect says:(skipped)this is likely a false positive. just because the origin is blocky.
Blurring the orginal picture solves this problem and after 3 more ties i find a ratio the jpsteg program still allows to insert and at the same time makes stegdetect bark.
Now to insert it in usenet: sh*t no usenet access from this location, and a fail to find a free service to insert a picture. Ebay needs a credit card, so no luck inserting it in ebay.
well maybe later......