2007-03-20

Speaking of steganography...

One of the true odd ducks of the internet, Shannon Larratt, created a good proof of concept for a randomized steganography implemented by using Markov chains. His post on his blog Zetastic.com two years ago showed his method and some sample meta code for the process. Also included is a demo Win32 app that performs the functions. One of my goals of re-learning C++ lately had been to write a simple function or library to preform a Markov
chain encoding for data. The main draw back to using this process is the vast increase of space needed to store the output. Every bit will be represented by a entire word of several bytes. One way to help with that may be to use a large randomized pad of data. Then use that instead of text for the seed.

This is one form for steganography that may be useful as a publicly visible data. Through a judicious use of seed text it may be possible to use a text that is both large, and contains very few "identifier" words that would reveal the original text. Thus, without the original text (seed/key) it may be impossible to generate the Markov chains and build the separate sets needed to decode the data.

2007-03-19

Outlaw information security tools and only the outlaws will have the security tools

While doing research into Steganography I looked at a couple of sources on wikipedia on organized crime and some of their applied uses. Organized crime still hasn’t fully adopted technology but is slowly getting there. Phishing scams and other online fraud schemes are netting a pretty penny now a day.

My point is not to illustrate organized crime as a "good" example of how to do things. My point IS to illustrate how an organization that relies on absolute secrecy to exist applies the principals that we have discussed in theory into practice.

Wikipedia has a prison tattoo section explaining prison tattoos and their meaning. Prison Tattoo’s in this context are a means to communicate social status and other intentions or proclamations. Tattooed illustrations containing metaphors such as status in a criminal gang or their intention to escape is one example. Japanese Yakuza publicly display the name of their gang on their storefront and on their clothing to identify themselves as a part of a gang.

La Cosa Nostra utilized a form of slang that baffled the FBI for a long time until the full lexicon of mafia terms was eventually discovered.

These examples show how Steganography was applied to mundane speech, body art and clothing styles that in the criminal context had a different meaning. The problem with this secret communication is that though the medium was secret, the information was not and thus vulnerable to discovery and interpretation by a third party.

It also illustrated to me the fatal flaw in Steganography which is security by obscurity which is a mantra often chanted by security guru's when addressing insecure weak proprietary security systems. However this being said, Steganography DOES buy time and help overcome passive discovery so when combined with good crypto it can be a part of a balanced communication strategy. Kind of like buying a box of SUPER ULTRA SUGAR SMACKS for your kid because its the only way you can get them to have milk in their diet.

http://en.wikipedia.org/wiki/Criminal_organization
http://en.wikipedia.org/wiki/Criminal_tattoo
http://en.wikipedia.org/wiki/Steganography

2007-03-04

15 minutes past midnight ... and all is well

Topics covered at 2600 were:

Linksys v6+ routers not handling extended port scans with nmap.
Clustering with Open Mosix
Favorite IRC chat clients.
Legal issues with dumpster diving

Discussed several scenarios where in-appropriate bodily functions could lead to severe beatings, a triathlon through briar invested woods or side splitting laughter when observing where said items landed.

.... And how the whole world is going to end in a magnificent atomic/economic fireball of doom ... (Thank you Eugene Rabinowitch) all this over a magnificently prepared fiery Thai food. (YUM!)

It was funny, it was the first time some of my cohorts acknowledged that perhaps this whole Iraq thing was a mistake.
Naw gee? Ya think?

2007-03-03

KC 2600 Meeting highlights

There's not a whole lot to report from 2600. I showed up on my suburban assault human-powered warcycle (with battery-powered accessories). As usual, we discussed a broad array of topics including caffeine abuse, war driving, geek culture of days gone by, snarge and a little bit of politics.

We had a new face at the meeting as well, which is usually a good thing. Afterwards, we went and stuffed our faces with delightfully spicy Thai food. Dumpster diving was a wash.