Social Icons

Showing posts with label Steganography. Show all posts
Showing posts with label Steganography. Show all posts

Wednesday, June 03, 2015

Get Hacked on just Opening a Image

Stegnography we all know is the technique of hiding messages inside a pic and exactly on the same lines a new malicious technique by the name of STEGOSPLOIT has arrived that allows malicious code and java script execution the moment an image is opened by the user.This image can be of anything that can interest a victim viz Political figure,Actors,Tempting models,Engineering drawings or anything that is a image.The technique has been discovered by security researcher Saumil Shah from India.The technique was demonstrated at the Amsterdam hacking conference Hack In The Box with a talk titled, "Stegosploit: Hacking With Pictures".The video of demonstration is shared below...just watch it...by the looks if it goes...looks simple.


The technology opens the door for attacks executed as simply as pointing users to sites containing a booby-trapped image or delivering the image via email. By virtue of simply viewing the image, the exploit code is triggered and can deliver malware on the victim's computer.The second video below is in continuation of the above video :

The way out for a typical user is to avoid opening any tempting forwarded image from any friend or acquaint,default image downloading disabled for mobiles and PC interface in email/Whatsapp etc application settings.
technique discovered by security researcher Saumil Shah from India. - See more at: http://thehackernews.com/2015/06/Stegosploit-malware.html#sthash.wBuIwSGj.dpuf

Wednesday, May 08, 2013

Central Monitoring System : Another step in the Wrong Direction ?


1.    The month of "May" has become started with a "Will" from Indian Government.Now after so many still unresolved issues on Facebook posts and similar things in respect of issues of privacy,it has come up now with Central Monitoring System(CMS).The concept was placed in parliament  some time in December 2012 by the then information technology minister Milind Deora on which the government plans to spend Rs 400 crore and this would "lawfully intercept internet and telephone services"

2.  Now this means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities.Every byte of what is being exchanged by you over the net would be monitored.....but is it actually required?I have doubts per-se owing to the amount of further investment it would require.At a time when Big Data analytics is still maturing,investing so much on monitoring and storing some portion of it pan India would be a herculean task.The key points that I found interesting are dotted below :

- With the lack of privacy laws to protect Indian citizens against potential abuse,this would set another example of wrong feather in the cap.

- CMS has been prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau. 

- Without any manual intervention from telecom service providers, CMS will equip government agencies with Direct Electronic Provisioning, filter and provide Call Data Records (CDR) analysis and data mining to identify the personal information and provide alerts of the target numbers.

- The estimated cost of CMS is Rs. 4 billion. It will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Is their any thing on Mother India Earth left to monitor?

3. Now I fail to understand that how Government expects to monitor cyber criminals by this CMS? Does government actually intend to find out the actual potent and dangerous Cyber Criminals or are they only interested in finding love affairs of local boys and girls!!!coz if the intention is former,would the cyber gang do it without tricks?...without encryption?...without spoofing?...when things like stegnography,TOR,Anonymous etc are still to be deciphered....the cyber crime would go on as it is.The focus should have been on analyzing of what is floating around rather then monitoring open text and messages.

4.  For example if a person with malicious intent,uses Whonix or anonymous kind of OS from a local cyber cafe and then places his message vide a steganographed image that is encrypted,is their any way that this can be deciphered?....technology does not exist today to decipher all this quickly ..still time is there when we reach such a stage....few months back in Dec 2012 when torrent was apparently blocked on directives from Govt Of India,anonymous group had given a open letter shared at http://www.geektech.in/archives/9924.

5. Well it is very clear that the decision makers in such moves are unclear on technological reality but also provisions for a scenario like WAR within....each step in such a direction has to be taken carefully because these are really critical.Additionally,outsourcing such moves to unreliable or may be foreign firms may become a serious threat.....

6.  Well at the end of the day,it is just my view per-sewhich no body is bothered...but the repercussions are serious to be avoided and ignored

Tuesday, February 16, 2010

Steganography : Hide in a JPEG/BMP

1. Steganography is the art and science of writing hidden messages in such a way that no one,apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity while Cryptography is the practice and study of hiding information.

2. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages no matter how unbreakable will arouse suspicion,therefore, whereas cryptography protects the contents of a message,steganography can be said to protect both messages and communicating parties.

3. Just for how it works..i tried one free Steganography software "Invisible Secrets" that allows one to encrypt and hide files in other files (carriers) which are not suspect of encryption (JPG, PNG, BMP).The link I downloaded from can be accessed by clicking here.

4. Now this is a small 1.8 MB software good enough to do the job.The file u see below of golden temple is just not a jpeg,it consists of a text file with a message...the password to access the text file is 12_34....for those of u who r interested to experiment

5. The scope of utility involves provisioning solutions to the following queries of any user across :

(a) Are you afraid that someone else can see your sensitive and secret data stored on your computer ?
(b) Are you afraid that hackers or other people can penetrate your system and find your valuable information ?
(c) Your wife, boss and kids can see what you used the internet for?
(d) You have many passwords in your mind or spread all over your computer and you can't organize them?
(e) You want to send a secure email to your friend or partner and you want nobody to read or to access it?
(f) You want to password protect certain applications to be used only by you? Do you want them not to be visible in the Start Menu, but still have quick access to them?
(g) You want to delete an email or a file but you think someone else can restore it and use it against you ?
(h) You want to combine file encryption with steganography (hide files and folders) to better protect your documents and emails?
(j) You want to hide files on your computer so that nobody finds them?

Powered By Blogger