Information Security News mailing list archives
Re: Unix Security - Steganography
From: "Curt Bryson (NTI)" <curt () FORENSICS-INTL COM>
Date: Thu, 22 Feb 2001 10:35:06 -0800
I agree. This is just MHO, but I cannot see steg becoming as MUCH of an issue as many play it up to be. Yes, it's difficult to detect the histos, and yes it's quite a good way to protect WHATEVER the data is, whether porn, fraud, or legitimate information you want private. With only a handful of pseudo-successful techniques available to help ya find it... then what? Once found, it is also difficult at best to reverse or extract the info from the steg'd host. One factor will keep steg from wide-spread and common use: ease of use. It is one thing to steg something and transmit as long as it is a relatively small job or a focused pursuit. But humans will resist ubiquitous use of steg on a system until such time as it becomes easy. I recall the arcane command line for early PGP. I loved PGP and it's capabilities. I hated having to slow down and encrypt everything manually - batch files/shell scripts became a mandatory creation, heh. I therefore chose to protect only that information that REALLY needed encryption. That kind of flies in the face of certain philosophies; but it was human nature, so I did it. I have found that while criminals, for example, COULD steg everything incriminating to them; they don't. They are not without the human frailty of laziness. As soon as someone comes out with a transparent app, though, then I'll concern myself a bit more with the potentials of steg. Curt Bryson Computer Forensics/Internet Investigations Consultant New Technologies, Inc. http://www.forensics-intl.com 2075 NE Division St. Gresham, OR 97030 Ph: (503) 661-6912 Fx: (503) 674-9145 Email: curt () forensics-intl com -----Original Message----- From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of Blake Thomas M Civ AFRL/IFGB Sent: Wednesday, February 21, 2001 10:29 AM To: ISN () SECURITYFOCUS COM Subject: Re: [ISN] Unix Security - Steganography Hmmm...just FUD? I'm really starting to wonder about the stego area. The Mar 01 On Magazine article has at least a little detail on steganography. These tools are readily and cheaply available, yet Demcon has sold 100,000 copies of Steganos Security Suite. I can't buy too far into the idea that they are used for privacy/security alone. If I need privacy, encryption accomplishes that. Are they all engaging in kiddie porn? Probably not. Is it a big problem now? Probably not. Potential? Seems like it to me...but then I'm always looking behind me when I walk down a street. Tom (can't have too much paranoia) Blake
Sex, Drugs & Technology By Carole Fennelly
Once upon a time, Rock music was blamed for society's ills. People were warned about hidden messages in The Beatles' songs. Although I
. . .
Yet another story claims these tech-savvy terrorists use steganography, as well as cryptography, to hide their secret messages. Steganography is based on the notion of communicating without the communication being noticeable. The Greeks practiced steganography by writing messages on couriers' heads. People who intercepted the couriers, unable to find any messages in their possession, let them pass. The receiving General, however, knew where to look. Presumably, terrorists are embedding their encrypted data in pornographic files (those immoral terrorists), which are then extracted and deciphered by the intended recipients. Despite vague references to "unnamed" sources and "closed door" meetings, no one has made *any* evidence supporting these claims publicly available. Strangely enough though, the same computer security company is heavily quoted in both stories. technology.
ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN". ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Unix Security - Steganography InfoSec News (Feb 18)
- <Possible follow-ups>
- Re: Unix Security - Steganography Blake Thomas M Civ AFRL/IFGB (Feb 22)
- Re: Unix Security - Steganography Curt Bryson (NTI) (Feb 22)