Re: CRIME Steganography software for the masses

From: Toby (toby@private)
Date: Sun Jul 14 2002 - 21:19:04 PDT

  • Next message: Paul Farrier: "RE: CRIME Steganography software for the masses"

    Or feed it as porn site advertising through any of the various UseNet
    newsgroups.
    Maybe it means one thing in comp.sci.virus and something completely
    different
    in alt.sex.beastiality.barney.die.die.die
    
    Or you could create a set of DNS records that would provide the information
    in a simple obfuscation of encrypted text turned into hostnames (as was
    done
    with DeCSS at one point) and then use a simple program to collect them and
    decode it all.....
    
    The ways to do this are so numerous and as you get more paranoid you can
    get
    more silly with them (maybe the number of addresses in the "to" line
    indicates the priority?).
    
    t
    
    Alan writes:
    
    > On Sun, 2002-07-14 at 13:19, Crispin Cowan wrote:
    > > Shaun Savage wrote:
    > > 
    > > > Here is an announcment for a new steganography software
    > > > What do people think? 
    > > 
    > > I think that the best stego is where (say) the count of how many pounds 
    > > of explosives to use is equal to the number of open buttons on the 
    > > Japanese schoolgirl's uniform on underage-hentai-pr0n.com.  No steg 
    > > detect software in the world will ever detect it.
    > > 
    > > Not so great for bandwidth, but I conjecture that most applications that 
    > > requre stego are actually very low bandwidth. And this has been done for 
    > > years; cheesy old movies had WW II agents communicating by placing ads 
    > > in the London Times classified section.
    > 
    > There is an even better method.
    > 
    > People pay attention to hentai pr0n.  They archive it.  For this sort of
    > message you want messages that will not only not be archived, but will
    > be actively destroyed when found.
    > 
    > The true stego opportunity is *spam*!
    > 
    > Spam is actively ignored.  It is not read.  It is deleted without a
    > thought.
    > 
    > The instructions could be "When you get a chain letter from an Egyptian
    > Travel company through the CRIME list, start the plan in motion.".
    > 
    > Actually *anything* can be used to pass information of this sort.  "One
    > if by land and two if by sea."
    > 
    > And there is *nothing* you can do about it without blocking all
    > communication.
    > 
    > Furthermore, it makes it easier to make your enemy paranoid by creating
    > a bunch of false stegoed information.  The assumption is if there is
    > stegoed information there, it must mean something.  Maybe it means you
    > are wasting your time.  (Encrypted data and random data look very
    > similar, if you do it right.  And random data is about as easy to
    > create.)
    > 
    > And the more you think about ways it could be done, the more you come up
    > with and the more paranoid you become.  The cycle feeds upon itself
    > until you start ranting about "Digital Pearl Harbors occurring every
    > day" and the ratio of coffee consumption to security professionals.
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Sun Jul 14 2002 - 22:17:19 PDT