Slashdot Mirror

← Back to Stories (view on slashdot.org)

Steganography with Flickr

Posted by CmdrTaco on from the you'll-just-have-to-look-harder dept.

yiangocy writes "Steganography is not something new, there have been techniques and available programs for hiding data in pictures/audio files for a long time now. However, one step further is using popular online photo sharing sites, such as Flickr in hiding your data, successfully."

10 of 126 comments (clear)

  1. not very groundbreaking by towaz · · Score: 5, Interesting

    Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.

    More interesting projects, though off topic slightly; a method of obscuring your network communications and resolving key issues with stego (though I think the project stopped)
      http://www.m-o-o-t.org/

    They is also much more interesting uses for stego. in files, hdd slack space and this nice little project 4c.

    http://dione.ids.pl/~shykta/

    4c (or fourcrypt) is a multiple-file steganography program inspired by Michal Zalewski's twocrypt (2c) program, designed to be "subpoena-proof". It supports mixing between one and eight files with independent keys. The files are architecture-independant (tested on x86 and UltraSparc).

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
    1. Re:not very groundbreaking by Pig+Hogger · · Score: 4, Interesting
      Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.
      It was even before e-bay... During WW-II, there were whole squadrons of knitters who tried knitting patterns submitted to newspaper knitting columns to check if the to-be-printed coded patterns were legitimate and were not coded messages...

      How many messages to dormant agents were sent though classified ads like "purple sofa, $145"???

    2. Re:not very groundbreaking by towaz · · Score: 3, Interesting

      Actually even before that :)

      using wax tablets in greece.

      http://www.jjtc.com/stegdoc/sec202.html

      "In ancient Greece, text was written on wax covered tablets. In one story Demeratus wanted to notify Sparta that Xerxes intended to invade Greece. To avoid capture, he scraped the wax off of the tablets and wrote a message on the underlying wood. He then covered the tablets with wax again. The tablets appeared to be blank and unused so they passed inspection by sentries without question."

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
  2. I'm against this by Ckwop · · Score: 2, Interesting

    So basically they're showing you how to use a photo storage service to store private data. I think this is immoral and is probably against the terms of service.

    Flikr could probably detect the changes anyway. When you do stego on Jpegs you do it by altering the coefficients on the waveforms. The problem is these coefficients usually conform to a gaussian distribution and by packing so much data in to the jpeg you're going to screw up that distribution.

    To hide truly undetectable data in there is going to be difficult and the channel capacity wont be all too great. It's a clever idea but I'm against it. If you want storage, buy a web-hosting package and FTP it up tot there.

    Simon

  3. Shifting types & saving content to a remote se by turnstyle · · Score: 4, Interesting
    Seems the blog post is partly about saving one file type within other, which reminds me of Baudio, a goofy script I made that converts any file to a .WAV

    Also, if part of the point is simply to save non-image file types into a seemingly unlimited Flickr storage space, what happens if you simply change the file extension to something like filename.pdf.jpg and upload that? Does Flickr actually validate file contents?

    --
    Here's what I do: Bitty Browser & Andromeda
  4. Re:Shifting types & saving content to a remote by towaz · · Score: 2, Interesting

    Flickr can have a simple solution to this, If they change a few random colour or other attributes on the uploaded pictures they would render the stego. worthless.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
  5. Steganography in recent fiction by sidles · · Score: 5, Interesting
    Steganography is central to Carter Scholz's recent novel Radiance. In brief, complete engineering descriptions of all US nuclear weapons tests are smuggled out of the US national labs, steganographically conceiled in pornographic *.gif files.

    Warning: this novel is a demanding read. It is a higher-brow---and markedly dystopian---treatment of the same themes as Neil Stephensen's Cryptonomicon. In writing it, Mr. Scholz seems to have received considerable help from insiders at the national laboratories.

    With luck, the following link to Google Print will show you a sample page that is reasonably representative of the entire book.

    http://print.google.com/print?id=kVP7pIA9TYUC&pg=P A382&lpg=PA382&dq=steganography&prev=http://www.go ogle.com/search%3Fclient%3Dsafari%26rls%3Den-us%26 q%3DRadiance%26ie%3DUTF-8%26oe%3DUTF-8&sig=-uyML9j p9G4JsUZOCa59fPI6YpM

  6. Re:Movie Plot Vulnerability by Incadenza · · Score: 2, Interesting

    If you own both the sending and receiving servers, or use one of the infected army of the drones, there is a miniscule chance of your message even being observed in the ocean of the information that is the internet.

    Notice the word 'if'. If you *do not* own both the sending and receiving servers the story is different. For instance if you do not know where your agents are, who they are or when they are on line. The GIA once used an open for all mailing list (or was it usenet?) on football to send orders from Algeria to Paris. There is so much nonsense on this lists (and on Flickr too) that some odd remarks do not catch any attention - except by the one waiting for the message,

  7. Stegdetect by BCTECH · · Score: 3, Interesting

    I ran the image through stegdetect and it came up with a "false possitive". This utility detects images encoded with jsteg, jphide, invisible secrets, outguess, F5(header analysis), AppendX, and Camouflage. Although, steghide is not listed, I have found that false possitives are shown with images that I know to have an embeded file.

    I played around with steganography at one time and setup a script to create embed images via the web using Outguess

  8. Re:Hiding more than one message? by HermanAB · · Score: 2, Interesting

    BTW, it is possible to create a file consisting of two encrypted messages, with two keys, interleaved such that you can retrieve the one or the other. If the one message is innocent and the other not, then you can give the Police the innocent key and the other message remains deniable. This is described in Applied Cryptography.

    --
    Oh well, what the hell...