Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Streamend, Stego, Patches

Posted by ryuzaki0 on from the secnarf dept.

The first Slashback of 2002 brings you updates on Ogg streaming (listen in while it lasts, and send feedback if you like it!), Qwest and your privacy, holes and patches for products from the MS-AOL-Time Warner Industrial Complex, and even more steganographic images failing to appear.

Getcher hot streams while they last ... jmoffitt writes: "In his post to the Vorbis list, Ciaran announced that the Ogg Vorbis BBC streams of Radio 1 and Radio 4 that we've enjoyed since early November would go offline as the test is ending. Everyone is encouraged to send their encouragement for these streams to continue to webweaver@bbc.co.uk. Also, as a special treat, the Radio 4 Ogg stream has been extended a week - just enough for all to catch the first episode of Lord of the Rings on Saturday at 1430 GMT."

Please mind the people interrupting your privacy. Matt Clauson writes: "Discussion list for the Qwest privacy issue and possible protest action has been set up -- send an email qwest-action-subscribe@dotorg.org to subscribe to it."

Plug, plug, plug ... timekillerj writes "Well it looks like AOL jumped right in and fixed that pesky hole. We can all go back to speculating how insecure it is now. An article on Yahoo has more info, including a short debate on w00w00 disclosing before getting a response from AOL."

Backstepping by any other name ... dagoalieman writes "It appears the FBI has decided that MS's patch is sufficient. According to CNN, they announced this earlier today in a rather quiet fashion. While MS may see it as good news, I think the fact that the hole is coming back to public attention just blackens the eye a little more for them. It will be interesting to see future ramifications of the government getting involved in these issues, too..." It can't look good when your company's software is called into question by some of your largest customers.

Nope, still don't see any. Niels Provos writes: "I just updated http://www.citi.umich.edu/u/provos/stego/usenet.php to reflect the final results from our search of hidden messages in USENET images. We did not find a single hidden message.

I also released a new version of stegdetect.

The disconcert cluster that we used for the dictionary attack contained more than two-hundred workstations, mostly from CAEN (that is the computer aided engineering network at UMich). The peak performance is comparable to 72 1200 MHz Pentium III machines :-) ...

Below my mail to the cryptography mailing list.

------- Forwarded Message
From: Niels Provos <provos@citi.umich.edu>
To: cryptography@wasabisystems.com
Subject: Stegdetect 0.4 released and results from USENET search available
Date: Fri, 21 Dec 2001 12:16:14 -0500
Sender: provos@citi.umich.edu

I just released Stegdetect 0.4. It contains the following changes:

- Improved detection accuracy for JSteg and JPhide.
- JPEG Header Analysis reduces false positives.
- JPEG Header Analysis provides rudimentary detection of F5.
- Stegbreak uses the file magic utility to improve dictionary
attack against OutGuess 0.13b.

You can download the UNIX source code or windows binary from

http://www.outguess.org/download.php

- -----

The results from analyzing one million images from the Internet Archive's USENET archive are available at http://www.citi.umich.edu/u/provos/stego/usenet.php.

[...]

After scanning two million images from eBay without finding any hidden messages, we extended the scope of our analysis.

This page provides details about the analysis of one million images from the Internet Archive's USENET archive.

Processing the one million images with stegdetect results in about 20,000 suspicious images. We launched a dictionary attack on the JSteg and JPHide positive images. The dictionary has a size of 1,800,000 words and phrases. The disconcert cluster used to distribute the dictionary attack has a peak performance of roughly 87 GFLOPS. However, we have not found a single hidden message. [...]
Comments and feedback are welcome. We have an FAQ at http://www.citi.umich.edu/u/provos/stego/faq.html"
Thanks for the update, Niels!

11 of 150 comments (clear)

  1. No jokers out there?? by RedOregon · · Score: 4, Funny

    Kind of surprised no one uploaded a bunch of steg'd images just for laughs.. encrypted messages like "No, this isn't from a terrorist", "Windows/Bill Gates/Microsoft Blows", "steg _this_, buddy"... or "First Post!"

    --
    Skivvy Niner? Email me!
    HEY! Look left just ONE MORE TIME!
  2. Ogg streaming is a step in the right direction by chrysalis · · Score: 5, Insightful

    The streaming test made by the BBC is definitely a good thing. It brings credibility to open source projects. Ogg Vorbis is really an amazing format, but nobody uses it because of the lack of advertisement.
    Succesful experiences like the BBC one can change this.

    --
    {{.sig}}
  3. Am I readintg this right by adamy · · Score: 4, Insightful

    OK w00w00 sends an Email to AOL, get's no response, and then publishes. to this, AOL said,

    ``We'd encourage any software programmer that discovers a vulnerability to bring it to our attention prior to releasing it,'' Weinstein said.

    Sorry if your organiuzation is too big to react that quickly...

    --
    Open Source Identity Management: FreeIPA.org
  4. Hmm... by Mike+Schiraldi · · Score: 4, Funny

    The disconcert cluster that we used for the dictionary attack contained more than two-hundred workstations, mostly from CAEN (that is the computer aided engineering network at UMich). The peak

    Ok, i give up -- where did you steganographically hide the rest of that sentence?

    --

    --
    Mod up a post Rob doesn't like and you'll never mod again

  5. Just because you can't see it... by tbo · · Score: 4, Insightful

    ...doesn't mean it's not there, does it? How confident are the makers of stegdetect that no steganographic images would slip past their program? Does their program simply work for all known steg. algorithms, or would it detect some or all kinds of new algorithms?

    Also, if I was going to try to send a message via steganography, I wouldn't be doing it with images on Usenet. I'd make some useless personal homepage (god knows there are enough of those already, and nobody visits them), and put my steg. image on there. Or, I would use a more primitive kind of steganography--code words embedded in seemingly innocent messages. There's a hell of a lot more spam on usenet than images, so it would be better concealed that way.

  6. Re:So.... by Henry+V+.009 · · Score: 4, Informative
    In plain English, does this mean that the whole 'warning' by the FBI was FUD, plain and simple?
    Whoever moded this as a troll is on crack. According to this story in The Register, the FBI warning was not correct, and the steps they advocated for fixing the security hole did nothing. How's that for FUD?
  7. AIM Bugs by mESSDan · · Score: 5, Interesting
    I'm curious, I went looking on the AIM website for somewhere to send information about a SERIOUS bug like the one that was discovered, and of course I didn't find one. So, I'm not surprised when it said in the Yahoo article that they didn't receive a response back after a week, considering that if they submitted it using the "Found an Error" part of the website, it probably got mixed in with thousands of other messages.

    Does anyone know a faster way to contact the major software vendors about a severe security issue BESIDES letting them read about it on the front page of their favorite news portal?

    (Note, I only said faster, not better)
    --

    -- Dan
  8. So that's who that fiery bastard was. by Chris+Burke · · Score: 5, Funny

    I remember from last winter term some guy had a background process running on every single workstation in the CAEN labs. If you killed it (users logged in at the console can kill large/cpu hungry apps with a special script) it would just come back. It used lots of CPU cycles. It made it hard to get work done. It pissed us all off, and was made worse by his dismissive responses to requests to cut it out.

    Basically, we all wanted to kick his ass, and now we know who he is. Unless I'm wrong... but I'll ignore that possibility, because it'd get in the way of a good wupin'.

    --

    The enemies of Democracy are
  9. Unsurprising findings on the steg front... by electricmonk · · Score: 4, Interesting
    I'm really not that surprised that they didn't find anything out of all the USENET images that they scanned. First of all, even considering that they had such immense computational power at their disposal, stegonography done right would probably elude detection by any software currently available. Secondly, they have probably not considered the fact that the messages that are hidden could be encrypted, thus thwarting any kind of dictionary attack against the image. This actually serves to strengthen the security of the message, since to brute-force the message they not only have to decrypt the message, but they have to find the right bits to decrypt in the first place.

    Really, even with a Beowulf cluster, processing that many images so soon makes it seem like they gave it only a cursory examination.

    --
    Friends don't let friends use multiple inheritance.
  10. Steganography is just another excuse... by Wrexs0ul · · Score: 5, Funny

    This was likely just a reason for the group to download and view millions upon millions of pr0n pics. Then again I was always knew pictures like that carried hidden messages :)

    ..."There must be a hidden message, let's just stare at it a little longer"...

    -Wrexsoul

    --
    --- Need web hosting?
  11. Cable, DSL,, and Privacy by SuperDuG · · Score: 4, Redundant
    I have posted before, but since my submission to slashdot was rejected on numerous occasions I will repost.

    My previous comment states:

    Well Charter Cable customers now have the wonderous Tioga spyware installed on their systems. It's been posted to slashdot a few times and been rejected. Members from the MadLug (Madison, WI). Have noted that the new service listens on a specific port to monitor and "Assist".

    The county board is also investigating this. The software is supposed to be a VNC-Type program that helps Service Reps service computers. Basically I see this as a way for them to not only monitor, but have their way with your system. Along with this software also comes a real annoying Internet Explorer with Charter MSN crap everywhere, diabling network shares, and reformating TCP/IP to their network. Basically everything you can do yourself, but they won't tell you because they want you to install their software.

    The whole thing stinks and the company is hiding behind lawyers and PR reps to try and get the whole situation worked out. Basically they released a new service, and the MadLUG guys were on them in 2 days when they noticed weird activity.

    Moral of the story ... don't screw with geeks ... we'll find you ... we know who you are :-)

    Which is still the case and is still "required" to use their service or receive any help from their helpdesk.

    I still think this stinks and is definantelly not neccessary for the service to be availalbe. I have taken screen captures of Linux, BSD, QNX, BeOS, Win95/98/NT/ME/2K/XP all running the software (even though they say it only runs on 98/2K/and XP). And I know from witnessed experience that it works on Mac OS 9&X ... basically any OS that can do TCP/IP and has DHCP support.

    So not only is this software not neccessary but it seems to be some sort of ploy to promote WinBlows and crap on other OS's not just linux.

    --
    Ignore the "p2p is theft" trolls, they're just uninformed