funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Image forensics

From: Dan Kaminsky <dan () doxpara com>
Date: Mon, 28 Dec 2009 04:16:37 +0100
Neal's code is neat and pretty, but chapter and verse is no substitute  
for open code and side by side checks. A LOT of his output bears a  
strong resemblence to edge detection (really, look for high frequency  
signal, it'll show up in every test).

I want to be clear, I have no doubt whatsoever that he's using the  
techniques as described. I also dont doubt the fundamental thesis that  
some manipulation can be detected (especially in a trivial case like  
'was this image downsized' or 'was this saved by Photoshop instead of  
a Canon camera', which is obvious from quantization tables if not from  
the raw EXIF). But some of these techniques feel a little interpret-y.  
More samples would be great.





On Dec 28, 2009, at 3:21 AM, "Rob, grandpa of Ryan, Trevor, Devon &  
Hannah" <rMslade () shaw ca> wrote:


An interesting analysis of a graphic recently used by Victoria's  
Secret in their
advertising.  This gives chapter and verse of the techniques used,  
and results
obtained, demonstrating the ability to determine if an image has  
been altered, and
even which parts of an image have been modified, and how.

http://www.hackerfactor.com/blog/index.php?/archives/322-Body-By-Victoria.html

I find this particularly interesting because of the apparently  
widely held belief that
steganography is "undetectable" without comparision to the original  
image.  Most
of the "Photoshop disasters" are glaringly obvious to the naked  
eye.  As this
demonstrates, analysis and detection of modification is easily  
accomplished, even
when the differences are not apparent to the human eye.  (Well,  
except for the
straps.  That was pretty stupid ...)

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
     I live in my own little world, but it's OK, they know me here.
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/ 
index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/NoticeBored http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: