Steganography is the art of hiding things in plain sight: for example, secretly encoding a message in an image by flipping the least-significant bit in each pixel to create a binary string that can be decoded as text.
Read the rest “Hide and seek: A catalog of useful steganography tools”
Most military underwater surveillance systems filter out whale calls along with other ambient ocean noise. This inspired researchers from China's Tianjin University to create a form of "bio-inspired steganography" in which recordings of whale songs can be edited to contain secret messages and then electronically transmitted underwater. From Newsweek:
In research published in IEEE Communication Magazine, the team said there are two ways to hide signals in whale pulses—changing the signal to include encrypted information or making the signal weaker.
The former is problematic because it would stand out from other naturally occurring signals, Jiang told SCMP. However, the second method holds promise. Researchers could build a coding system around the whale sounds. They could then edit whale sounds so they are indistinguishable from other whale calls. When they are received by the coding system, they can be deciphered. The main drawback for this approach is that it would be difficult to send a message over a long distance.
"Bio-Inspired Steganography for Secure Underwater Acoustic Communications" (IEEE Communications)
Image: "A mother sperm whale and her calf off the coast of Mauritius" by Gabriel Barathieu Read the rest “Hiding secret messages in whale song”
Ben Cartwright-Cox observed that he could modulate the bass frequencies in electronic dance music/dubstep in a way that was easy to detect with a signal processor and inaudible to his unaided ears, so he wrote some code to hide messages in the wubwubwub.
Read the rest “Stego for Skrillex: hiding data in dubstep drops”
In a paper published by the International Association for Cryptologic Research, a group of Harvard and MIT cryptographers demonstrate that even if the government were to backdoor encryption and lock up anyone who used non-backdoored systems, people could still hide undetectable, secure, private messages within the messages sent over the compromised systems.
Read the rest “Even if governments backdoor crypto, they still won't be able to spy on terrorists”
Quelli che il Calcio (That which is Football) is one of Italy's top sports broadcasts and it is played in the country's prisons; it has a ticker that you can send SMSes to that then show up on screen. Read the rest “Mafia used the text-message ticker at the bottom of a sports broadcast to get messages to mob bosses”
Eset's report on Stegano, a newly discovered exploit kit, reveals an insanely clever, paranoid, and devastatingly effective technique used by criminals to infect their victims' computers by hiding malicious code in plain sight on websites that accepted their innocuous-seeming banner ads. Read the rest “For two years, criminals stole sensitive information using malware hidden in individual pixels of ad banners”
In an amazing, long, in-depth investigative piece, Wired's Andy Greenberg recounts the story of North Korean dissidents who have escaped, but who mastermind ambitious smuggling efforts that send thousands of USB sticks and SD cards over the border stuffed with pirate media: Read the rest “North Korean defectors undermine totalitarianism with smuggled pirate sitcoms”
Buzzing around the internet this week: Polish security researcher and professor Wojciech Mazurczyk (left) claims to be developing a way to hide secret, un-eavesdroppable messages in "silent" packets transmitted within Skype conversations. He and his team plan to present SkypeHide at a steganography conference in Montpellier, France, this coming June. VentureBeat has a writeup here. The ease with which Skype can be snooped by law enforcement is well-known. I'll be interested to hear what other security researchers make of Mazurczyk's project, when and if it is eventually released. Read the rest “SkypeHide promises to hide secret messages in silent Skype packets, even when authorities are listening”
A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.
Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.
Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."
But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.
China tightens 'Great Firewall' internet control with new technology [Charles Arthur/The Guardian] Read the rest “Great Firewall of China nukes VPNs on sight”