Oh, don't misunderstand. I'm not saying it *IS* done, I'm just saying it CAN be done. This method has been used in cryptography for many years. There's no reason it can't be applied here -- of course that leads us back to the issue of reading the darn thing. Just because the disease is out there doesn't mean someone is susceptible. Same holds true here. Besides, Bruce, the article refers to whether or not data *WAS* being transmitted as a means of communications, not whether or not it COULD be done. If it technically were not possible, they wouldn't have bothered with the analysis in the first place. It further notes that it didn't see anything as part of a dictionary search, and admits the likelihood of steganographic data contained on Ebay was pretty low. I'm not disagreeing with any of this information. Further, let's build a little cipher ourselves, shall we? I've got 10 images. In these images I have codes which when examined with the right software reveal letters/numbers. I tell you that in a string of locations is the letter combos you're interested in. Boom. Over these ten images, I've tranmitted information to you *WITHOUT* changing the image one bit. I'm simply using what exists to home you in to locations which themselves are innocuous. In the process, I've sent you a message. Now, I don't mind someone yanking out a silver bullet and shooting me with it (hell, my wife does it to me all the time), but just because a group of people tested one direction of thought doesn't mean that all directions have been thoroughly considered and evaluated. Sometimes the blatantly obvious is the most overlooked -- such as using fully fueled airplanes as missiles. Cheers. Brennan -----Original Message----- From: Bruce Ediger [mailto:eballen1at_private] Sent: Friday, November 09, 2001 7:31 AM To: OBrien, Brennan Cc: vuln-devat_private Subject: RE: Infected jpeg files? On Thu, 8 Nov 2001, OBrien, Brennan wrote: > Given that images are a major way of transmitting encoded data, it > stands to reason that the hooks could exist -- that is, it could be a > transport mechanism. However, the viewer itself would have to know to The view that "internet images transmit encoded data" is thoroughly discredited: see http://www.theregister.co.uk/content/archive/21829.html Some researchers examined two million images from eBay, and found not a single image containing steganographically encoded data. Primary source: http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf But that's neither here nor there in the context of whether the dopey IE warning about viruses in images is correct.
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 10:53:11 PST