Welcome back to another installment in our series on steganography. After introducing Digital Steganography Basics, we just finished looking at a modern form of hiding text within text using the snow technique in the post titled Digital Text Based Steganography. Let’s move on to talk about binary files now, as they represent a more popular choice due largely to their substantially larger carrying capacity.

Binary files can obviously be grouped by type: images, audio files, video files, executables, other binary files. For the purposes of steganography however, it’s useful to distinguish between lossy and lossless files. Binary files have a tendency to be large in this age of smartphone videos, and many popular file formats utilize compression to reduce the disk space and bandwidth required to store and transmit them. Lossy file formats find ways to compress the files, losing some portion of the information in the process.

Read More

Google continues to dominate online search, as we outlined in our introductory post about search engines aptly titled Search Engines and Google.

We then dedicated an entire post to decentralized search engines, since your search topics colectively paint a highly detailed view of your personal life. They allow users to run their own nodes. This is great for companies that want to provide internal search to their employees without handing over lots of information to large search providers.

We also explored Internet of Things searching, with search engines like Shodan that allow us to locate everything from webcams to routers to mainframe computers. That’s quite an important topic these days, as vast numbers of devices get connected to the Internet.

In this installment we bring you a look at privacy focused search engines. This category deserves its own post because of the growing importance of online privacy and the central role search providers play.

Read More

There’s a lot of excitement around blockchain-based games and the promise of non-fungible tokens (NFTs) to enable new opportunities for players to own in-game objects that have utility across game platforms. I get the vision, yet I think it’s mostly a case of overinflated expectations.

Let’s break it down. Tokens are standardized digital assets issued on some blockchain (or similar) platform. They are not the coins that are native to a blockchain, but rather assets issued on top of such a system. There are such token systems on most of the major blockchains currently, and while some are highly standardized they are generally not interoperable between platforms.

Read More

The creation of viruses goes way back in computer history, but the commercial explosion of virus remediating software began in earnest in 1987. Several virus removal programs were released in that year, including McAfee Company’s VirusScan software, and Ross Greenberg’s Flushot Plus. Viruses have proliferated and grown in complexity since then, and in the 1990s an industry sprung up to counter this trend.

In this post we’re going to address commercial AntiVirus software aimed at the consumer market in terms of efficacy, security and privacy. Businesses have different needs, have different networks to protect and use different sorts of endpoint security solutions.

Read More

Ever wonder how to create packages for your operating system distro? I did – in fact for a long time I didn’t know much about how they worked – they just did. For linux users, life would be rough without these amazing helpers that keep track of versions and dependencies. They install, upgrade, remove and manage software and the repositories that software comes from.

Read More

VPNs are becoming so widely used, it’s worth taking a closer look at them. Previously in Intro to VPNs we talked about the basics including what a VPN is and what they’re used for by individuals and businesses. Let’s focus now on personal use of VPN providers in this post.

Never use a free VPN service! Running a VPN service requires buying, setting up and maintaining servers and software, paying the people who do that work, and paying for lots of bandwidth; i.e. high initial setup and ongoing operating costs. If the VPN provider is not charging you, they’re covering the costs in another way – perhaps by selling your profile data based on your Internet usage, or violating your privacy in other ways.

Read More

In the last post about biometric identification, “Fingers, Eyes & Veins” we looked at some of the technologies in use today, after an introduction to facial recognition in the previous post. Now let’s look at what governments are doing with the biometric data they’re collecting and using. They believe this will drive efficiency and fairness in government-personal interactions but the early indicators suggest disasterous results.

India has a government run program called Aadhaar that is essentially a giant database of biometric identity markers plus demographic data for their citizens, used by the state assistance programs. Other national governments have also expressed interest in this system if successful. The Indian government claimed this would lead to budgetary savings due to increased efficiencies and reduce corruption, but results are not clear.

Read More

We mentioned that hiding text within text is the common ancestor of all steganographic techniques earlier, in our initial post on digital steganography basics. However, in the digital age there are some new wrinkles due to the existence of various kinds of computer files. Of course text messages can be concealed in any number of file types – in fact every file type, but we need to begin somewhere so let’s examine text-based steganography.

Text files are simply files that are interpreted as such by an operating system. The notion of files and filesystems is an abstraction the OS provides us so we can more easily manage data. These “files” are ones and zeros just the same as binary files, but they are comprised of human readable text encoded using a standard scheme like ASCII or Unicode. In the modern version of American Standard Code for Information Interchange (ASCII) each byte is interpreted as one character, and since a byte is 8 ones and zeros, it can represent 256 (2 possibilities per bit, 8 bits so 2^8=256) characters.

Read More

I’m new to Python although I’ve been programming for years in other languages. So imagine my surprise when I found out how great scapy is! In a couple of earlier posts I wrote about crafting custom packets and using scapy commands, so now I’m going to talk about programming with scapy. Instead of finishing scripts and then moving on to something else, it’s nice to write a post about one because going over it in detail really reinforces what I’ve learned.

This script is a basic DNS lookup tool not unlike nslookup or dig, only not as full featured. It currently only supports querying A recs and NS recs, but it will allow you to first lookup the nameservers for a domain, then find the A rec using an authoritative nameserver.

Read More

What are VPNs? Virtual Private Networks are popular and a useful tool in your quest to guard your online security and privacy, as well as being an important tool for companies to allow remote access to their internal networks. Wikipedia defines them as follows, “A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.

VPNs have long been used in the enterprise to allow remote access to internal networks for remote workers, contractors, traveling workers, etc. In the corporate environment, VPNs allow remote users to access resources on internal networks. In the past decade, however, we’ve seen a surge in usage among privacy conscious individuals. It’s important to understand the security and privacy implications of VPNs, and to consider the criteria for choosing a VPN provider.

Read More

Fingerprint readers are commonly used today to unlock smartphones, as well as providing a second factor in physical access control systems. In the previous post we took a look at facial recognition systems, now let’s introduce some other types of biometric identifiers commonly used today.

Certain fingerprints will match a variety of similar prints; they can be searched for and collected for use in these types of systems. Worse still, synthetic fingerprints have been shown to be highly effective, against standard systems like the type used in consumer devices, they have been shown to match up to 77% of prints with only a 1% error rate. If this method of authentication becomes more widely used, people will likely improve these systems, so more accuracy is not the answer.

Read More

Let’s talk about modern steganography. I don’t want to cover the long history of it, since that requires dedicating a full post to the techniques used over the centuries to conceal information. Old techniques are typically meant to hide text messages, since audio and video recording was not possible, and recorded images were not digital.

Steganography is about hiding secrets in plain sight. It is not encryption, which is a scrambling of information so that it’s unreadable. The term is derived from the greek words steganos (covered) and graphos (writing), which has become misleading in the computer age. Modern steganography is all about hiding text or files inside digital files.

Read More