What is Digg?59 Comments
- lnxaddct, on 10/12/2007, -1/+36Detecting steganography like this is fairly trivial. A little statistical analysis will determine if a picture is hiding something or not. Pictures tend to have colors clumped together, and have them move or fade into each other in fairly predictable patterns. Just looking at the distribution of certain bits in the pixels can tell you if something seems fishy. At that point, it is a matter of extracting the data and decrypting it if it is encrypted. Even fizzyalex's referenced program isn't very smart (and the amount of data it hides is a pretty typical amount, nothing special. In fact if you compress first (it might), it would probably be a bit better). It all depends on how big you allow the delta between the new and old image.
Intelligent steganography programs store significantly less data, but they only hide it in "chaotic" regions of images, i.e. where there is a lot going on at the pixel level, and statistical analysis would be hard and/or useless. If you compress the message first, you should be able to store something worth hiding. The really good ones also hide two messages, one that is okay to be revealed and one that isn't. If you are forced to give up the password, you give the safe one and the person will receive some other data that in theory wouldn't incriminate you.
One other note about steganography that most people don't realize. *Never* use an image that you got off the net and *never* use a picture more than once. In fact, destroy the original file as best you can. Otherwise, a quick diff on the original and new images will reveal any hidden data (albeit if it is encrypted, decryption is still necessary). Happy hiding. - MajorMesses, on 10/12/2007, -5/+22just to clear something up, how many words (exactly) is a picture worth now? it's gotta be
- KYDS3K, on 10/12/2007, -2/+16Damn, and here I thought this was some kind of dinosaur handwriting . . .
- Kyoushu, on 10/12/2007, -2/+13Last I checked BlackBox was a gui for linux and windows. :P
- krandor, on 10/12/2007, -5/+14Great idea. But I'm a little hesitant to download anything from a site that looks like a pirate ship and calls it self Evil Systems. lol
- xst4t1kx, on 10/12/2007, -3/+12Submitter posts an grammatically corrected headlines'.
- UrlorJkron, on 10/12/2007, -1/+10He probably thought some readers wouldn't know what steganography was.
- colinodell, on 10/12/2007, -1/+9I'm guessing this one uses the popular method of changing the last bit of each color value. For example, to encode 01011101, you would need to change the first pixel's red to an even number, green to an odd, blue to an even, etc... by changing the last bit of each value. Works very good, but space is limited.
- sdwebguy, on 10/12/2007, -2/+8Ah .. there it is.... hidden underneath her smile. So dark the con of man....
- azureblue, on 10/12/2007, -1/+7It's aimed at BMP files, which I don't think offer any sort of compression. Also, when it says "no change to the image", it really means "no human perceptable change". The container file will have to be significantly bigger than the embedded data to be able to "absorb" it - maybe 1 hidden bit per original byte? So your 3~4MB mp3 will need a 24~32MB container file. The lossy compression of JPEG makes things a whole lot more complicated, probably making that 8:1 ratio a whole lot worse.
- jlylereeves, on 10/12/2007, -2/+7Instructions to hide message in BMP in plain sight.
1)Open Paint
2)Click Text tool
3)Type secret message
4)Save & attach to email
5)Realize you have nothing important enough to say that warrants hiding messages - sanza, on 10/12/2007, -2/+7Surely no one would ever suspect that a 5 meg JPG would be hiding something...
:-) - DrRo183, on 10/12/2007, -2/+7You're right about the limited space. On a picture 1024x768, it couldn't store very much, maybe a paragraph. I wrote something similar in JAVA. But how exactly can steganalysis (reverse-steganography) work?
- fizzyalex, on 10/12/2007, -1/+5Here's an example of a "tagged" image and the original..
http://www.basicreations.com/images/ice_original.bmp
http://www.basicreations.com/images/ice_modified.bmp - BufordT, on 10/12/2007, -3/+7Could it be that when this was exposed, they stopped doing it? And 2 million images is surely only a drop in the bucket for the amount of images on the internet. Maybe they should have sampled 500,000,000 randomly selected images, not just from Ebay.
- Gutterpunk, on 10/12/2007, -1/+5Its there, its hidden in the "digg it" button. Click on it to see it
/not submitter. - profJohn, on 10/12/2007, -7/+11Umm.. who uses bmp anymore?
- kyleblind, on 10/12/2007, -2/+5This kind of thing has always facinated me. I've seen programs that can even hide pictures within pictures using almost the same method.
- SuperOmegaSlack, on 10/12/2007, -1/+3I played with steghide for freebsd and it just made the file size increase a few bytes but there was no noticeable loss in quality...but I thought it was easy for someone (NSA) to see that the picture is hiding something because of how it changes the data? Sucks it only uses bitmaps though.
- FuzzyOnion, on 10/12/2007, -0/+2The whole reason for using steganography is to hide the fact that there's an image at all.
Using steganography has a number of costs:
1. You have to generate a special container (in this case, an image) just for the message. You can't use any old thing since someone could find it and compare the two.
2. For the same reason you have to destroy the original container file afterward.
3. The image has to be significantly larger than the message, meaning it takes up more space, more bandwidth, etc...
Thus, if you're going to undertake all of those costs, you want it to be successful, meaning that it hides the fact that there's a message at all.
If you don't care that they (whoever they are) know there's a message, it's better just to send the encrypted text itself, since it's a lot smaller and doesn't require special preparations.
On the other hand, encryption will make the data more random, possibly making detection that there is a message harder. - Technopundit, on 10/12/2007, -1/+3The English-speaking world hides sentence structure in full sight, yet most of Asia is unable to see it.
True!! - lnxaddct, on 10/12/2007, -1/+3distrbance,
The bitmap is changed, it is just supposed to be small enough that it can't be perceived. If you ever hear the claim that a program is hiding data in an image without changing the image at all, it is a lie and/or they are putting the data in a separate section of the file like metadata or after the image data. Don't use those programs. - aboutblank, on 10/12/2007, -1/+3http://niels.xtdnet.nl/stego/usenet.php
They used automated tools to scan Ebay and USENET (3 million+ images) for steganography and didn't find a single message. - TheG2, on 10/12/2007, -3/+5So you've never used TPB?
- bjnord, on 10/12/2007, -0/+1One tricky thing here can be that altering the lower bits can create patterns that can be detected. See the Outguess site (http://www.outguess.org/) for more info on detecting the steganography, as well as trying to hide more effectively from such detection.
- TheG2, on 10/12/2007, -1/+2Hmm, something I noticed after using this..
Encode a picture, and if you open Window Picture Preview (sorry Linux users) and switch between the original picture and the new one, you can see that the newer (with the "hidden message") is actually a bit wider, it appears that the program does something towards the center of the image. - Cameleopard, on 10/12/2007, -0/+1I've noticed this happening with normal, non-stegnographic images. For me, it seems to happen between generations of an image I'm working on in Photoshop. The affected images are always the same dimensions, but there's some small shift so that one looks wider than the other.
- edgardcastro, on 10/12/2007, -1/+2Well... Let them detect... But not read. Just use PGP. :D
- palmer, on 10/12/2007, -0/+1Stegosaurus could hide large things by standing in front of them.
- Cameleopard, on 10/12/2007, -0/+1There actually is a perceptible difference between the images. Specifically, her bosom, where the light is glancing off it at the bottom right, is less vibrant in the modified version. Not that you would notice that from just looking at that image alone; it's only noticeable in comparison.
- stuffhappens, on 10/12/2007, -2/+3Sadly this is Digg. We've obviously been fed enough stuff on prime numbers and now a few souls have 'rediscovered' this fascinating subject during a Google search so here we are.
Looking forward to the Digg Tesla Coils season, the Digg make-your-own-tornado-in-a-plastic-soda-botttle fest, 1001 wacky things to do with cornstarch and surely we've not had a Firefox extensions list for, oh, half an hour now. - formatreinstall, on 10/12/2007, -0/+1I wonder if David Lanham knows these guys took his Puft system icon for their app, and I wonder if he got royalties... http://www.dlanham.com/goodies/puft/
- sanza, on 10/12/2007, -1/+1Not to mention the spelling/grammatical errors throughout the descriptions...
- inactive, on 10/12/2007, -2/+2@kludger:
See lnxaddct's post above. It is possible to hide data without it being easily detectable. I myself have posted steganographic images on eBay several times (more as a hidden watermark than anything else, but still..). So obviously the report you quoted is either wrong or they didn't do an extensive enough study.
My guess would be that most of the hidden messages on eBay would be in the crappy "spam" auctions that never get any bids. A lot safer that way. - kb9vgr, on 10/12/2007, -2/+2a good tool that can also hide stuff on a wav is calles Stools, s tools or somthing like that i hade a puzzle where i had to pull a wav out of a pic then text out of the wav it was awsome
- Kained, on 10/12/2007, -1/+1I also did this for my dissertation, sound files were one of the options i looked at but basically any data file could be used to hide data as long as there was enough material. Take for instance the recent increase in the use of video files.
Distorting the original data can also be reduced by changing the way you read the file. You don't need all the bits or if you do, you don't need to read them consecutively but could read them according to a randomised key that takes into account the structure of the data. This leads into combining traditional encryption with steganography.
. - kludger, on 10/12/2007, -6/+6Complete *****.
http://www.newscientist.com/article.ns?id=dn1340
"New research indicates that terrorists are not using advanced computer tools to hide messages in innocuous-looking web images.
In February 2001, US agents suggested that terror groups, including Osama Bin Laden's al-Qaida organisation, were hiding messages in web images. The FBI has suggested that recent terrorist atrocities in the US could even have been co-ordinated using images uploaded to ordinary internet sites such as eBay.
Now Niels Provos and Peter Honeyman of the University of Michigan have found strong evidence suggesting such steganography - the science of obfuscating communications - is not used. They used detection software and brute force computing power to scan millions of images posted to the internet and found no hidden messages.
"We have analysed over two million images downloaded from eBay but have not been able to find a single hidden message," they write in their paper, Detecting Steganographic Content on the Internet." - FuzzyOnion, on 10/12/2007, -1/+1Oops. First sentence should be "... to hide the fact that there's a message at all."
- SpringDog, on 10/12/2007, -2/+2A friend of mine did something like this for his senior Computer Science thesis. However, instead of encoding the data in an image, the data was stored in a WAV/MP3. It actually doesn't matter what medium you store the data in, you just have to be sure 1) the "container" is actually big enough to contain the data; 2) you don't clobber any necessary data (e.g. headers/meta-data); and 3) the resultant product is noticeably changed.
- critic, on 10/12/2007, -1/+1I'd like to try this. Could you provide a link to some freeware that would hide a picture within a picture?
TIA - Critic - fab13n, on 10/12/2007, -2/+1"no changes [...] such as its file size".
However, you've added information, so you've added entropy has well. Due to non-compression of the BMP format, it doesn't show on the uncompressed size, but if you compress it with whatever zip/bzip2/arc/gif-or-any-losseless-conversion, you'll see that the steganographied image typically compresses less than a normal one. This is an easy test to set up.
Then again, chances are that this soft just uses least significant bits to encode your data. Suppress all the bits except these, and I bet you'll get an unusually noisy pattern. - ibanix2003, on 10/12/2007, -1/+0Many low-quality tools "hide" data by appending it to the file after the "end of image" marker. These are laughably easy to defeat.
For analysis of a dozen poor stegano tools, see http://www.guillermito2.net/stegano/ - inactive, on 10/12/2007, -7/+6sorry to break it to you, but they already do this. It was used extensively in 911 planning and many other attacks, as is the belief of most authorities.
- sgtawol, on 10/12/2007, -2/+1Did something like this in graphics class. Was cool, but nowhere near this level.
- barbobot, on 10/12/2007, -3/+2The gimp can do this too
- kakos, on 10/12/2007, -8/+7So, isn't this headline a bit redundant? Realy, he could have just said "Steganography app".
- donquixote235, on 10/12/2007, -2/+0There was an app a few years back that did the same thing, but it could also hide in a WAV file. Unfortunately I lost the link a long time ago...
- hawkmucci, on 10/12/2007, -4/+2sadly, when i was in middle school i used a stego program to hide pr0n pictures from my father on the family pc. whoops!
- Rupus, on 10/12/2007, -3/+0Even better was Stash-It, if you can find a copy (no longer officially available).
-
Show 51 - 60 of 60 discussions
Check out the new & improved 
© Digg Inc. 2009
— Content created and posted by Digg users is 
