Return-Path: <sentto-279987-2366-1001480071-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 25 Sep 2001 21:55:10 -0700 (PDT) Received: (qmail 24409 invoked by uid 510); 26 Sep 2001 04:54:50 -0000 Received: from n31.groups.yahoo.com (216.115.96.81) by 204.181.12.215 with SMTP; 26 Sep 2001 04:54:50 -0000 X-eGroups-Return: sentto-279987-2366-1001480071-fc=all.net@returns.onelist.com Received: from [10.1.4.55] by hp.egroups.com with NNFMP; 26 Sep 2001 04:54:31 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_3_2_2); 26 Sep 2001 04:54:31 -0000 Received: (qmail 11997 invoked from network); 26 Sep 2001 04:54:30 -0000 Received: from unknown (10.1.10.26) by l9.egroups.com with QMQP; 26 Sep 2001 04:54:30 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 26 Sep 2001 04:54:30 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id VAA09425 for iwar@onelist.com; Tue, 25 Sep 2001 21:54:30 -0700 Message-Id: <200109260454.VAA09425@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 25 Sep 2001 21:54:30 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Massive.search.reveals.no.secret.code.in.web.images] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Massive search reveals no secret code in web images 15:56 25 September 01 Will Knight New research indicates that terrorists are not using advanced computer tools to hide messages in innocuous-looking web images. In February 2001, US agents suggested that terror groups, including Osama Bin Laden's al-Qaida organisation, were hiding messages in web images. The FBI has suggested that recent terrorist atrocities in the US could even have been co-ordinated using images uploaded to ordinary internet sites such as eBay. Now Niels Provos and Peter Honeyman of the University of Michigan have found strong evidence suggesting such steganography - the science of obfuscating communications - is not used. They used detection software and brute force computing power to scan millions of images posted to the internet and found no hidden messages. "We have analysed over two million images downloaded from eBay but have not been able to find a single hidden message," they write in their paper, Detecting Steganographic Content on the Internet. Redundant code Messages can be hidden within redundant parts of the digital information used to generate images in formats such as JPEG. This offers advantages over encryption, which only hides the meaning of a message, because the message itself disappears. Provos and Honeyman ran computer programs to analyse the digital information behind images and identify any portions that might have been altered. They further checked these portions to see if any changes could be explained by normal copying errors. The pair employed a bank of distributed computers to check through millions of images. After weeks of analysis, however, they found no hidden messages. Extra layer The technique may not be infallible. The methods used by Provos and Honeyman were particularly aimed at uncovering use of steganographic tools already released on the internet. There are more advanced methods of hiding communications within images that involve using active, as well as redundant parts, of the underlying code. Sushil Jajodia of the Centre for Secure Information Systems at George Mason University in Virginia, US, says that this could have evaded detection but would require considerable technical sophistication. Jajodia says that a message might also be encrypted before hiding. "This would add an extra layer of security," he says. But he also stresses that there are far simpler methods for hiding communications. Using a code word in a telephone conversation or a radio broadcast would provide a far easier way to communicate in secret, he says. Magnus Ranstorp, of the Centre for the Study of Terrorism and Political Violence at the University of St Andrews in the UK, agrees. He told New Scientist: "These groups do use encryption, but some of the most important information is relayed non-technologically, it is often carried by human couriers." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/XrFcOC/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:49 PDT