Re:Shifting types & saving content to a remote
on
Steganography with Flickr
·
· Score: 2, Interesting
Flickr can have a simple solution to this, If they change a few random colour or other attributes on the uploaded pictures they would render the stego. worthless.
Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.
More interesting projects, though off topic slightly; a method of obscuring your network communications and resolving key issues with stego (though I think the project stopped) http://www.m-o-o-t.org/
They is also much more interesting uses for stego. in files, hdd slack space and this nice little project 4c.
4c (or fourcrypt) is a multiple-file steganography program inspired by Michal Zalewski's twocrypt (2c) program, designed to be "subpoena-proof". It supports mixing between one and eight files with independent keys. The files are architecture-independant (tested on x86 and UltraSparc).
I hate to mention a company twice in a/. post but wouldn't you be exempt from giving out your private key when its not in your country?
if they wanted to get into your www.hushmail.com account but the encrypted data is not in the same country of law... would they still be able to make you divulge your passphrase?
Would be nice to have someone reply; with references, to prove or debunk this theory.
I very much doubt that the people downloading lord of the rings never actually bothered to pay for it later.
Most people I know download the movie instead of watching it in some overpriced cinema, in the case of lotr. I after went to see the last two in the cinema as the first was impressive.
I'm sure most people here on slashdot have also downloaded the movies... but then went out and purchased the super super incredibly stupidly long lotr edition on dvd.
Same happened with Sin City, was a good pirate, went again to the cinema as it was kick ass and will be sure to buy the dvd.
On occation I would download films that I would not even consider purchasing a cinema ticket or dvd for.
Heh they are so many films on sky movies that I would not normally watch.. I'm not going to run out and buy the dvd just because I decided to watch the film.
where is the loss of profit?
If its good I pay.. if its shit they should not expect money for trash.
To be honest the $20 dollers is not for plans as such.. The forums are where all the information is. They are a lot more then one set on plans on them for you to choose.. folded light design for instance using a mirror, mini projectors 8" or huge (over 21") lcd screen plans.
I don't regret paying as I got a cool projector, but it's upto you:)
I built my projector from lumenlabs a few months ago, have a nice 3 meter screen at 16ms response for playing counterstrike and films.
Cost me about £300 ( benq 15" lcd was most expensive bit) to build, Its so bright and sharp I put my friends £3000 projector to shame.
Took it outside during a bbq at night and projected on the back of my house with no problems either.. roughly 7 diag. meter screen from two white sheets:)
I wish they would just hurry up and push windows antispyware down with windows update. I know its not the best out; but it would stop 90% of support calls because some idiot has a pr0n dialer.
I've seen a few people offering security auditing and pay a stupid amount just to perform a nessus or or other out of the box scanner. Even worse then false positives are exploits actually getting missed... Sort of leaves a lot of companies with a false sense of security... Handy though if contracted with a pentest after;)
Yes you could say paranoid, Drives are encrypted including swap, use openbsd and SElinux. Encrypt my irc, newsgroups, mail, use Tor and ant tech for p2p, pgpnet between internal machines, pgp keys held offsite.
Not that I have much to hide, But learning to break your own protection methods and making stronger network implementations and anonymous applications is an interesting hobby:)
Though with no corporation backing this project I can not see it getting shutdown.. If thats actually what happened to zeroknowledge.. I hear the one they have atm is just a watered down version.
ok here are some examples though some cost a little.
Most IRC servers support ssl. in BitchX do:-
BitchX -SSL irc.foo.com 7000 (could be.com:7000) most servers tell you what the correct port is for ssl.
Xchat has the ssl libraries static so you can use it in windows aswell./server -SSL irc.foo.com 7000
both clients suffer on openbsd though so just setup stunnel if required I think they are both ok on freebsd now but not checked.
Newsgroups - well this is not a free option www.easynews.com offer secure connections and ssl downloads https://secure.members.easynews.com but can be a bit expensive.. or just use the ssl port on the easynews nntp server.
years ago they was a very cool client from http://www.freedom.net/ I have not tried it recently due to staying with linux and openbsd. But it would encrypt any of your traffic through its servers, encrypted in layers which was rather hard to trace...
Slashdot Mirror
Flickr can have a simple solution to this, If they change a few random colour or other attributes on the uploaded pictures they would render the stego. worthless.
Not exactly a new idea, goverments have been paranoid of "Terrorists" using stego on places like ebay for triggers.
More interesting projects, though off topic slightly; a method of obscuring your network communications and resolving key issues with stego (though I think the project stopped)
http://www.m-o-o-t.org/
They is also much more interesting uses for stego. in files, hdd slack space and this nice little project 4c.
http://dione.ids.pl/~shykta/
4c (or fourcrypt) is a multiple-file steganography program inspired by Michal Zalewski's twocrypt (2c) program, designed to be "subpoena-proof". It supports mixing between one and eight files with independent keys. The files are architecture-independant (tested on x86 and UltraSparc).
I hate to mention a company twice in a /. post but wouldn't you be exempt from giving out your private key when its not in your country?
if they wanted to get into your www.hushmail.com account but the encrypted data is not in the same country of law... would they still be able to make you divulge your passphrase?
Would be nice to have someone reply; with references, to prove or debunk this theory.
Looks like its time to educate about the use of pgp/gpg.
maybe www.hushmail.com would be a nice lazy start for people.
I very much doubt that the people downloading lord of the rings never actually bothered to pay for it later.
Most people I know download the movie instead of watching it in some overpriced cinema, in the case of lotr. I after went to see the last two in the cinema as the first was impressive.
I'm sure most people here on slashdot have also downloaded the movies... but then went out and purchased the super super incredibly stupidly long lotr edition on dvd.
Same happened with Sin City, was a good pirate, went again to the cinema as it was kick ass and will be sure to buy the dvd.
On occation I would download films that I would not even consider purchasing a cinema ticket or dvd for.
Heh they are so many films on sky movies that I would not normally watch.. I'm not going to run out and buy the dvd just because I decided to watch the film.
where is the loss of profit?
If its good I pay.. if its shit they should not expect money for trash.
Just walk around the company with a clipboard.. anyone confronts you ask for the name.. look pissed off and scribble on the clipboard ;)
Iirc antisniff would broadcast different types of packets and then measure the responses from hosts.. though its been years since used last.
probable better using antisniff from l0pht
To be honest the $20 dollers is not for plans as such.. The forums are where all the information is. They are a lot more then one set on plans on them for you to choose.. folded light design for instance using a mirror, mini projectors 8" or huge (over 21") lcd screen plans.
:)
I don't regret paying as I got a cool projector, but it's upto you
I built my projector from lumenlabs a few months ago, have a nice 3 meter screen at 16ms response for playing counterstrike and films.
:)
Cost me about £300 ( benq 15" lcd was most expensive bit) to build, Its so bright and sharp I put my friends £3000 projector to shame.
Took it outside during a bbq at night and projected on the back of my house with no problems either.. roughly 7 diag. meter screen from two white sheets
I have to admit, 5 or so years ago I thought the tv licence was worthless, Now I don't mind at all.
but.. maybe this is the bbc making a step towards a computer licence?
Tv content over internet would certainly blur the lines; enough for the goverment to warrant it anyway.
So Soon I can actually stay dead a year due to tax reasons?
Wouldn't plan9 be the best candidate for the cell processor?
If all these devices are connected with high bandwidth the unix developers that moved to develop plan9 may find this architecture ideal.
But I used to teach myself howto type using IRC or command line typing in the dark.
Yes the parents would not let me on the computer at night, But my typing would probable be a lot slower if the light was always on.
Hmm though with all the neon lights and things people mod boxen with its probable not very dark anymore.
I wish they would just hurry up and push windows antispyware down with windows update. I know its not the best out; but it would stop 90% of support calls because some idiot has a pr0n dialer.
would need to be "rm -rf ~/" but was not sure if he was on about the rm command in general
If your the only user on the box then I agree.
Wiping loads of other lusers shell accounts or wrecking a production server is another thing entirely.
Lets do "rm -rf /" and compare the results.
By 15 years and the way the worlds going ( development of EMP bombs ect) have to fall back to (RFC2549)
;)
Not that I'm cynical or anything
I've seen a few people offering security auditing and pay a stupid amount just to perform a nessus or or other out of the box scanner. Even worse then false positives are exploits actually getting missed... Sort of leaves a lot of companies with a false sense of security... Handy though if contracted with a pentest after ;)
Why not just use wine or crossover office If you rearly need it that bad.
I think crossover office is by codeweavers? also not sure if its free..
I only use it for my CV every so often.. otherwise its vi or openoffice.
Yes you could say paranoid, Drives are encrypted including swap, use openbsd and SElinux.
:)
Encrypt my irc, newsgroups, mail, use Tor and ant tech for p2p, pgpnet between internal machines, pgp keys held offsite.
Not that I have much to hide, But learning to break your own protection methods and making stronger network implementations and anonymous applications is an interesting hobby
its exactly that.
Though with no corporation backing this project I can not see it getting shutdown.. If thats actually what happened to zeroknowledge.. I hear the one they have atm is just a watered down version.
Was considering starting off a project like this a week or so ago.
Will be good to contribute to an open source project like this.
Though when http://freedom.net/ tried this years ago they suddenly stopped it.. Was not sure if this was due to legal issues or server strain.
ok here are some examples though some cost a little.
.com:7000) most servers tell you what the correct port is for ssl.
/server -SSL irc.foo.com 7000
i ltering/Hosted_Proxy_Services/ supply some good subscription based proxy services which just setup a vpn through your browser so no need to install a client.
s on.jeo8/section5.html
:)
Most IRC servers support ssl. in BitchX do:-
BitchX -SSL irc.foo.com 7000 (could be
Xchat has the ssl libraries static so you can use it in windows aswell.
both clients suffer on openbsd though so just setup stunnel if required I think they are both ok on freebsd now but not checked.
Newsgroups - well this is not a free option www.easynews.com offer secure connections and ssl downloads https://secure.members.easynews.com but can be a bit expensive.. or just use the ssl port on the easynews nntp server.
www
Again only free if you look hard enough but http://dmoz.org/Computers/Internet/Proxying_and_F
http://red-library.com/ have a proxy section if you don't care about encryption for normal browsing though.
years ago they was a very cool client from http://www.freedom.net/ I have not tried it recently due to staying with linux and openbsd. But it would encrypt any of your traffic through its servers, encrypted in layers which was rather hard to trace...
here is a small writeup on onion routing. http://zoo.cs.yale.edu/classes/cs490/00-01b/oh.ja
they are alternatives some odd p2p implementations floating around ect.
As always things can be used for bad aswell as good.. does not mean such services should seise to exist
hope this helps