×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

90 comments

Too late (4, Informative)

oodaloop (1229816) | more than 5 years ago | (#23628349)

Didn't /. just post an article a few months ago about how the NSA figured out a way to block steganographic messages in VOIP?

Re:Too late (5, Informative)

Zymergy (803632) | more than 5 years ago | (#23628389)

Sort of... "Blocking Steganosonic Data In Phone Calls" http://it.slashdot.org/article.pl?sid=08/04/02/0133212 [slashdot.org]
There is this too... http://it.slashdot.org/article.pl?sid=04/01/10/2358247 [slashdot.org]

Re:Too late (1)

oodaloop (1229816) | more than 5 years ago | (#23628523)

Wouldn't the same technique work for VOIP as well? And since when is referring to previous relevant /. articles being a troll?

Re:Too late (5, Informative)

bickerdyke (670000) | more than 5 years ago | (#23628755)

Only as long as you'd try to hide your secret data in the Audio stream. If you inject your secret data directly into the network "connection" (read: the sequence of UDP Packets sent) it bypasses manipulated background noise.

Re:Too late (3, Interesting)

redxxx (1194349) | more than 5 years ago | (#23628779)

The first link would not work because they can't just add noise. They would have to inspect and remove packets from the data stream. It works totally differently and would not be applicable.

The second is just looking for out of band communication in data streams. It could be configured to look for it in Voip traffic, but most of it is encrypted. It wouldn't be easy, particularly doing it in something like real time, but not impossible.

Re:Too late (4, Funny)

GuldKalle (1065310) | more than 5 years ago | (#23628941)

And since when is referring to previous relevant /. articles being a troll?
Probably just someone trying to post a steganographic message using the /. mod-system.

Patterns in the noise (3, Interesting)

StreetStealth (980200) | more than 5 years ago | (#23630199)

It does get one thinking, though... So many things on the internet appear to be governed purely by entropy; how many of them could conceivably be used for steganographic purposes?

Imagine a series of /. accounts set up for bots to automatically comment on stories, with an algorithm somewhere to scrape and concatenate certain characters based on a key consisting of times and offsets...

Come to think of it, there's no reason why this necessarily couldn't be the case with some of the vast volumes of blog comment spam out there. Spread out wide enough and with a resilient enough algorithm, there could be more than enough signal to cover for the noise of spam-killed comments...

Re:Too late (0)

Anonymous Coward | more than 5 years ago | (#23628509)

Troll? Seriously? Who gave the angry guy mod points?

Pay for 388 words? (5, Insightful)

CogDissident (951207) | more than 5 years ago | (#23628363)

To continue reading this article, subscribe to New Scientist. Get 4 issues of New Scientist magazine and instant access to all online content for only USD $5.95

Thanks Slashdot, because I really want to go to Slashdot to get links to a story that I have to pay to read.

Re:Pay for 388 words? (5, Funny)

Beat The Odds (1109173) | more than 5 years ago | (#23628391)

Thanks Slashdot, because I really want to go to Slashdot to get links to a story that I have to pay to read.

You're welcome?

Re:Pay for 388 words? (4, Funny)

chunk08 (1229574) | more than 5 years ago | (#23628917)

Wait, someone who reads articles? On slashdot?

You must be new here.

Re:Pay for 388 words? (1)

witherstaff (713820) | more than 5 years ago | (#23632419)

It's sometimes confusing to remember the rules. When talking about Playboy / Maxim / etc, you get it 'just for the articles'.

And then you go to /. and since there's no eye candy (Unless you get rickrolled or goatse'd) and you actually read the stuff, but have to hide that you do. Confusing!

Complete article (5, Informative)

TripMaster Monkey (862126) | more than 5 years ago | (#23628379)

The complete article, accessible without NewScientist subscription, may be found here [tmcnet.com].

Re:Complete article, without ads (5, Informative)

Animats (122034) | more than 5 years ago | (#23628603)

Here is the actual paper [arxiv.org] as a clean PDF. This is the good version.

The linked Technology Marketing Corporation page mentioned in the parent post has only the beginning of the article. It also has 24/7 Media ads in the middle of the article, Google ads on the right, TMC ads at the top, bottom, and in boxes within the article, buttons for more promoted services at the left, a Flash banner at the top, ads from OAS at the lower right, a Digg button, and an email signup box. Oh, and the page refreshes itself every two minutes to change the ads.

Re:Complete article, without ads (4, Funny)

Colin Smith (2679) | more than 5 years ago | (#23629221)

So. You're the one paying for my internet surfing.

Sounds like you need adblock.

 

Well... (3, Insightful)

Vectronic (1221470) | more than 5 years ago | (#23628385)

It's not a sectret anymore now is it?

Re:Well... (4, Funny)

Vectronic (1221470) | more than 5 years ago | (#23628393)

Nor a secret for that matter.

Re:Well... (4, Funny)

fracai (796392) | more than 5 years ago | (#23628563)

I assumed the misspelling was one part of a larger steganographic message. Let it be known that I am now browsing over your comment history looking for further "mistakes".

I'm on to you.

Re:Well... (2, Insightful)

Vectronic (1221470) | more than 5 years ago | (#23628627)

You are abolutely right, however, you forgot that I may have multiple accounts, and may be sending messages across more than just Slashdot.

You would have to know all my accounts, on all forums, plus know the method to decipher the data.

Muahaha.

Re:Well... (3, Funny)

lanswitch (705539) | more than 5 years ago | (#23628725)

Twitter, is that you?

Re:Well... (1)

Vectronic (1221470) | more than 5 years ago | (#23628797)

Ouch, low blow.

Re:Well... (1)

lanswitch (705539) | more than 5 years ago | (#23628867)

Multiple accounts, may be sending from more than one address. It just seemed logical to me...

Re:Well... (3, Funny)

Vectronic (1221470) | more than 5 years ago | (#23628889)

By that logic, we might both be Twitter, considering his nack for replying to himself.

Re:Well... (2, Funny)

Anonymous Coward | more than 5 years ago | (#23628945)

Well played "everyone"...

Re:Well... (0)

Anonymous Coward | more than 5 years ago | (#23629551)

Let's just hope they don't do a remake of Spartacus.

I am twitter.
No, I am twitter.
We are all twitter!

(shudder)

Re:Well... (2, Funny)

morgan_greywolf (835522) | more than 5 years ago | (#23629019)

You are abolutely right, however, you forgot that I may have multiple accounts, and may be sending messages across more than just Slashdot.


Okay, so the code has MISSING as well as added letters. Extra 'T', missing 'S' -- ah ha! Terrorist State! Wait'll the NSA finds out, it'll be Gitmo for y....

No, no! I was just decoding the message for you guys! Hey! I'm not the recip....

*klank!*

Re:Well... (5, Interesting)

h4ck7h3p14n37 (926070) | more than 5 years ago | (#23630063)

That reminds me of a neat story.

A few years ago at a tech conference I met someone who worked for the data storage division at Dell. Some of the technical manuals that the engineer needed for their work were classified as secret (product hadn't gone to market yet) and the engineer had to sign various NDAs with the company to get access to the documents.

Said engineer compared their copy of a manual with another engineer's copy and discovered that each manual had a different set of spelling errors. Apparently Dell was generating documents with unique sets of typos in order to be able to track down the identify of the person who leaked a document.

Re:Well... (1)

Vectronic (1221470) | more than 5 years ago | (#23630147)

If I had mod points. (it wouldnt do any good since envoled in the conversation) +1 Interesting, anyways.

Although Dell wasnt the first to do so, it is still generally a good idea, because serial numbers, and other tags, can easily be swapped/removed.

But it's not perfect, given that if someone manually typed out the document, and removed all spelling mistakes, or even created new ones, the system fails, likewise, if someone was "in the know" about the scheme, they could essentially impersonate another (rival) employee, and it would be very hard to prove they weren't the ones who leaked it.

Re:Well... (2, Funny)

AioKits (1235070) | more than 5 years ago | (#23631127)

Apparently Dell was generating documents with unique sets of typos in order to be able to track down the identify of the person who leaked a document.
Either that, or Dell has taken the 'million monkeys at a million keyboards' approach to producing technical manuals!

Re:Well... (1)

ISoldat53 (977164) | more than 5 years ago | (#23632417)

Dell learned something from having an ex-NSA Director and Deputy CIA Director on their Board of Directors.

Re:Well... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#23632941)

Said engineer compared their copy of a manual with another engineer's copy and discovered that each manual had a different set of spelling errors. Apparently Dell was generating documents with unique sets of typos in order to be able to track down the identify of the person who leaked a document.

That's crude. There are other schemes that encode the identity of a document in the microspacing between the letters.


No way (4, Funny)

William Robinson (875390) | more than 5 years ago | (#23628401)

secret steganographic messages in the packets of a VOIP connection

Stop this research. No way I am going to say GoodBye to my Secretary. She knows a lot more than just stenography;)

Re:No way (-1, Offtopic)

CogDissident (951207) | more than 5 years ago | (#23628453)

I'm lost, how does this relate at all to anything? I'm sure it was meant as a joke, but I completely don't get it.

UDP Only... (4, Interesting)

mchawi (468120) | more than 5 years ago | (#23628445)

Based on the RFCs for VOIP they are supposed to support UDP and TCP per the new specs. Most companies are moving to support both so you can choose, but some of the large companies are going to TCP because this is what all of the 'Unified Communications' packages go with (such as Microsoft Office/Live/Communicator, etc).

One of the reasons they are leaning this way is security. Go figure.

Besides that, I don't really see the point. What does this solve that just encrypting sensitive data wouldn't?

Re:UDP Only... (3, Insightful)

k_187 (61692) | more than 5 years ago | (#23628517)

If somebody's looking for something encrypted data is something. With this method, there isn't anything to find, unless I'm totally misunderstanding it.

Re:UDP Only... (2, Insightful)

Vectronic (1221470) | more than 5 years ago | (#23628585)

Yeah thats what I got from it aswell.

If someone is using an encrypted connection/transfer, then its obvious they are doing something, and also trying to keep it hidden, whereas, if they were to carry out a normal transmition, but have the "secret" part of it hidden in this, someone looking, would see a normal interaction and possibly skip over the noise.

You could also have an encrypted message, that also requires data from the steganographic 'noise' and vice versa to become usable data, that way if one is "caught" its still useless data unless both are "caught"...

Re:UDP Only... (2, Informative)

papna (1242200) | more than 5 years ago | (#23628639)

With this method, there isn't anything to find, unless I'm totally misunderstanding it.
Or rather, there's nothing to notice.

Plain cryptography is something like having a locked safe sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having a safe behind a painting. You don't notice that there is anything being kept away from you.

Re:UDP Only... (0)

Anonymous Coward | more than 5 years ago | (#23628903)

Plain cryptography is something like having a locked safe sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having a safe behind a painting. You don't notice that there is anything being kept away from you.
I'm sorry. You lost me. Could you rephrase that as a car analogy instead?

Re:UDP Only... (1)

morgan_greywolf (835522) | more than 5 years ago | (#23629107)

I'm sorry. You lost me. Could you rephrase that as a car analogy instead?
Sure. Plain cryptography is like hiding your illegally-modified Covette engine with hood locks -- steganography is like putting your illegally-modified Corvette engine into a Hyundai Elantra.

Re:UDP Only... (1)

Em Adespoton (792954) | more than 5 years ago | (#23631349)

Ever seen that TV commercial from a few years back where the guy walks up to what looks like an old beater parked in an alley, and then proceeds to pull the dust cover off his fancy sports car?

Well, that's nothing like steganography ;)

Re:UDP Only... (5, Funny)

Tanktalus (794810) | more than 5 years ago | (#23629185)

Plain cryptography is something like having a locked car sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having a car behind a painting. You don't notice that there is anything being kept away from you. Well, other than that big-assed painting.

No? How about this...

Plain cryptography is something like having a locked car sitting in a room. It might not be easy to get into, but you know it when you see it. This is like having the locks of the car behind paintings. You don't notice the keyholes. Well, other than those out-of-place paintings hanging off the door handles.

No? How about this...

Plain cryptography is something like driving your car across the border while trying to keep from having to show your passport to the border patrol (by showing them fake ID). This is like doing the same while having the trunk full of cocaine when you do so.

Bah, nevermind.

Re:UDP Only... (2, Funny)

shadow349 (1034412) | more than 5 years ago | (#23629273)

Well, other than that big-assed painting.
Excuse me, but I believe the proper term is rubenesque.

Re:UDP Only... (1)

Zadaz (950521) | more than 5 years ago | (#23629257)

And yet everyone says security by obscurity isn't security at all.

Re:UDP Only... (1)

ushering05401 (1086795) | more than 5 years ago | (#23629601)

"And yet everyone says security by obscurity isn't security at all."

Obscurity is not security, but can be complementary. In the VoIP example the security would be the encryption of your signal, the obscurity would be the addition of meaningful UDP packets.

Obscurity is helpful when dealing with cursory inspections, but doesn't actually increase security because being secure requires more than being non-obvious.

Think of contraband transportation. Driving around with illegal contraband in plain sight - say sitting on your passenger seat of your car - is just as insecure as putting the contraband in your glove compartment... any investigation into what you are doing and the jig is up. Putting the contraband in your glove compartment simply reduces the chance that questions about what you are doing will arise which is helpful, but not secure.

Re:UDP Only... (1)

Sancho (17056) | more than 5 years ago | (#23629641)

The term Security Through Obscurity is overused and poorly understood. The key is that most Security Through Obscurity has cryptography in plain sight with an "obscure" encryption mechanism. It's the "we created our own cryptography implementation, but we can't tell you what it is because it would compromise the security of the algorithm" that causes the problem. It's usually quite possible to reverse-engineer such algorithms, so if the system relies on secrecy which can be discovered (as opposed to the secrecy of passwords or keys which, in strong systems, cannot be recovered without interacting with the owner of said password), then the system is weak.

With steganography, you're not only hiding the algorithm used, you're hiding the fact that there's any message at all. Ideally, you'd also encrypt any steganographic message, meaning that even if someone discovers that a message is there, they won't be able to read the message. In this way, you're protecting yourself from, say Carnivore-like systems, but even if your data-hiding fails, no one can read the content anyway.

Re:UDP Only... (4, Interesting)

zappepcs (820751) | more than 5 years ago | (#23628573)

Well, it might ensure that the NSA et al are not infecting your VoIP equipment with tracing software while you are talking, and those pesky terrorists might not be able to send text data about the next planes to hijack while having a bad conversation quality exchange about prayer times and how to find Mecca while in Chicago.

When a security hole is found, it needs to be plugged because the threats it poses are not always explicitly understood at first glance.

In fact, in computing in general, there are multiple ways to sneak a couple of packets through here and there if you're willing to be patient. I'd mention a few of them, but that would probably get me on a fucked up watch list. The fact remains that this is but one way to do so. Monitoring the network packet for packet won't uncover them all either, nor will it out any terrorists who don't want anyone watching their communications. Why, even my music on hold can contain data for transmission to the right person with the right audio equipment. Never mind a blog post, or email. In fact... woooootttt! I could use the NSA's website as the key for an encryption routine that they would never decode in several decades of trying. sigh, but that won't stop them from telling us that it's all for our protection.

Just encrypting it would not stop the possibility of rogue data if your application can withstand a few missing packets. VoIP is not the only protocol which is susceptible.

Too Late (0)

Anonymous Coward | more than 5 years ago | (#23636609)

In fact, in computing in general, there are multiple ways to sneak a couple of packets through here and there if you're willing to be patient. I'd mention a few of them, but that would probably get me on a fucked up watch list
The comment above indicates that you have knowledge that may be used for espionage purposes. We're watching you...

- Sincerely yours, the DHS.

Re:UDP Only... (4, Informative)

PhuCknuT (1703) | more than 5 years ago | (#23628599)

The idea behind steganography is not just to encrypt the data, but to hide the fact that you're sending it in the first place.

So... let me get this straight.... (2, Funny)

Anonymous Coward | more than 5 years ago | (#23629131)

...if you're using steganography in your VoIP data stream to imbed pr0n images, then you've invented a clever new form of digital phone sex, right?

Re:UDP Only... (1)

mpe (36238) | more than 5 years ago | (#23637749)

The idea behind steganography is not just to encrypt the data, but to hide the fact that you're sending it in the first place.

Even though specific applications may use steganography in conjunction with encryption it does not imply that encryption is involved.

Re:UDP Only... (5, Informative)

Kr3m3Puff (413047) | more than 5 years ago | (#23628633)

First, Stenographic or Stenophonetic solutions are supposed to disguise that you are actually communicating encrypted information, which is 1/2 the battle. If you know two parties are transmitting encrypted information that is sometimes enough (especially in this day and age) to either attack via brute force, or even worse, make them legally hand over their decryption keys, where then you need plausible denability. When the third party doesn't even know you are transmitting information, you are in a much better situation.

First, wide adoption of RTP transmission via TCP is highly unlikely, due to the nature of streaming media in general which UDP is designed for and TCP is not. Fixed datagrams and packet ordering protocol are a major pain in the a$$ for streaming media.

Where as the call control protocol (SIP, H.323, MGCP, etc) via TCP is probablly more likely and most standards support transmission under either, though the vast majority is still UDP based.

You are right from a security perspective with TCP you know if information is gone missing, where as UDP you never really know.

Re:UDP Only... (-1, Redundant)

Anonymous Coward | more than 5 years ago | (#23628641)

Steganography (as contrasted with cryptography) is the art/technique of hiding secret messages within other seemingly innocuous messages -- i.e., invisible ink or Neal Stephenson's example of coded binary weave patterns within a character's crocheting (in his novel "The Confusion").

As the previous poster mentioned, with encryption third parties know there is a message, but they might not necessary know with a hidden message of this kind.

Re:UDP Only... (1, Informative)

Anonymous Coward | more than 5 years ago | (#23628753)

Besides that, I don't really see the point. What does this solve that just encrypting sensitive data wouldn't?
A lot. Remember when W. told OBL that we were listening in on their sat phones? Well, between that incident and the time that reagan gave up info about the KAL incident told a lot about our intel world (the 2 should have been swung, or gone on a hunting trip with cheney, for those actions of being traitors; it took several years for pilots to talk again and a number of interesting channels were shutdown in 2003). One of the things about the terrorists is that they are not just romantics. They are extremely bright (PhD's and MD all over). OBL went underground and pushed for hiding info. Of course, the issue is what package to look at. Well, when a small portion are encrypted, then it is trivial to find. of course that brings up the issue of whether the NSA can decrypt it? [wired.com] So, AQ has figured out that answer and needed another way to communicate. So they switched up to steg. Why? Because now, we have to hunt for these, figure out which packets to reassemble, which ORDER to assemble them, and then decrypt. That is DAMN difficult.

Make noises (5, Funny)

tristian_was_here (865394) | more than 5 years ago | (#23628587)

If you want to hide packets over VoIP I suggest making "beeping" noises.

Typical stenographic VoIP conversation (1)

Bovius (1243040) | more than 5 years ago | (#23629205)

"Hey."
"Hey."
"I'm sending you a stenographically encrypted file through this call."
"Oh, okay." ...
"Uh, hello?"
"Sorry, I gotta give it enough talk time to transmit."
"Oh, gotcha." ...
"So, how's the family?"

authors (1, Funny)

Anonymous Coward | more than 5 years ago | (#23628657)

Article by Wojciech Mazurczyk and Krzysztof Szczypiorski... wow ... Did they encrypt and hide their original names ?

Re:authors (3, Funny)

Anonymous Coward | more than 5 years ago | (#23628791)

Ha...

A Polish guy goes in for his yearly eye examination.
The eye doctor says, "OK, read the smallest line down on the chart that you can."
The guy reads out, "W... Z... P... X... Y... I... Z... Y... K...".
The doctor says, "Wow, that's great, you can read the bottom line?"
The Polish guy says, "Read it? Hell, I know the man!"

Re:authors (0)

Anonymous Coward | more than 5 years ago | (#23629811)

I laughed

ATTACK!!! (2, Funny)

sznupi (719324) | more than 5 years ago | (#23632561)

Say this:

W Szczebrzeszynie chrzszcz brzmi w trzcinie.

(note: your head may explode)

(PS. and don't look at my nickname ;P )

oops... (1)

sznupi (719324) | more than 5 years ago | (#23639469)

/. comment system cut out one letter with diacritic...so, I'll just use closest thing from the roman alphabet:

chrzaszcz

There, should be much easier to you ;)

Original paper? (4, Funny)

Kyont (145761) | more than 5 years ago | (#23628691)

You may also be interested in reading the original paper.
CmdrTaco, you must be new here.

More info (0)

Anonymous Coward | more than 5 years ago | (#23628761)

This has been looked at elsewhere:

http://voipcc.gtisc.gatech.edu/

news/stuff that matters; total fiction/fluff (-1, Troll)

Anonymous Coward | more than 5 years ago | (#23628827)

pretending is all the rage nowadays. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece

there goes my work privacy again... (1)

pha7boy (1242512) | more than 5 years ago | (#23628843)

as more and more companies move their voice system over to VOIP, this creates an interesting dilemma: how do you prevent information leaks from secure sites when your telephone system can act as the carrier? Which probably means that we'll have more company snooping around and more "by using this system you agree that your privacy will be raped daily" forms we all have to sign when we get hired.

Re:there goes my work privacy again... (1)

Antique Geekmeister (740220) | more than 5 years ago | (#23633071)

Telephone systems have been possible carriers for far longer than digital telephony has been around. While analog phones do not operate well below 100 cycles, they carried enough information to incorporate inaudible data at well below 20 cycles and imperciptible to your casual listener. The quality isn't good, but it doesn't have to be to bury a trigger message.

VoIP doesn't just use UDP (1)

Quattro Vezina (714892) | more than 5 years ago | (#23629197)

While VoIP certainly can use UDP, it's also quite possible (and even common) for VoIP calls to use TCP as the transport. Hell, the original paper even mentions steganography over TCP.

Saying "VOIP uses UDP, not TCP" is overly simplistic. RTP can run over either UDP or TCP, while SRTP runs over TLS-over-TCP.

Re:VoIP doesn't just use UDP (2, Interesting)

profplump (309017) | more than 5 years ago | (#23629835)

I know people are still confused by the magic of IPSec, but seriously, UDP over IPSec is a vastly superior way to secure RTP in any situation where packets might be dropped or re-ordered. SSL+TCP+RTP might work on a LAN with lots of bandwidth to spare, but it just doesn't work across the Internet.

I used to have an IPSec bridge to the office, with RTP running over UDP on that bridge. Everything worked great. Now my company has turned off end-user IPSec, and requires use of the Cisco SSL/TCP-based VPN client. I'm now forced to forward all calls to my cell, because phone calls over the new VPN stutter like nobody's business about 40% of the time.

Skype (0)

Anonymous Coward | more than 5 years ago | (#23629235)

Doesn't skype use it's entire userbase to broadcast packets from the sender to the reciever? Wouldn't this allow people to communicate practically anonymously?

"VoIP" is not exclusively UDP (2, Insightful)

Alarash (746254) | more than 5 years ago | (#23629539)

VoIP doesn't "use UDP instead of TCP". VoIP (which is usually SIP+RTP, but there are other protocols out there used to carry voice over IP networks) can use UDP over TCP, and that configuration is the most common one. But not the only one possible as the article suggests.

Also, the article in the /. article kind of suggests that VoIP (which is a concept, not a protocol) can use only UDP, which is not true. It's like saying Internet is used only for HTTP.

Isn't VOIP illegal where data-hiding is needed? (1)

Simonetta (207550) | more than 5 years ago | (#23629941)

Isn't VOIP illegal in most of the countries where data hiding needed to protect yourself from the political police?
Telephone service is usually a government monopoly in the developing world. VOIP bypasses the government telecommunications monopoly. And since that monopoly is so profitable, the government authorities in these places violently suppress anyone that they catch using VOIP.

    What kind of information would be hidden in VOIP transmissions? General political tracts and religious books are too large for the limited space available. Specific information about meetings, such as, "Go to this address at this time and ask for Raul if you want to receive absolution from an ordained priest" in places where Christianity is illegal? Or criminal activity information, like "go to this address at this time and ask for Abdul. He'll have the bomb that you need to blow up the infidel day-care center"? Or, in the USA, drug deal information like "We received your PayPal transaction, Thank you very much. Eight grams of dynamite skunk weed for you is located in a crushed Mountain Dew can in the gutter exactly sixteen feet south east of the bus stop sign at the corner of First and Main. We will pick it up if you don't do so by 3:30pm Tuesday"? I've always wondered why simple dope dealers don't use Internet technology for anonymous untraceable transactions? Could it be because most dope dealers are stupid, or just old-fashioned?

    Why would someone want to hide information in a VOIP transmission when they could use an encrypted e-mail for the same purpose? This isn't a rhetorical question. I'd like to know your opinion. I don't have VOIP, so you'll have to take a chance and post it here.
   

Re:Isn't VOIP illegal where data-hiding is needed? (1)

Vegeta99 (219501) | more than 5 years ago | (#23630011)

"We received your PayPal transaction, Thank you very much. Eight grams of dynamite skunk weed for you is located in a crushed Mountain Dew can in the gutter exactly sixteen feet south east of the bus stop sign at the corner of First and Main. We will pick it up if you don't do so by 3:30pm Tuesday"? I've always wondered why simple dope dealers don't use Internet technology for anonymous untraceable transactions? Could it be because most dope dealers are stupid, or just old-fashioned?


PayPal is anonymous?? Coulda fooled me!

Re:Isn't VOIP illegal where data-hiding is needed? (2, Interesting)

sunderland56 (621843) | more than 5 years ago | (#23630803)

You can purchase a Vonage/etc. adapter in the USA, and then plug it in anywhere in the world. This works in a lot of places that VOIP is officially "not available" - exactly where depends on the settings of that country's firewall.

Viruses will be the next safe transmitters (3, Insightful)

suitepotato (863945) | more than 5 years ago | (#23630451)

I think the future will see the use of trojan/virus techniques to send data. It's already been fairly well proven that stopping botnets is next to impossible given current technologies, attitudes and ideas on the part of administrators and engineers, and most importantly that AI bears not a candle compared to Natural Stupidity.

Forget just VoIP. In the future we'll hide communications networks under multiple layers of encryption inside trojan'd everything that is awfully hard to tell innocent user data from something else. We'll probably also host websites and files that way in a coalescence and then expansion of BT/P2P and anonymous remailer methods but not so much with identifiable clients but instead viral ware that people choose to allow on their machines so as to prevent privacy invasion by government and business.

My VoIP is one big hidden message (1)

gelfling (6534) | more than 5 years ago | (#23630981)

It must be cuz it sure as shit don't work right. I could reach more people sticking my head out the window and yelling than with AT&T.

Serial numbers in ARP packets (2, Interesting)

karl.auerbach (157250) | more than 5 years ago | (#23631419)

There are sometimes other places to hide data:

I can't remember whether it was FTP Software of NetManage, but one of those used to hide the serial number of the software in the bits between the end of broadcast ARP requests and the end of the Ethernet frame.

That way they could check for duplicate license keys on the same net without bothering anybody. Only worked across the broadcast domain, but that was adequate for that purpose.

There's lots of other places too.

RTP packets have optional extension headers that can be used, DNS can hold extra information in parts of the query and response packets - I once encountered someone tunneling music feed via buggered DNS packets. (It became very visible when it caused a Cisco firewall to go haywire.)

Video gives more bandwidth, and DRM is an issue (1)

hankk (1300735) | more than 5 years ago | (#23631779)

Voice is one place for stego, but Video over IP can use a lot more bandwidth, and gives you more places to hide info--you can do more with the codecs, and can "hide" information in the picture itself (hey, the bad guys could use sign language.) :)

One interesting thing about the paper is that it implies that some types of DRM mimic stego. Is this a reason to outlaw DRM?

Great paper... to wipe your butt with (1)

LostMyBeaver (1226054) | more than 5 years ago | (#23636095)

Just read the paper. While their research is entirely sound (no pun intended), the value of their research is pretty limited.

In circumstances like Skype (not RTP), it is possible to talk and text chat at the same time. All of it is encrypted.

The application of this type of stegonographic message is for stored data. But for that, the data would have to be stored. There's just not point in storing a voice conversation as RTP packets on the users' system. In fact, it would be almost ridiculous to store audio in a network session specific payloaded form.

Typically, it would be better to just store the audio as a .wav encapsulated G.711 or G.722.1 file. That would lose the RTP packets altogether while leaving the audio playable. But doing so would probably delete the hidden message.

So far as I can tell, there's no application for using this in the real time context and if you're trying to hide your data, storing it in RTP encapsulated audio packets on disk is pretty silly since it isn't a standard file format.

If you want to hide something, find a way to hide it in a jpeg. png, etc...
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...