Beware the rogue .wav file. Read the rest
Beware the rogue .wav file. Read the rest
Unicode includes six "zero-width characters" that are not visibly rendered in browsers (U+FEFF, U+200C, U+200D, U+200E, U+2060, U+180E) -- they're used for some specialized cases in rendering non-Roman alphabets. Read the rest
Self-described "creative coder" Neal Agarwal has come up with a method for hiding images in text that only appear when you highlight the words; I'm guessing he's using some kind of character-by-character "highlight" attribute in CSS/HTML5, but I'm not really certain. It's a super fun example of steganography, though, and would be really fun for some kinds of online puzzles, or spoiler reveals in posts, etc. Read the rest
Steganography is the art of hiding things in plain sight: for example, secretly encoding a message in an image by flipping the least-significant bit in each pixel to create a binary string that can be decoded as text. Read the rest
Most military underwater surveillance systems filter out whale calls along with other ambient ocean noise. This inspired researchers from China's Tianjin University to create a form of "bio-inspired steganography" in which recordings of whale songs can be edited to contain secret messages and then electronically transmitted underwater. From Newsweek:
In research published in IEEE Communication Magazine, the team said there are two ways to hide signals in whale pulses—changing the signal to include encrypted information or making the signal weaker.
The former is problematic because it would stand out from other naturally occurring signals, Jiang told SCMP. However, the second method holds promise. Researchers could build a coding system around the whale sounds. They could then edit whale sounds so they are indistinguishable from other whale calls. When they are received by the coding system, they can be deciphered. The main drawback for this approach is that it would be difficult to send a message over a long distance.
"Bio-Inspired Steganography for Secure Underwater Acoustic Communications" (IEEE Communications)
Ben Cartwright-Cox observed that he could modulate the bass frequencies in electronic dance music/dubstep in a way that was easy to detect with a signal processor and inaudible to his unaided ears, so he wrote some code to hide messages in the wubwubwub. Read the rest
In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems. Read the rest
Adversarial examples have torn into the robustness of machine-vision systems: it turns out that changing even a single well-placed pixel can confound otherwise reliable classifiers, and with the right tricks they can be made to reliably misclassify one thing as another or fail to notice an object altogether. But even as vision systems were falling to adversarial examples, audio systems remained stubbornly hard to fool, until now. Read the rest
Quelli che il Calcio (That which is Football) is one of Italy's top sports broadcasts and it is played in the country's prisons; it has a ticker that you can send SMSes to that then show up on screen. Read the rest
Eset's report on Stegano, a newly discovered exploit kit, reveals an insanely clever, paranoid, and devastatingly effective technique used by criminals to infect their victims' computers by hiding malicious code in plain sight on websites that accepted their innocuous-seeming banner ads. Read the rest
In an amazing, long, in-depth investigative piece, Wired's Andy Greenberg recounts the story of North Korean dissidents who have escaped, but who mastermind ambitious smuggling efforts that send thousands of USB sticks and SD cards over the border stuffed with pirate media: Read the rest
Buzzing around the internet this week: Polish security researcher and professor Wojciech Mazurczyk (left) claims to be developing a way to hide secret, un-eavesdroppable messages in "silent" packets transmitted within Skype conversations. He and his team plan to present SkypeHide at a steganography conference in Montpellier, France, this coming June. VentureBeat has a writeup here. The ease with which Skype can be snooped by law enforcement is well-known. I'll be interested to hear what other security researchers make of Mazurczyk's project, when and if it is eventually released. Read the rest
A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.
Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.
Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."
But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.