Slashdot Mirror
Hiding Secrets With Steganography On FreeBSD
BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."
fuck you.
I hide a picture of myself in the login bitmap on my school network
~ Maintainer of the Skajake Projects
...people just think it is because it hides itself very well. ;-)
Don't click on it! It's an animated GIF... and the second pic has serious problems...
Makes you wonder what the demon is hiding
Remembering that you are going to die is the best way I know to avoid the trap of thinking you have something to lose.
I'd be interested to know if this is just a BSD thing or if I can run these apps on Linux or Windows.
I used to use this kind of thing to hide certain, ahem, suspect images on the Acorn machines at school.
:o)
Of course being an adult now it's not as required, but I suppose it might be able to hide offensive pr0n images inside more innocent ones - so that anyone looking finds pretty mild things and stops there, without being able to find things that would get you looked at oddly in church
Beep beep.
I've been using it for years, posting messages like "allah is great" on Fark photoshop contests.
Just raising the background chatter to a dull roar.
my problem wrt steganography is that it 'feels' more like security through obscurity than an actual cryptographic regime (ala gpg encrypted attachments, etc). Other than that, neat stuff.
Sometimes people just have to learn and adapt to change, it is one of the requirements of being a living thing.
don't tell anyone! /too late i guess
...is that no one else knows where to look to find things that might be sensitive. You can literally hide things in plain sight, but with the amount of crud stacked everywhere physically, and the amount of data strewn about with no apparent labelling (except for the porn of course), no one can actually tell what is important and what isn't.
Of course, dates don't seem to understand the logic of living in an apartment that already looks like it's been rifled through.
Do not look into laser with remaining eye.
I use steg sometimes to pass messages i dont want out in plaintext or overtly encrypted, but it has to be passed in such a way that it isnt apparent that a message is there (i.e. email to brother 'See these pics of grandma!'). It is not a foolproof method, but its very useful when you realize you cant trust the encryption itself to hide the message.
BSD is mentioned 3 times in the post, while the utilities that actually do the work are only mentioned once? This is like titling a post "Processing Images with Filters on Mac OS X" and only mentioning once that you use Photoshop.
"And this is my boy, Sherman. Speak, Sherman." "Hello." "Good boy."
No, bad guys in movies walk into the Rich Dude's house, immediately realize where the safe is, pull the painting away and get whatever's in the safe. How many times have we said that security through obscurity isn't security, and now we're all clamoring about obscuring data to make it safer.
Data-wise, it seems like you'd need to be hiding a relatively small amount of data. Otherwise, you're like an elephant trying to blend in at an LA cocktail party.
Please help metamoderate.
This was my first exposure to a steganopraphy demo....Written by the author of a bunch of books on Computer Networks and Operating Systems... http://www.cs.vu.nl/~ast/books/mos2/zebras.html
All the BAD GUYS hide their safes behind pictures? Is the metaphor you're trying to paint that BAD GUYS use steganography? The government propaganda wars are working. Newspeak is ingrained.
Every citizen of these modern times is a criminal, and because everyone is a criminal, everyone should use steganography. Most criminals are not BAD GUYS, but instead, good loving parents, patriots, and friends to society. It no longer makes sense to equate criminal to BAD.
fifth sigma, inc.
I am thinking spy stuff now because this trend you have that critical file excahnged without detection (yeah right). Or you can hide your critical data in one of these just a thought
Get Movie Posters
He's a troll with a subscription account so he can see the stories first. He comes up with these oh-so funny replies, which he posts with his non-subscriber account. Still waiting for him to actually be funny...
- jsteg,
- jphide (unix and windows),
- invisible secrets,
- outguess 01.3b,
- F5 (header analysis),
- appendX and camouflage.
Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.First time I read the headline, I thought it was implying that there are secret messages in the icons/images that are part of the freeBSD installation. Which brings me to wonder: what prevents people from putting messages hidden in the KDE or Gnome icons and such?
(Maybe a "If you can read this, you're too paranoid" sort of message in the Redhat splash picture?)
alias uptime="echo '5:33pm up 22342352324 days, 6:28, 2124315623 users, load average: 2432.40, 12312.31, 123123.19'"
Simply rename its extension to .dll. It will fit right in to the gigs of OS files.
No, I subscribe with this account. I check the "No Subscriber Bonus" box.
I have yet to see a good treatment of the necessity of hiding the fact that one may have knowledge of or tools capable of implementing steganography. While hiding data is a nifty thing, it's not of much practical use unless you can also hide the code - the tools that you use to embed and deembed your steganographically hidden files.
Adding hooks to libraries and hiding executable code in data areas and coming up with slick ways of calling into that code when you actually do some stega processing is an area ripe for exploration. It may be more challenging than data hiding as well, especially when you consider the huge libraries of md5sums for all known executables and libraries that are maintained and distributed by computer forensics people.
I can hide my entire pr0n collection in a single gigpixel image?
Seriously, though, I read a news article some time ago describing how the FBI are onto such data hiding techniques after discovering terrorists (ok, "Arabs") had been posting stego encrypted messages in images posted to various popular terrorist (there I go again!) websites.
Don't know to what extent they're "onto" it (they never say, do they?), but I imagine looking for secret clues can be a full-time job.
What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?
harmonious design
Why do we get articles about tools that are what? 3 years old?
There is enough new and interesting (and better) stuff around. For example, rubberhose would've been much more interesting to read about.
Assorted stuff I do sometimes: Lemuria.org
Steganography is new to me (as a science). All i can say is i'm RTFA'ing and it's badass cool :o)
Does this disqualify me as a slashbot?
do() || do_not();
Posts/books/whatever that say "My webserver is Linux" (No it is not. It is Apache) "How to use LInux to serve Windows files" (No, you are using SAMBA and LDAP.) "Robot runs on Linux" (No, its some custom code that runs ON the GNU/Linux environment)
Where have YOU posted objecting to abuses like the above?
Well?
http://www.xs4all.nl/~marcone/bsdversuslinux.html
It is a good read.
Lies, Deceipt, and Trickery
The rest of the hack does everything it can to hide itself. There are two major components to the disguise: the "fake" hack, and the JPEG image of Tux.
Firstly the fake hack. The fake hack begins at offset 0xD00 in the game save. If you disassemble the game save, you are likely to notice that some interesting stuff begins there. It appears to be getting it's own address, turning off write protection in memory, patching the kernel, and calling XLaunchNewImage. There is some branching logic which seems to imply that it is patching the kernel in different ways, depending on the value of location 0x8001FFFF in memory. The patches even resemble those that certain modchips perform, some are even at the same offsets. The path to the linux xbe is noticeable as well, at offset 0xFD5.
Upon initial inspection this code seems very plausible. When you look at it closer, there are a lot of inconsistencies. Firstly, the value being tested at 0x8001FFFF does not match up to any known kernels that I know of anyway. Secondly, a lot of the patches to the kernel are junk code and don't make any sense. Thirdly, there is no call to IoCreateSymbolicLink in order for the call to XLaunchNewImage to work. XLaunchNewImage checks to make sure that the path to the executable resides on the 'D:' drive to prevent applications being launched from the hard drive, and therefore only from the DVDROM drive. Without remapping \Device\Harddisk0\Partition1 to 'D:' using IoCreateSymbolicLink, there is no way for the kernel to find the default.xbe as specified.
Secondly there is the Tux JPEG. Starting at offset 0x1080 in the game save is a JPEG image. This is obvious from the text JFIF which is present in all JPEG headers. If you extract out this block, you get a nice little picture of Tux. Seems like a harmless little addition by a linux fanatic. It is typical of linuxheads to stick stuff like this everywhere. In reality, the real hack is encrypted and stored in this image. The practice of storing data in images is known as steganography. Perhaps this doesn't count, as it stores the data in the header and not in the actual image data. It's still rather devious. We'll come back to the contents of the hidden data in a moment.
I am having trouble figuring out what the image is, there appears to be some sort of mongoose or other small mammal and perhaps a can of pudding... ?
I've been staring at this pictures of Jenny McCarthy for years now, trying to discover the steganographically hidden messages.
That's what I told my girlfriend.
YOu might want to check out Peter Wayner's website for his book, Disappearing Cryptography . There are several applets that let you hide information in a list of disco songs or even in the order of letters in a word.
Steganography http://www.staff.uiuc.edu/~ehowes/soft11c.htm for all your needs.
By raising the background chatter, he is making it difficult to find any true use of stego. Pictures with messages like "Donald Rumsfeld can eat my ass with gravy as a sidedish" or "GEORGE BUSH SHOULD DIEt (He's getting chubby)" waste resources which would normally be spent reading YOUR email.
He's making himself a target so you don't have to. Ass.
1) .Wav files are not compresed
2) If you don't like .wav files you must REALLY hate cds.
Hiding secrets with steganography on Windows, Red Hat, SuSE, and... oh yeah, FreeBSD...
pb Reply or e-mail; don't vaguely moderate.
In some countries you can go to prison for using cryptography, in other more enlightened countries you can go to prison for not handing over the keys when asked by the guys in jack boots or for talking about the fact that you've been raided.
Government of the people, by corporate executives, for corporate profits.
Any discussion of steganography is incomplete without this:
http://www.mcdonald.org.uk/StegFS/
This concept is lost to most people. And i agree it just proves how effective slow media manipulation of peoples attitudes is.
.Or 'the SUV killed.. ' in time people begin to belive it with out realizing it...
Just like calling downloaders 'pirates' and 'theft'.
---- Booth was a patriot ----
If I was your roommate, I'd start rotating your bottles of beer. Or did you also unobtrusively mark them?
My strategy with mooching roommates was simply to make sure I kept stuff in the fridge that I liked and others couldn't stand. Exceptionally spicy food works wonders there.
It's the same trick as the fake rock holding your house key.
As for hiding valuables in the house, the best "safe" is something that thieves not only don't want, but actively avoid. Like an empty box of my wife's tampons.
-Looking for a job as a materials chemist or multivariat
There was an interesting project that won the Intel Science Talent Search a few years back about DNA steganography - hiding text and information in base pairs in a strand of DNA. I'm not sure if they went the extra step in terms of decoding enzymes ... the only problem I could see with that is that it seems you'd want to flag the message, which would defeat the purpose of hiding; otherwise, might be easy to lose a few words of data among billions of base pairs.
I'm curious, why put the encrypted data in the comment blocks for jpeg pictures? By placing scrambled data in these sections you make it pretty obvious that there is a 'hidden' message in there.
Why not make the data truly hidden by using the least significant bit within each of the RGB values for a 24 bit color image? 8 bytes of image data can hide 1 byte of data.
If you can repeat the hidden message enough times you might even be able to use this within a jpeg image and have the message survive recompression of the image or slight image manipulation. When reconstructing the message collect the bits of the repeated message and select the bits that repeat the most.
I'll have to try to write something quick and dirty up in Python to test this out.
because, dead men tell no tales!!
My problem? I was perfectly gruntled, until some numbnuts came by and dissed me.
I keep mine in topsecret.txt.
They actually had this on Navy:NCIS a couple weeks ago. A terrorist was hiding messages inside of porn images.
"See these naked pics of grandma!"
Roving Web-Teleoperated Robot
Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.
unproven, unstable? FreeBSD has been around just as long as linux and you only have to look at the netcraft reports http://uptime.netcraft.com/up/today/top.avg.html to see BSD is the most stable OS around.
As for security, the BSDs have one of the best track records for being secure. You seem to post crap just to annoy the bsd crowd and you wonder why people keep modding down your posts?
I seem to recall a "stop the MPAA" gif that floated around the internet when 2600 was being sued for distributing DeCSS. The gif had the DeCSS tarball embedded in the file past the EOF marker.
Modify it first!
If attacker gets original picture and picture with some data hidden within it, it becomes very easy to get data from it.
Didn't Kevin Nealon hooker already perfect this technique useless on Saturday Night boring Live?
__________
[Big Brick Wall]
Now I take the encrypted bits of the message (which already look a lot like random noise) and hide them inside the least significant bits of a bitmap file. Lets assume that I'm using a half-decent steganography tool here, and it distributes the bits of the message throughout the image in a psueudo-random fashion.
So now we've got a stream of encrypted bits, which more or less resembles a stream of psueodo-random numbers. And we've sprinkled these bits all over the place inside the image, so they don't even appear together or in order.
How does one go about detecting that there's a message in there, reliably? What distinguishes the [pseudo]randomly-distributed [psuedo]random-bits of the encrypted message from the background noise of the image?
(I am assuming, of course, that the message we're trying to hide is relatively small - at most, 1 bit per byte in the image is modified. Much more than that is like trying to hide a tractor trailer behind a go-kart)
...ironically, the better algorithms we get for compressing stuff, the more difficult it is to hide something. It gets really obvious if you start sending around BMPs or WAVs.
Steganography detection is doing rather well - it simply realizes when the compression is "wrong", that is, if it would have been compressed better if there wasn't hidden info in the image.
By the way, for legal purposes it might be just as efficient to use something like Bestcrypt's hidden container - it's a very smart, yet "dumb" form of steganography. You create an encrypted container, which has a key. Then you create a hidden container inside the encrypted container, with a different key. There's no way to detect the presence of a hidden container - it looks like random data in a container full of random data.
If required by law to provide a key, provide the key to the outer container. When asked about a hidden container, go "What hidden container?" Even if it is very likely that there is one, there's no proof of that. Even the wackiest RIP bill doesn't require you to provide decryption keys to things that doesn't provably exist.
Kjella
Live today, because you never know what tomorrow brings
...a passphrase in your ogg, or are you just happy to see me?
Ideally the software would only need to be pointed to a directory or a wildcard, given a passphrase and be able to just "mount" those files. I.E.
That picture made me recoil from my chair.
This is like in the movies, where to find the secret code you need the exact page of a specific book and then pull out 10 words from page 12, paragraph 3, words 3,19,12 and 42...etc. The book is hidden somewhere in the library of congress, know the title of the book and the code is revealed. I guess cryptography has come full circle, whats next, anograms with carrier pidgeons? I guess the old tricks are still the best tricks.
Just put some visible plain text on a picture of the goatse.cx man! Sure, people can see it, but they will be so traumatized that they will forget!
Due to a new Michigan law (Super DMCA), the legality of my research or these web pages is currently unclear. Felten provides additional information about the resulting restrictions on technology and research.
The web pages will be reinstated once the situation has been resolved.
OutGuess 0.2 - Source Code Currently, unavailable. See above.
Source: (http://www.outguess.org/download.php)
My Systems
When they come up with a way to steg my pics into a text file, then we'll have something.
Bad guys in the movies all keep their wall safes hidden behind paintings.
Excuse me. Us good guys keep their wall safes behind paintings too you know.
Just that- the obvious. You see, in the movies, the bad guys went for the safe because they knew it was the safe, and they knew that there was probably something of value inside. The very fact that it IS a safe makes this apparent. The reason your analogy falls short is that with steganography, you can't even tell if it's a safe. It could be a chair, a wall, a coating of dust on a floorboard, a cobweb up in the corner, a pile of dirt, etc. It allows a very effective way to fly under the radar while still accomplishing your objective (though it does have limitations). Yet one more reason that TIA is TRASH.
...that would have to be the Pentagon mainframe. You know, the one from "War Games" ;)
Kjella
Live today, because you never know what tomorrow brings
I apply that to how I approach my daily job, all the insults and petty fights and powerplays the other people play. It makes me strong.
Nothing like forcefully advancing in your Wal-Mart career!
I do not have the web page here but somebody can certainly search in slashdot and find it. How to detect it ? The guys which made the thesis/program show that even if the lowest bits seems random, in reality if you take only red / blue or green component you see "forms" appears. And thus on steganographied image you see those form disappear, whereas on non stenographied they appear. Note that you can avoid that. So people using some of those program think they are safe, but instead a third party can show that they are exchanging secre. And knowing you are sending something hidden in some case can put you in a bad position. Even in the US.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
...hiding your secrets in an image? Just write them in Perl!
You loser. Linux wraps its uptime after about 490 days, so it won't appear on that list.
Your life must be really, really shit.
file * | grep JPEG
"Rub her feet." -- L.L.
Of course, if I lived in China and was plotting a demonstration, I'd need to hide that info. Or bank heist details.
Currently, encryption is used freestanding by people with something to hide - and is viewed by 'the masses' as a terrorist/theft/dishonest tool. Why isn't encryption used in *everything*? I appreciate the need for encryption, but until it is everywhere and easy to use, it will have a black cloud hanging over it. Which makes it much easier for those who would like to abuse their powers (cough *Ash*cough) to pass laws restricting the use. Thereby reinforcing its reputation as a tool for people who have something (bad, ohohoh very bad) to hide.
1) Hah. Go read the FreeBSD mailing list archives, and you'll see security problems and glitches too. Nobody said Linux was perfect, but on the whole it matches (if not exceeds) FreeBSD in stability and security.
2) No, I was talking about the REAL WORLD (you know, where Linux sees much greater adoption than FreeBSD). Red Hay supports RHEL for 5 years. FreeBSD doesn't even come close to that kind of support.
Can't I take bmp files, each from the same unknown original bmp, but steg'ed with different messages, get their binary diffs, and find the blowfish'ed data? Seems like two different messages in the same envelope destroy the value of the envelope entirely (although decrypting the obtained encrypted message is still just as hard).
--
make install -not war
Hi all, we have recently published a paper about hiding data in gzip compressed files. For those interested, check out http://www.cs.ucr.edu/~stelo/stego/ Regards, Stefano
Just encrypt that with PGP. Duh!
__________
[Big Brick Wall]
Anyone else find it ironic that if you want to download the source from the OutGuess website, you can't because of a Michigan Super DMCA law?
If he lives in Michigan, maybe he should move his computer to Canada and distribute from there.
Bureaucracy loves company.
Stganography makes you look at all those nude erotica pictures you downloaded ever more closely now... look for the hidden message, Luke...
Use reversable compression. Encrypt the cleartext, package it in a container (subcontained if desired), stga that into the BMP or WAV, compress using GIF/PNG/FLAC as required. Ship product to receiver, they uncompress (since the compression is lossless, no bits lost there), de-steg, decrypt, decrypt, viola recipe for brownies.
Also tends to confuse the detectors, as they are not trying all (n) possible ways the file could have been compressed to look for steg data in the raw file, only looking at the compression errors in the current format.
For every scheme, a crack, for every crack, a new scheme. What fun the merry go round is!
You can have it fast, accurate, or pretty. Pick any 2.
I saw an image on a website that was yellow flowers but when you highlighted it you could see a pr0n image. Does any one know what that's called? I would like to be able to do that. Not to send pr0n but just to mess around with. It kind of like the article but less secure.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
This is all well and cute, but realistically speaking, no implementation of steganography is all that secure. Detection is fairly easy, and then a dictionary attack against the encrypted contents is used. [Link]
Its a twofold problem as I see it.
1. The hiding of encrypted data/images/text/whatever inside of an image file is based on the notion that security through obscurity raises the bar. Anyone who studies security knows that this is just not true. Since suspicious images are simple to detect, this layer of obscurity offers no real data protection than just encrypting the file and naming it "this-is-secure-data.blowfish". Its just a matter of what encryption method is used to secure the contents. Which brings me to my second point.
2. Since the basis of steganography is to hide information inside an image without disturbing the visual image, the size of the data contained within, from my understanding, is severely constrained. Thereby limiting the effectiveness of this technique in all but very large, suspicious, and still easily scanned images.
SO, by hiding one's data inside an image with this technique, one is left with a picture of a table that is just screaming to be scanned for its suspicious content.
--Nuintari
slashdot : where an opinion can be wrong.
Terrorists aren't the only ones who want encryption any more than shipping departments are the only ones who want box-cutters. Maybe we should blame the USPS and airlines for also aiding terrorism. Paper-shredder manufacturers too. They helped Enron break the law, didn't they?
Before you knock FreeBSD for supporting a form of encryption (encryption being something that every law-abiding citizen should be entitled to in order to protect his or her privacy), maybe you should tell us what OS YOU use so we can check to make sure it doesn't support encryption tools like the ones you're faulting FreeBSD for.
I remember seeing an omni movie about sharks that found a school of fish, and ate them all. One at a time.
I thought the strategy behind the school of fish was: if there are 500 fish, and I am one of them, then my odds of me getting eaten during an attack is 0.2% The larger the group, the lower the chance that *I personally* get singled out.
I don't think the predator cares about going after a certain fish. Unless if finds one that has really cute eyes. It just wants a fish.
An obvious use for steganography is reliable digital watermarking, but does anyone know how well current techniques last against hefty sessions of image cropping, audio/video transcoding, and all those other things one would commonly do with such files..?
If a DVD-screener, for example, contained a watermarked serial number, would the number still be there and be readable after ripping, cropping, rendering subtitles on top, and transcoding?
It's a nice idea, but I'm still on the side that believes that multimedia data should not be altered (and hence quality thrown away), even if the loss of quality in human perception is supposedly unnoticable.
Why not hide stuff -IN- FreeBSD. It wouldnt be that hard to write a utility that inserted "typos" into comments that when decoded could be used to pass messages or even hide images.
It'll tell you to worship satan, and steal music. Quickly, to the music mobile darl! We must shut down these "steriograhophonicalwhazitmakallits" before they destroy our nation's families by making them all into crack smoking criminals!
Candy-Coated Knowledge
... the real advantage is that if done properly, nobody can even prove you sent a message.
While this is true, in fact it is the definition of good steganography, I'm not aware of any steg that actually achieves this. For a while, there were no public methods that break Outguess, but that was broken over a year ago, and I don't think there are any stego schemes still standing. The problem is that the last bit of your WAV file or GIF isn't very random in a real picture, not nearly as random as you might guess. This makes it quite difficult to make a scheme which hides there effectively.
I hereby place the above post in the public domain.
...is if it included an actually USEFUL form of steganography, like the steganographic/encrypted filesystem Rubberhose, which is related in spirit to good old stegfs.
Unfortunately both of these are too old and crufty to have support beyond linux 2.2... implementing 2.6 support or freebsd or openbsd support might be interesting.
Time to step it up. I've completely desensitized my taste buds. Hence, I now eat habaneros on my pizza and the hottest chicken wings known to man, and I love it! Now let's see the mooching bastards try THAT.
-Looking for a job as a materials chemist or multivariat
Espically not of live shows. People are big on recording live concerts and then distributing them. Since these tend to be the hardcore types, they want it done lossless and generally FLAC is the format of choice. Now these have additonal benefits:
1) They are often recorded and compressed in 24-bit. Well even good 24-bit converters have a noise floor well above the theoritical limit, leaving plenty of low level white noise naturally. Cheap ones can even have a noise floor only around 17 or 18 bits.
2) Live shows tend to be reocrded with lower quality equipment. It's actually pretty good, all things considered, but it's portable stuff, not a studio setup. Hence more inherant noise.
3) Live shows are noisy anyhow. It's not the pure random white noise, but still plenty to mask what you're doing espically on top of the recording noise.
So, get yourself some nice 24-bit recordings of live shows. Insert your data in there. If you're really parinoid, keep in down in just the lowest 4 bits. FLAC it back up and then swap it with buddies. Looks like you're just another live show swapper (and for bands that permit this, it's 100% legal) and unless your stego program is done, you can't detect it.
I'm pretty sure they have to prove that the picture actually contains encrypted data, which can be through e.g. compression flaws introduced by the steg program. They can't go around jailing people for having a picture that maybe contains something else, they haven't gone that totalitarian yet.
On the other hand, they don't have to prove it's your data (since it's encrypted, they can't know). You might not have a clue about that, never had a decryption key, and it's "Go straight to jail - do not pass go". Nevermind that you downloaded it because you thought it was just a pretty picture, and had no clue there was a smaller pedo picture hidden in it (or whatever else you don't want to imagine).
That's where BestCrypt does it so well... because there's no way to find the hidden container. It's (pseudo)random data hidden in the empty space of the outer container, which is also filled with random data. Which is exactly how it would be if you didn't have a hidden container either. To find random data in random data is like like chasing icebears in a snowstorm on the North Pole.
Kjella
Live today, because you never know what tomorrow brings
security by obscurity is not security at all.
BeauHD. Worst editor since kdawson.
You must be new here...
Check out Peter Wayner's Mimic Functions. Using Mimic Functions you can hide information in anything, not just images and sound files. This is done by grammar to statistically "mimic" what you'll be hiding your data in. This could be an image or a sound file, but it could also be, as in Wayner's example, a baseball game commentary. The effectiveness of the stego is only limited by your creativity in working out the grammar.
recoil
You're missing the point.
The main reason to use steganography is that it hides the fact that you are hiding something. If you use straight encryption, it is obvious that you have something sensitive that you want to encrypt (most people don't go to the trouble of encrypting things otherwise). Steganography helps you fly under the radar and send encrypted data without people knowing that you are sending encrypted data in the first place.
If someone is already suspicious of you, then of course they can analyze your communications and perhaps notice any steganographic attempts. But if not, you may be able to escape notice longer by exchanging seemingly innocuous data than by exchanging industrial-strengh encrypted data.
Steganography has been around since the days of the ancient geeks, er greeks. :)
l
http://www.webopedia.com/TERM/S/steganography.htm
"Steganography (literally meaning covered writing) dates back to ancient Greece, where common practices consisted of etching messages in wooden tablets and covering them with wax, and tattooing a shaved messenger's head, letting his hair grow back, then shaving it again when he arrived at his contact point."
I feel sorry for the messenger who's tattoo ended in "Destroy this message after receiving." We can't have male pattern baldness exposing classified information!
Everyone is entitled to their own opinion. It's just that yours is stupid.
... ths kids that want Ice Cream.
I dont personally have a need to encrypt messages into pictures, no. Nor can I imagine many things I can do where such functionality is needed.
Encryption is good when its used to protect data like my password, my credit card number, and my medical records. Encryption is bad when Apu and his buddies want to hide info from the FBI because they are planning to bomb a schoolbus.
There is no sword that isnt double-edged, but I fail to see legitimate uses for encrypting messages into photographs.
Manipulate the moderator system! Mod someone as "overrated" today.
What did you think my porn was for? I have very sensitive data to protect...
Shut up. Its my right to be an uptight BSD using asshole and to impose my dogma onto all of you cock-smoking Lunix twinks!
mughahahah!!1!!
You must be new here ...
>Encryption is bad when Apu and his buddies want to >hide info from the FBI because they are planning to >bomb a schoolbus.
Damn that fuckin' Apu!!! I hate that sonofabitch. Hey, let's lynch him!
Your ideas intrigue me and I wish to subscribe to your newsletter.
Logged-in trolls aren't forced to preview their comments.
The only question you may be asking yourself is "why use such a utility?" Probably the most common use is to safeguard passwords. We all know that we should use different passwords for various tasks. For example, you should use a different password to log into your computer, another to retrieve email, another for online banking, and yet another for when you create an account on a web server. It can be very handy to make a text file of each password and its usage, and to safeguard that file by hiding it in a place no one would suspect to look.
If you've got a bit of maths under your belt, or even a bit of coding would suffice, there is a link on this page to some Matlab code used to detect steggafied images.
... and then there were none
Ok, so you're a law-abiding citizen. And you have no need. So obviously, no one else who is law-abiding has a need, and the only the Bad Guys do? C'mon.
/home/scott/topsecret/passwords.tgz or instead in /home/scott/junk/pics/mycat.jpg ? If someone somehow accessed my account, they'd know exactly what file to grab and could then make a concentrated effort to crack into it. While if I disguise the file as something it isn't, they'll pass over it. Why isn't this a legitimate use?
You say you "fail to see legitimate uses". Very well. Would you have a legitimate use for a safe? I will assume "yes"... we all have valuables. So let me ask you this: does it make more sense to put the safe in the middle of a wide open room, standing out, maybe even with a sign that says "The safe is here!" Or maybe instead, hide it somewhere. At least in the closet. Or behind a fake wall panel. Buried in the basement? Recessed in the wall behind a dresser?
Steganography is the equivalent of hiding the safe somewhere where it wouldn't be located or expected. If I have passwords on my computer... even if I encrypt them, does it makes sense to store them in
Steganography is neither in itself good or bad. It's a tool which can be used for good or bad. Like a steak knife. Don't condemn it just because all you can think of are the bad uses.
PNG perhaps, as it's lossless.
JPG, however... if you steg something into a source file and then convert to JPG, your message will, more than likely, be lost as JPG is a lossy compression scheme. Which is not very beneficial if minute changes to pixel's colors is important.
There's watermarking techniques that take a smaller string for author identification purposes that -are- suited for use in JPEG, however. But that won't help you send across a long message.. unless your image is 10MP
I think a better example is an AK-47 assult rifle; while it can potentially be used for legitimate reasons, it is more often used otherwise (the AK-47, even though it is the most prevalent assult rifle in the world, is the primary weapon used against most NATO soldiers, including those of the USA).
So, just like I said, even though there could potentially be a tiny minority of people using this legitimately, it will get its highest usage, most likely, by terrorist, drug trafficers, extortionists, etc.
Manipulate the moderator system! Mod someone as "overrated" today.
Joshua, a class mate of mine at Rio Rancho High School located in Rio Rancho, New Mexico, recently wrote a software program using C++ designed to hide encrypted text within a .gif file without changing the file size of the image or the picture quality. The program is called Ghost and the FBI has taken interest in it. When he presented his project at the school science fair last week 3 members of the FBI came to talk to him about his project. More information here http://www.abqjournal.com/riorancho/117131rioranch o12-03-03.htm.
I think a better example is an AK-47 assult rifle
Hmmm... a rifle's primary purpose is killing. Killing humans is illegal. Killing anything else is HIGHLY restricted (seasons, limits, etc). And not everyone has the need or wish to kill. Compared to something designed to protect valuable private information. Something that isn't illegal, and which everyone NEEDS to do (whether they realize it or not). Someone might not feel their personal information should be protected... until they're the victim of identity fraud or electronic theft.
I don't see how this is a "better example."
So, just like I said, even though there could potentially be a tiny minority of people using this legitimately, it will get its highest usage, most likely, by terrorist, drug trafficers, extortionists, etc.
That's a very bizarre statement. I'd be interested in what basis you are using to make it.
is for the standard version of mkfs to fill empty disk blocks with random data (from /dev/urandom) BY DEFAULT instead of zeroing them. That way you can run a stego file system in the unused blocks and it will be indistinguishable from ordinary randomized free blocks. If every BSD (and ideally every GNU/Linux) distro shipped with that feature turned on, there would be no way to tell a stego user from a non-user.
- BSD is dying
- BSD is fragmented
- BSD has no commercial support
- BSD is slow
- BSD is dying.
There you have it.Encryption is bad when Apu and his buddies want to hide info from the FBI because they are planning to bomb a schoolbus.
remember, one man's terrorist is another man's freedmo fighter. skipping over the implied racism there. what about the human rights worker investigating the situation in zimbabwe? from his point of view, he needs to get his report about conditions there back to amnesty internation or the UN dept who sent him. from the PoV of the government he is a spy who seeks to bring down the "elected" ruling party.
what about journo's? they have a right to keep their sources secret (mob informer, gov whistleblower, whatever) but what happens if they get searched either legally or illegally? they want/need to keep their data safe.
in both these situations the person ideally needs to be able to deny the existance of the data so that they don't have to be forced to give up passwords.
just because something can be used for both good and bad is no reason to ban it.
dave
Red Hay supports RHEL for 5 years.
The original poster was talking about RedHat Linux.
Nice attempt to change the topic by talking about something other than RedHat.
RedHat 6.3 was released in 2000 (around the middle of the year). It is 2003.
2003-2000 = 3 years. 3 != the 5 years claimed falsely by the original poster.
The original claim was that Debian and Slackware are totally rock-solid. When the latest Linux kernel failure points out how the statement 'rock solid' is wrong, the response is handwaving Nobody said Linux was perfect. The statement was 'rock solid'. Perhaps in your world the do_brk() error is 'rock solid' quality.
but on the whole it matches (if not exceeds) FreeBSD in stability and security.
FreeBSD's kernel has less security fixes per year than Linux in the 'considered stable' branches.
When you start with bad facts, you get bad conclusions. You are quite welcome that I can correct your facts. You have a nice day.
Now if we were going just by technical merits (or even moral merits) something like Apple should have died its righteous death a long time ago. But, I guess people need to worship on the altar of 'alternative', even if they are getting robbed blind for it. IMO, Apple is the worst monopolist ever (well, aside from someone truly attrocious like DeBeers).
Manipulate the moderator system! Mod someone as "overrated" today.
An AK-47 wont allow you to plan something like, say, flying a jet plane into a building. Encrypted messages, however, are *very* good for that purpose.
Manipulate the moderator system! Mod someone as "overrated" today.
Say what you want, but I didnt see the founding fathers talking people into strapping bombs to their chests and blowing up civilians.
Manipulate the moderator system! Mod someone as "overrated" today.
What??? This is nonsense. Just like suddenly everyone who wears a trenchcoat was considered a potential murderer of their fellow classmates. No, the main purpose for encrypting messages in photographs is to disguise the location of private information from those who might look for it . Why paint a target on the file we store our passwords, bank account #s, etc in?
Just because something is a "very good" tool for some evil purpose doesn't mean that's its main purpose. You're taking a very narrow-minded view on this.
See, you are using the boring 'straw man' arguement. It doesnt matter if something has the potential for legitimate use; if it is predominently used for malicious purposes, it needs to be controlled.
For example, they ban a regular citizen's ability to get dynamite, TNT, C4, etc. Now while you could potentially want it to blow a tunnel thru the mountain in your backyard, or whatever, its most likely that people, given free access to high explosives, are going to blow up things/people which they shouldnt be blowing up.
This is the same way. Why dont you ask the NSA if they think its nice that terrorists can send messages to each other and hide them as pictures on a web site? Ask the FBI if they think its really nice that drug trafficers can communicate without any chance of interception.
Manipulate the moderator system! Mod someone as "overrated" today.
"The original poster was talking about RedHat Linux."
And? Point is, Red Hat supports some of its product line for 5 years. That's really important for big business, and FreeBSD doesn't come close. You lose.
"RedHat 6.3 was released in 2000"
There was no Red Hat 6.3. You lose again.
"Perhaps in your world the do_brk() error is 'rock solid'"
Oh dear. A small bug which doesn't affect 99% of users doesn't have a drastic effect on the software's quality, right? Let's see -- how about the FreeBSD bug which caused a kernel panic if a user removed a floppy without unmounting first?
Now _that's_ sloppy, and no way near rock-solid. You've only been able to point at one recent, mostly insignificant bug in your argument, when in the real world Linux performs excellently, and is extremely stable. Just as much so as FreeBSD, so get over it.
You lose yet again!
And? Point is, Red Hat supports some of its product line for 5 years. That's really important for big business, and FreeBSD doesn't come close. You lose.
The only public loser here is you. Go back to work at your Microsoft PR job.
From: https://www.redhat.com/apps/support/errata/
Red Hat Linux -- Red Hat's policy for Red Hat Linux distributions is to provide maintenance for at least 12 months. At certain times, Red Hat may extend errata maintenance for certain popular releases of the operating system. End of Life dates for errata maintenance for currently supported products are listed below:
Red Hat Linux 9 (Shrike) April 30, 2004
Red Hat Linux 8.0 (Psyche) December 31, 2003
Red Hat Linux 7.3 (Valhalla) December 31, 2003
Red Hat Linux 7.2 (Enigma) December 31, 2003
Red Hat Linux 7.1 (Seawolf) December 31, 2003
12 months is not 5 years.
A RedHat POLICY to provide support for 12 months is not 5 years.
Perhaps in your world the do_brk() error is 'rock solid'"
Oh dear. A small bug
Yea, one SMALL bug that caused Debian and another fork to be broken into and root to be obtained. Yea, one 'little' bug.
Given you feel 'small bugs that are used to obtain root' makes a "Rock Solid" operating system, you should go work for Mircosoft's PR department explaining how Windows is a good, reliable OS.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead
Have you ever seen an animal backed into a corner and fighting for its life? That is the situation FreeBSD finds itself in. The FreeBSD fans are in a state of desperation, and even the mildest criticism of their hobby horse results in wild and paranoid outburts from the faithful. They will find an alibi and excuse for everything. Truth has nothing to do with it
It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.
FreeBSD is dying
It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral.
It is common knowledge that *BSD is dying, that ever hapless *BSD is mired in an irrecoverable and mortifying tangle of fatal trouble. It is perhaps anybody's guess as to which *BSD is the worst off of an admittedly suffering *BSD community. The numbers continue to decline for *BSD but FreeBSD may be hurting the most. Look at the numbers. The loss of user base for FreeBSD continues in a head spinning downward spiral. FreeBSD is dead.
OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of BSD are there? Let's see, Fact: *BSD is dying
Hmm, if we were really going by technical merits, Gates would be a homeless drunk living in an alley, no one would remember a software company called Microsoft who put out half-assed software, and Apple would be dominating the desktop.
.. (maybe not, but geez man, I think you're trying to bait Mac fans). Monopoly? Apple? Yeah, must be a troll ... :)
Unfortunately, it's not always the best technology or innovation that wins out.
Strangely enough, I agree with you on DeBeers. Just like MS, they don't really do anything of value for consumers, and only concern themselves with charging money to fill the artificial need they created for their products.
Oh well, differing opinions. I am curious about one thing: how do you see Apple as a monopoly? How can a company with single-digit percent usage ever be considered a monopoly? Isn't this, like, by definition anything other than a monopoly?
Geez, I'm just starting to feel like I took the troll bait
You don't keed to be Kreskin to look into FreeBSD's future. Even a child knows that FreeBSD is dying. All major marketing surveys show that FreeBSD has steadily declined in market share. FreeBSD is very sick and its long term survival prospects are very dim.
FreeBSD is D E A D
t0ny, you people with such a narrow point of view, you better stop trying to think, it won't work... you won't get to anywhere. And, the way I see it, you please remove your doors and blinds at home. You have nothing to hide, do you? I bet you are planning some kind of genocide at home. If it was in my hand, some army guys would be visiting you this evening, as I'm pretty sure there is a psychopath under your ugly face. Holy shit!
SCO users are flocking to BSD ...or anything else.
I am the unwilling control for my Origin.