Steganography with Flickr

← Back to Stories (view on slashdot.org)

Posted by CmdrTaco on Sunday August 21, 2005 @02:07AM from the you'll-just-have-to-look-harder dept.

yiangocy writes "Steganography is not something new, there have been techniques and available programs for hiding data in pictures/audio files for a long time now. However, one step further is using popular online photo sharing sites, such as Flickr in hiding your data, successfully."

19 of 126 comments (clear)

Never a more apt Message by hawkeye_82 · 2005-08-21 02:08 · Score: 5, Funny

Nothing to see here. Please Move along.
not very groundbreaking by towaz · 2005-08-21 02:10 · Score: 5, Interesting

Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.

More interesting projects, though off topic slightly; a method of obscuring your network communications and resolving key issues with stego (though I think the project stopped)
http://www.m-o-o-t.org/

They is also much more interesting uses for stego. in files, hdd slack space and this nice little project 4c.

http://dione.ids.pl/~shykta/

4c (or fourcrypt) is a multiple-file steganography program inspired by Michal Zalewski's twocrypt (2c) program, designed to be "subpoena-proof". It supports mixing between one and eight files with independent keys. The files are architecture-independant (tested on x86 and UltraSparc).

--
"I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
1. Re:not very groundbreaking by Pig+Hogger · 2005-08-21 03:55 · Score: 4, Interesting
  
  Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.
  It was even before e-bay... During WW-II, there were whole squadrons of knitters who tried knitting patterns submitted to newspaper knitting columns to check if the to-be-printed coded patterns were legitimate and were not coded messages...
  How many messages to dormant agents were sent though classified ads like "purple sofa, $145"???
2. Re:not very groundbreaking by towaz · 2005-08-21 04:17 · Score: 3, Interesting
  
  Actually even before that :)
  
  using wax tablets in greece.
  
  http://www.jjtc.com/stegdoc/sec202.html
  
  "In ancient Greece, text was written on wax covered tablets. In one story Demeratus wanted to notify Sparta that Xerxes intended to invade Greece. To avoid capture, he scraped the wax off of the tablets and wrote a message on the underlying wood. He then covered the tablets with wax again. The tablets appeared to be blank and unused so they passed inspection by sentries without question."
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - Voltaire
again? by thegoogler · 2005-08-21 02:16 · Score: 3, Informative

you guys linked another wikipedia article on the front page without notifying them so that it could be locked

owell, its probably goatse now, you guys should just put (NSFW) after all wikipedia links.
1. Re:again? by imsabbel · 2005-08-21 02:45 · Score: 3, Insightful
  
  Yeah yeah.
  Besides the usual trolling, there is some truth in the parent.
  
  Maybe just put a link to the (then current) revision, and not to the general article? That way, everybody will get the same article that excisted before the ./ story went online.
  
  --
  HI O WISE PRINCE. WHT TOOK U SO DAM LONG?
nothing to do with Flickr by Petronius · 2005-08-21 02:20 · Score: 4, Insightful

This is an interesting article, but it has nothing to do with Flickr, except for the fact that instead of saving the images on a local device, this guy uploaded them to Flickr.
Yaaaawn, -1: misleading.

--
there's no place like ~
Re:I'm against this by LiquidCoooled · 2005-08-21 02:20 · Score: 5, Funny

Post Removed

I'm Sorry, the posting you just made is against the Slashdot posting terms.
We believe you are a terrorist trying to hide data within your non-conformist post text.

After a detailed analysis of the contents of your posting, the waveform coeficients do not conform to standard slashdot thinking, more precisely, your posting failed to contain the phrases "first post", "in soviet russia" or "hot grits".

Please remove the hidden message and try again.

--
liqbase :: faster than paper
Shifting types & saving content to a remote se by turnstyle · 2005-08-21 02:25 · Score: 4, Interesting

Seems the blog post is partly about saving one file type within other, which reminds me of Baudio, a goofy script I made that converts any file to a .WAV
Also, if part of the point is simply to save non-image file types into a seemingly unlimited Flickr storage space, what happens if you simply change the file extension to something like filename.pdf.jpg and upload that? Does Flickr actually validate file contents?

--
Here's what I do: Bitty Browser & Andromeda
So THAT'S where the WMD are... by Anonymous Coward · 2005-08-21 02:25 · Score: 5, Funny

Saddam's Weapons of Mass Destruction have finally been found inside pictures! Call Fox STAT!
stegnography in Mona Lisa by woverly · 2005-08-21 02:27 · Score: 5, Funny

A couple of years ago newspapers and network news showed the cabin layout of a 747 shown inside the Mona Lisa, supposively used by terrorists. What supprised me was how little attention was payed to the fact that nobody was giving credit to Leonardo da Vinci for inventing the 747.

--
Woverly Harris Gooch, IV CTO American Fire and Bomb, LLC
Hiding in the spam by S3D · 2005-08-21 02:44 · Score: 3, Insightful

Other similar techincs is hiding messages so it looks like a spam http://www.google.com/search?hl=en&lr=&q=hiding+me ssages+using+spam&btnG=Search I've even read an article (can't find link right now) analizing some samples of the actual spam and concluding that they in fact used as an encripted communication medium by spam originators.
Re:I'm against this by Ckwop · 2005-08-21 03:06 · Score: 5, Informative

Rather than worry about trying to detect stegnography, any image posting service could just arbitrarily set all of the least significant bits of jpgs to "1" as part of the image posting process. It might slightly degrade the image, but it would also erase any potential encoded messages.

Not really, the best stego packages use error correcting codes to help mitigate this kind of attack. Some stego packages don't work by using the LSB but by swapping adjacent pixels. The cleaning of the LSB would have no real impact on this type of stego.

Simon
Movie Plot Vulnerability by Mr_Icon · 2005-08-21 03:08 · Score: 4, Insightful

Ho-hum. There are much better ways to back up your data for $25 a year.

This is a general "this can be used by terrists!" freak-out. Well, you know, this is an awfully stupid and ineffective way to pass information -- something Bruce Schneier likes to call "movie plot" vulnerabilities. Why bother with steganography when there are much better means to pass encrypted data between two people? Like, I don't know, DCC'ing a file over IRC, or just plain sending an email? If you own both the sending and receiving servers, or use one of the infected army of the drones, there is a miniscule chance of your message even being observed in the ocean of the information that is the internet. Much less stupid than using a complex routine to hide data in an image, and then upload it to a central service like Flickr for all to see (it shows up immediately in the "recently uploaded" pool).

This is a fine idea for a movie plot, but utterly dumb for someone to actually try this. Thus, I assign the article a -1 Troll.

--
If you open yourself to the foo, You and foo become one.
Re:Shifting types & saving content to a remote by timeOday · 2005-08-21 04:23 · Score: 3, Informative

Not necessarily. The flipside of stegonography is "digital watermarking," which is the same thing, except used for copyright enforcement. There has been a lot of work done in creating watermarks which aren't too noticeable, but which are resistant to resampling etc.
A much better solution by mdarksbane · 2005-08-21 05:02 · Score: 3, Funny

Would be to zip all your files together, encrypt them, then share them on Kazaa as "hot XXX teen pporn pr0n tryout mother daughter incest dog sex sex sex.avi." You data will never be lost completely ;-)
Steganography in recent fiction by sidles · 2005-08-21 05:15 · Score: 5, Interesting

Steganography is central to Carter Scholz's recent novel Radiance. In brief, complete engineering descriptions of all US nuclear weapons tests are smuggled out of the US national labs, steganographically conceiled in pornographic *.gif files.
Warning: this novel is a demanding read. It is a higher-brow---and markedly dystopian---treatment of the same themes as Neil Stephensen's Cryptonomicon. In writing it, Mr. Scholz seems to have received considerable help from insiders at the national laboratories.
With luck, the following link to Google Print will show you a sample page that is reasonably representative of the entire book.
http://print.google.com/print?id=kVP7pIA9TYUC&pg=P A382&lpg=PA382&dq=steganography&prev=http://www.go ogle.com/search%3Fclient%3Dsafari%26rls%3Den-us%26 q%3DRadiance%26ie%3DUTF-8%26oe%3DUTF-8&sig=-uyML9j p9G4JsUZOCa59fPI6YpM
Stegdetect by BCTECH · 2005-08-21 07:40 · Score: 3, Interesting

I ran the image through stegdetect and it came up with a "false possitive". This utility detects images encoded with jsteg, jphide, invisible secrets, outguess, F5(header analysis), AppendX, and Camouflage. Although, steghide is not listed, I have found that false possitives are shown with images that I know to have an embeded file.

I played around with steganography at one time and setup a script to create embed images via the web using Outguess
Re:Gmail? by sanx · 2005-08-21 08:57 · Score: 3, Funny

Would open up a whole new advertising channel for Google, wouldn't it:
From: Joe
To: Michelle
Subject: No stego here
<attachment: cutedoggy.jpg>
Adwords by Gooooooogle
Terrorists are using the Internet to send secret information.
www.paranoia.gov
Can't find your WMDs? Buy some more
www.dod.gov
Suspicious emails? Let us examine them
www.noprivacy.gov
Looking for Cute Doggies?
www.sexwithcutedogs.com

--
Windows Tweaks