# # Steganography
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Steganography

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© January 2006 Michael Desrosiers
Michael Desrosiers

As you might have noticed the look, smell and taste of the monthly ITSecure SecurityFacts e-newsletter is the same. What has changed is our name. We are extremely excited about our new name, m3ip and hope that our new format will provide a better understanding of what our firm can do for you regarding risk mitigation and management consulting.

This informational e-newsletter is intended to raise the level of awareness within the user community. If you deem it to be spam or irrelevant in your environment just send us an email at [email protected] and in the body of the message type in "no mas". We will not take it personally.

This month's topic is about steganography, the art of hiding information by embedding messages within other seemingly harmless messages. After last weeks latest patch from Microsoft regarding the extremely critical .wmf Metafile error handling vulnerability, we think now would be a good time to explain how these types of exploits could be used in a so called "zero-day" scenario using steganography.

Steganography which basically means covered writing, dates back to ancient Greece where common practice consisted of etching messages in wooden tablets. There are numerous steganographic methods that everyone is familiar with, ranging from invisible ink and Morse Code to a hidden message in the last letter of each word of a large body of text and spread across the full spectrum of a radio transmission. With computers and networks, there are many other ways of hiding information, such as:


Hiding files in "plain sight";
Covert channels between hackers and compromised systems;
Null ciphers;
Hidden text within certain web pages.

Let's take what constitutes a null cipher. If myself and another person had previously agreed that when we correspond by email that just the first letters of our paragraph's words would have meaning, we could decrypt the information that was truly meaningful.

Below is an example that I found on the on-line encyclopedia site, Wikipedia:

From:

News Eight Weather: Tonight increasing snow. Unexpected precipitation
smothers eastern towns. Be extremely cautious and use snowtires especially
heading east. The highway is not knowingly slippery. Highway evacuation
is suspected. Police report emergency situations in downtown ending near
Tuesday.

To:

Newt is upset because he thinks he is President.
 

There are a number of uses for steganography. One of the most widely used applications is for digital watermarking. A watermark historically is the replication of an image, logo or text on paper stock so that the source of the document can be at least partially authenticated. A digital watermark can accomplish the same function. A graphic artist for example, might post sample images on her Web site complete with an embedded signature so that she can later prove her ownership in case others attempt to portray her work as their own. There also is another method or use, which is currently being used by the cracker community. There are several examples that they are using steganography to embed messages for their groups within images that are posted to known web sites.

Steganography is significantly more sophisticated than the examples above suggest, allowing someone to hide significant amounts of information within image and audio files. These forms of steganography often are used in conjunction with cryptography so that the information is doubly protected, first it is encrypted and then hidden so that an individual has to first find the information and then decrypt it.

There you have it. Steganography is a really interesting subject and outside of the mainstream cryptography and system administration that most of us deal with on a daily basis.

To respond to this or previous newsletters or to inquire about an on-site presentation, please feel free to call us at 508-995-4933 or email us at [email protected]


Regards,

Michael Desrosiers
Founder
m3ip, Inc.
We Manage Risk, So You Can Manage Your Business
(O)508-995-4933
(C)774-644-0599
[email protected]
http://www.m3ipinc.com

If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> Steganography


Inexpensive and informative Apple related e-books:

Photos: A Take Control Crash Course

El Capitan: A Take Control Crash Course

Photos for Mac: A Take Control Crash Course

iOS 8: A Take Control Crash Course

Take Control of Pages





More Articles by © Michael Desrosiers





Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





Anyone who slaps a 'this page is best viewed with Browser X' label on a Web page appears to be yearning for the bad old days, before the Web, when you had very little chance of reading a document written on another computer, another word processor, or another network. (Tim Berners-Lee)




Linux posts

Troubleshooting posts


This post tagged:

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode