RE: "Camera/Shy the Steganographical Browser"

From: the Pull (osioniusxat_private)
Date: Tue Oct 15 2002 - 14:05:45 PDT

Next message: Jacek Lipkowski: "Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches"

Previous message: drorshalevat_private: "Who Need Friends ? IE & MSN expose contact list & other info"
Maybe in reply to: ttudiaat_private: ""Camera/Shy the Steganographical Browser""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Software may be written to operate with a modified
"ExtractSteganography" that can examine the resultant string as such:
>  + IF several printable bytes are followed by 0x00 
>  + THEN flag image and store extracted data
>
>Knowing this, it is TRIVIAL to write an automated
>application which could quickly examine a set of
>suspect images,
>locally or online, determine whether they are
>"Camera/Shy" and
>act according to its findings.
>ie: notify administration, block host/s, etc 

Three points. 

One, Camera/Shy is clearly marked as Beta. In fact, the
current version is 0.2.23.1. We totally want help on this application.
We have used SourceForge because we want developers to be able to help
on this. 

Two, the FAQ - which has been carefully translated - very specifically
notes already that the gifs may be easily detected by using software
analysis. It notes we understand we will have to manually change the 
protocol used on a regular basis. Workarounds have already been stated
within the FAQ at the top of the list. It notes that the strength of
the application is in hiding images on pro-"Communist" sites and in
planting fake images through out the web. In this way the "Communist"
regime must expend a great deal of time and resources and follow
bad leads.

So, on one hand, this is a high priority known bug... on the other
hand it is stated that we realize there is not a fool proof method
to hide content in gif images at all -- excepting a few methods which
forego usability completely allowing only very short messages. This
said, this particular signature bug will be munged.

That said, the bug in the implementation of the encryption, a popular
library used in Camera/Shy... is simply a new bug entirely which will
be
fixed as high priority.

Third, you have total right to email the author and actually submit
bugs, submit code, submit translations.


Cheers,

 the Pull

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

Next message: Jacek Lipkowski: "Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches"
Previous message: drorshalevat_private: "Who Need Friends ? IE & MSN expose contact list & other info"
Maybe in reply to: ttudiaat_private: ""Camera/Shy the Steganographical Browser""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 15 2002 - 14:46:53 PDT