more reports of terrorist steganography

Thread: more reports of terrorist steganography

Search this list only Search all lists
more reports of terrorist steganography
	2007-08-20 09:59:50
http://www.esecurityplanet.com/prevention/article.p hp/3694711 I'd sure like technical details... --Steve Bellovin, http://www.cs.columbi a.edu/~smb ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: more reports of terrorist steganography
United States	2007-08-20 12:22:38
That's a pretty in-credible report. Emphasis on "in-". It's disturbing to see "Security Researchers" so willing to trade on rumors in order to be quoted in the press. The conclusion is pretty confusing. > Conclusion > Internet-based attacks are extremely popular with terrorist > organizations because they are relatively cheap to perform, offer a > high degree of anonymity, and can be tremendously effective. Perhaps author Jeffrey Carr should stick to coverage of 'semantic and geospatial intelligence applications'. I'd sure like credible details... On Aug 20, 2007, at 10:59 AM, Steven M. Bellovin wrote: > http://www.esecurityplanet.com/prevention/article.p hp/3694711 > > I'd sure like technical details... > > > --Steve Bellovin, http://www.cs.columbi a.edu/~smb ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

RE: more reports of terrorist steganography
United Kingdom	2007-08-20 12:32:46
On 20 August 2007 16:00, Steven M. Bellovin wrote: > http://www.esecurityplanet.com/prevention/article.p hp/3694711 > > I'd sure like technical details... Well, how about 'it can't possibly work [well]'? " [ ... ] The article provides a detailed example of how 20 messages can be hidden in a 100 x 50 pixel picture [ ... ] " That's gotta stand out like a statistical sore thumb. The article is pretty poor if you ask me. It outlines three techniques for stealth: steganography, using a shared email account as a dead-letter box, and blocking or redirecting known IP addresses from a mail server. Then all of a sudden, there's this conclusion ... " Internet-based attacks are extremely popular with terrorist organizations because they are relatively cheap to perform, offer a high degree of anonymity, and can be tremendously effective. " ... that comes completely out of left-field and has nothing to do with anything the rest of the article mentioned. I would conclude that someone's done ten minutes worth of web searching and dressed up a bunch of long-established facts as 'research', then slapped a "The sky is falling! Hay-ulp, hay-ulp" security dramaqueen ending on it and will now be busily pitching for government grants or contracts of some sort. So as far as "technical details", I'd say you take half-a-pound of security theater, stir in a bucket or two of self-publicity, season with a couple of megabucks of goverment pork, and hey presto! Tasty terror-spam! BTW, I can't help but wonder if "Secrets of the Mujahideen" refuses to allow you to use representational images for stego? (BTW2, does anyone have a download URL for it? The description makes it sound just like every other bit of crypto snakeoil; it might be fun to reverse engineer.) cheers, DaveK -- Can't think of a witty .sigline today.... ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

Re: more reports of terrorist steganography
United States	2007-08-20 13:42:47
Dave Korn wrote: > > That's gotta stand out like a statistical sore thumb. > > > The article is pretty poor if you ask me. It outlines three techniques for > stealth: steganography, using a shared email account as a dead-letter box, and > blocking or redirecting known IP addresses from a mail server. Then all of a > sudden, there's this conclusion ... > > " Internet-based attacks are extremely popular with terrorist organizations > because they are relatively cheap to perform, offer a high degree of > anonymity, and can be tremendously effective. " > > ... that comes completely out of left-field and has nothing to do with > anything the rest of the article mentioned. I would conclude that someone's > done ten minutes worth of web searching and dressed up a bunch of > long-established facts as 'research', then slapped a "The sky is falling! > Hay-ulp, hay-ulp" security dramaqueen ending on it and will now be busily > pitching for government grants or contracts of some sort. This struck me oddly as well. I cannot think of a single significant Internet attack which has been traced to any terrorist organizations. I would agree that this article seems to be designed to alarm rather than inform, and, no doubt, pick up a government contract. Additionally, the author seems to make a big deal about asymmetric encryption without considering how key exchange is accomplished. The logistics of key exchange remains one of the vulnerabilities any asymmetric encryption system. -- ------------------------------------- sjkcupacoffee.net No one can understand the truth until he drinks of coffee's frothy goodness. ~~Sheik Abd-al-Kadir ------------------------------------------------------------ --------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomometzdowd.com

[1-4]

about | contact Other archives ( Real Estate discussion Medical topics )