Vulnerability Development mailing list archives
RE: Infected jpeg files?
From: "OBrien, Brennan" <BOBrien () columbia com>
Date: Fri, 9 Nov 2001 07:48:26 -0800
Oh, don't misunderstand. I'm not saying it *IS* done, I'm just saying it CAN be done. This method has been used in cryptography for many years. There's no reason it can't be applied here -- of course that leads us back to the issue of reading the darn thing. Just because the disease is out there doesn't mean someone is susceptible. Same holds true here. Besides, Bruce, the article refers to whether or not data *WAS* being transmitted as a means of communications, not whether or not it COULD be done. If it technically were not possible, they wouldn't have bothered with the analysis in the first place. It further notes that it didn't see anything as part of a dictionary search, and admits the likelihood of steganographic data contained on Ebay was pretty low. I'm not disagreeing with any of this information. Further, let's build a little cipher ourselves, shall we? I've got 10 images. In these images I have codes which when examined with the right software reveal letters/numbers. I tell you that in a string of locations is the letter combos you're interested in. Boom. Over these ten images, I've tranmitted information to you *WITHOUT* changing the image one bit. I'm simply using what exists to home you in to locations which themselves are innocuous. In the process, I've sent you a message. Now, I don't mind someone yanking out a silver bullet and shooting me with it (hell, my wife does it to me all the time), but just because a group of people tested one direction of thought doesn't mean that all directions have been thoroughly considered and evaluated. Sometimes the blatantly obvious is the most overlooked -- such as using fully fueled airplanes as missiles. Cheers. Brennan -----Original Message----- From: Bruce Ediger [mailto:eballen1 () qwest net] Sent: Friday, November 09, 2001 7:31 AM To: OBrien, Brennan Cc: vuln-dev () securityfocus com Subject: RE: Infected jpeg files? On Thu, 8 Nov 2001, OBrien, Brennan wrote:
Given that images are a major way of transmitting encoded data, it stands to reason that the hooks could exist -- that is, it could be a transport mechanism. However, the viewer itself would have to know to
The view that "internet images transmit encoded data" is thoroughly discredited: see http://www.theregister.co.uk/content/archive/21829.html Some researchers examined two million images from eBay, and found not a single image containing steganographically encoded data. Primary source: http://www.citi.umich.edu/techreports/reports/citi-tr-01-11.pdf But that's neither here nor there in the context of whether the dopey IE warning about viruses in images is correct.
Current thread:
- Re: Infected jpeg files?, (continued)
- Re: Infected jpeg files? Brad (Nov 10)
- Re: Infected jpeg files? J Edgar Hoover (Nov 09)
- Re: Infected jpeg files? Mathias Dybvik (Nov 09)
- Re: Infected jpeg files? terry white (Nov 09)
- Re: Infected jpeg files? H C (Nov 09)
- Re: Infected jpeg files? Thor (Nov 09)
- Re: Infected jpeg files? H C (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
- RE: Infected jpeg files? Oliver Petruzel (Nov 09)
- RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)
- RE: Infected jpeg files? Krul Thomas (Nov 09)
- Re: Infected jpeg files? Rob Pickering (Nov 09)
- Re: Infected jpeg files? zen-parse (Nov 09)
- RE: Infected jpeg files? Brass, Phil (ISS Atlanta) (Nov 09)
- RE: Infected jpeg files? Thor (Nov 09)
- Re: Infected jpeg files? Oliver Bleutgen (Nov 11)
- strange thing happend to me Sould3mon (Nov 12)
- RE: strange thing happend to me Oliver Petruzel (Nov 12)
- strange thing happend to me Sould3mon (Nov 12)
- Re: Infected jpeg files? Pete Simpson (Nov 12)