Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hiding Secrets With Steganography On FreeBSD

Hemos posted more than 10 years ago | from the hiding-it-together dept.

Encryption 424

BSD Forums writes "Bad guys in the movies all keep their wall safes hidden behind paintings. Is there a metaphor in there for your sensitive files? OnLamp's Dru Lavigne explores steganography, or hiding secret messages in images or sounds, with the outguess and steghide utilities on FreeBSD."

cancel ×

424 comments

Sorry! There are no comments related to the filter you selected.

Example: (-1, Flamebait)

grub (11606) | more than 10 years ago | (#7659883)


Try seeing the message hidden in this image [grub.net] . It may take a few moments.. Please don't post the message here, let others figure it out for themselves.

Good luck!

GOATSE LINK MOD PARENT DOWN (0, Informative)

Anonymous Coward | more than 10 years ago | (#7659896)

fuck you.

Re:Example: (-1, Troll)

Charles_Anus (729584) | more than 10 years ago | (#7659900)

That's awesome! Was that done with the BSD stego package?

Re:Example: (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7659909)

Predictably, it shows goatse.cx after a few moments. Why do people mod this guy up? He trolls EVERY frickin' story! He posts so much that I'm almost wondering if he doesn't have a 'bot to help out.

Re:Example: (0)

Anonymous Coward | more than 10 years ago | (#7659970)

He's a troll with a subscription account so he can see the stories first. He comes up with these oh-so funny replies, which he posts with his non-subscriber account. Still waiting for him to actually be funny...

Re:Example: (0)

Anonymous Coward | more than 10 years ago | (#7659994)

No, I subscribe with this account. I check the "No Subscriber Bonus" box.

Re:Example: (2, Informative)

herrvinny (698679) | more than 10 years ago | (#7659912)

Don't click on it! It's an animated GIF... and the second pic has serious problems...

Re:Example: (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7659973)

This was more clever than it was flamebait.

It wasn't very clever, either.

In fact, it was more insightful than it was flamebait.

Ass-istance requested (0)

Anonymous Coward | more than 10 years ago | (#7660157)

I am having trouble figuring out what the image is, there appears to be some sort of mongoose or other small mammal and perhaps a can of pudding... ?

fp! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7659888)

fp!

Steganography on corpses? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7659893)

How many secret ways do you need to say "*BSD is dying"?

Hey fags (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7659895)

This is a thr0d p1st. There are many like it, but this one is mine. So suck it down negroes.

Re:Hey fags (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7659929)

This is a thr0d p1st

You might want to spend a few minutes here [pitara.com]

I have done this in windows... (0)

skajake (613518) | more than 10 years ago | (#7659903)

I hide a picture of myself in the login bitmap on my school network

Makes you wonder (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7659941)

How you are able to handle being african-american and homosexual, without the firm, guiding hand (and other appendages!) of the GNAA.

(suck it down, negroes)

Re:I have done this in windows... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660172)

Because this hides your identity so well? Or because you like to show that you're 1337 enough to edit logo.sys with MS Paint or some other similarly-attuned program?

-1 offtopic.

BSD isn't dying... (4, Funny)

Anonymous Coward | more than 10 years ago | (#7659904)

...people just think it is because it hides itself very well. ;-)

Re:BSD isn't dying... (-1)

Anonymous Coward | more than 10 years ago | (#7660070)

Actually, the only thing hidden in BSD is what's left of Bill Clinton's integrity.

makes you wonder... (5, Funny)

akaina (472254) | more than 10 years ago | (#7659915)

Makes you wonder what the demon is hiding

Re:makes you wonder... (4, Funny)

dipipanone (570849) | more than 10 years ago | (#7660142)

<Darl McBride>
I'll tell you what the Demon is hiding -- our intellectual property, fer cryin' out loud.

Boies? I hope you're getting all this. The damned open source, heathen, communist hippies are deliberately flaunting their ability to conceal the code they've ripped off in an image of some goddamned devil. If that isn't proof enough of a conspiracy to rip us off, I don't know what is!
</Darl McBride>

Subliminal Message (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7659922)

Please do not read this text.

Re:Subliminal Message (-1, Funny)

Anonymous Coward | more than 10 years ago | (#7660050)

fnord

Is this limited to FreeBSD only? (4, Interesting)

Wigfield (730339) | more than 10 years ago | (#7659928)

I'd be interested to know if this is just a BSD thing or if I can run these apps on Linux or Windows.

Re:Is this limited to FreeBSD only? (3, Informative)

akaina (472254) | more than 10 years ago | (#7659937)

There used to be a program called Steganosis in the win95 days. I'm sure there's a modern equivalent, if not an updated version.

Re:Is this limited to FreeBSD only? (1)

akaina (472254) | more than 10 years ago | (#7659987)

Steganosis(sp) - it's been a while - I think it was Steganos

Re:Is this limited to FreeBSD only? (5, Informative)

mlk (18543) | more than 10 years ago | (#7660010)

Win, Linux [sourceforge.net]

Re:Is this limited to FreeBSD only? (4, Informative)

SkyMunky (249995) | more than 10 years ago | (#7660080)

also check out http://camouflage.unfiction.com

Re:Is this limited to FreeBSD only? (5, Informative)

criquet (120814) | more than 10 years ago | (#7660213)

I just compiled the source on Linux and it appears to work just fine.

Re:Is this limited to FreeBSD only? (2, Informative)

Enigma Deadsouls (700792) | more than 10 years ago | (#7660217)

JPHS [linux01.gwdg.de] for Linux and Windows.

Hiding pr0n? (4, Interesting)

Realistic_Dragon (655151) | more than 10 years ago | (#7659932)

I used to use this kind of thing to hide certain, ahem, suspect images on the Acorn machines at school.

Of course being an adult now it's not as required, but I suppose it might be able to hide offensive pr0n images inside more innocent ones - so that anyone looking finds pretty mild things and stops there, without being able to find things that would get you looked at oddly in church :o)

Re:Hiding pr0n? (3, Funny)

Anonymous Coward | more than 10 years ago | (#7659984)

The act of renaming your porn files to "StudyNotes.jpeg" is not steno unfortunately :)

Stego is so old news (5, Funny)

Anonymous Coward | more than 10 years ago | (#7659934)

I've been using it for years, posting messages like "allah is great" on Fark photoshop contests.

Just raising the background chatter to a dull roar.

Re:Stego is so old news (0, Flamebait)

Anonymous Coward | more than 10 years ago | (#7660140)

Not sure why this was modded funny. There is nothing funny about the phrase that is repeated by a Radical Muslim as he destroys countless lives with a bomb.

Re:Stego is so old news (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7660178)

Allah Ackbar! Allah Ackbar! Death to the infidel Americans!!!

*ppoott*

Re:Stego is so old news (-1)

Anonymous Coward | more than 10 years ago | (#7660261)

It's a Trap!

He's keeping your ass free (0, Insightful)

Anonymous Coward | more than 10 years ago | (#7660255)

By raising the background chatter, he is making it difficult to find any true use of stego. Pictures with messages like "Donald Rumsfeld can eat my ass with gravy as a sidedish" or "GEORGE BUSH SHOULD DIEt (He's getting chubby)" waste resources which would normally be spent reading YOUR email.

He's making himself a target so you don't have to. Ass.

Good stuff, but... (5, Interesting)

VargrX (104404) | more than 10 years ago | (#7659938)

my problem wrt steganography is that it 'feels' more like security through obscurity than an actual cryptographic regime (ala gpg encrypted attachments, etc). Other than that, neat stuff.

Re:Good stuff, but... (5, Interesting)

Realistic_Dragon (655151) | more than 10 years ago | (#7659972)

You can always encrypt first then hide later.

Security through obscurity is fine _as an additional layer_ - can't even begin to decrypt something you can't find.

Re:Good stuff, but... (1, Insightful)

VargrX (104404) | more than 10 years ago | (#7659999)

so sayeth Realistic_Dragon:
You can always encrypt first then hide later.


good point. I need more coffee before I reply to these things... :)

Re:Good stuff, but... (4, Funny)

Frymaster (171343) | more than 10 years ago | (#7660211)

it's like the army.

you put your soldiers in armoured transports... but they still wear camoflauge!

Re:Good stuff, but... (4, Interesting)

Lumpy (12016) | more than 10 years ago | (#7660139)

all of this are nothing more than really old hacker tricks and tips.

The results of my wardialing from payphones or my list of machines/users/passwords was always only on removeable media, encrypted, and then simply hidden in gif files.

Back then the Feds and the other goons that you heard harassing others or trying to jail them were not savvy/smart enough to dig very deep. Hell we use to openly trade information in Gif files on a national BBS, although we did get sloppy. The more naked the chick in the picture, the better the info was inside it with one exception... targets we were after were in the "ugly" files.

Re:Good stuff, but... (2, Insightful)

Phigs (528913) | more than 10 years ago | (#7659991)

When he attached the files, he also encrypted them didn't he (with the passphrase). In the article he made a point to showing off all of the encryption standards supported by the utility.

Re:Good stuff, but... (0)

Anonymous Coward | more than 10 years ago | (#7660000)

That's why you do both. The point is to avoid being forced by law to remove your own encryption (unless the application is 'watermarking' for some kind of DRM). It would be quite an accomplishment to formalize the idea of "noticable by any other entity at casual (or semi-casual) observation" (of course I have a few ideas, but who doesn't? I seriously doubt they would pan out...). Really, formalizations of "strength" in crypto. are still open to debate; something like this is, for the moment, not feasible at all.

Re:Good stuff, but... (4, Interesting)

ReTay (164994) | more than 10 years ago | (#7660084)

Well again this falls on the user.
When I Steg an image I encrypt the text first then plant it into the picture.
Even if you figure out that the image has been Stegged you won't know if you get the
Method I used to put it in because you can't read it. But all the receiver needs to do is use the correct decoding in Steg and then un encrypt the images. You may be able to tell there is something in the picture but reading it is another matter.

shhhh! (1)

WormholeFiend (674934) | more than 10 years ago | (#7659939)

don't tell anyone! /too late i guess

The great thing about being disorganized... (4, Funny)

TWX (665546) | more than 10 years ago | (#7659940)

...is that no one else knows where to look to find things that might be sensitive. You can literally hide things in plain sight, but with the amount of crud stacked everywhere physically, and the amount of data strewn about with no apparent labelling (except for the porn of course), no one can actually tell what is important and what isn't.

Of course, dates don't seem to understand the logic of living in an apartment that already looks like it's been rifled through.

Re:The great thing about being disorganized... (4, Insightful)

Lumpy (12016) | more than 10 years ago | (#7660174)

you got modeed funny but this is a very useable and strong way of hiding. Not only files but attacks and most anything else.

If I upload 500 photos a month to the net Each of them contain something in the photo (results of /dev/random in random lengths) and then I fire off one photo in a group of others that has real information, the chances of it being found or even noticed is lower than having a encrypted file cracked.

I've seen this used many times and is used in nature by birds and fish...

a school of 500 fish makes it impossible for a predator to single out one specific fish.

Re:The great thing about being disorganized... (1)

PetoskeyGuy (648788) | more than 10 years ago | (#7660231)

The Wife doesn't seem to get that argument either. Labeling the porn is an interesting idea, but could set a bad precedent.

Here's some arguments I've tried that may work with your SO.

Fuzzy Logic - It sort of goes in this pile, but it could go a little bit into those other piles too.
Chaos - It's actually a more advanced form of order she just doesn't understand yet.
Shortest Path - I'm never more then a few feet from anything I need.
Strange Attractor - Things just end up this way over as movements are iterated over time. (Couldn't refute it, but still didn't like it)

She's cleaned a few times, but might as well have thrown everything away for how much it helped me. :o)

Steg is fairly useful, but it is crackable (4, Insightful)

j0keralpha (713423) | more than 10 years ago | (#7659942)

I use steg sometimes to pass messages i dont want out in plaintext or overtly encrypted, but it has to be passed in such a way that it isnt apparent that a message is there (i.e. email to brother 'See these pics of grandma!'). It is not a foolproof method, but its very useful when you realize you cant trust the encryption itself to hide the message.

Re:Steg is fairly useful, but it is crackable (1, Insightful)

grub (11606) | more than 10 years ago | (#7659965)


You can encrypt a message then hide the encrypted text within a file with steganography. Casual browsing wouldn't reveal the existance of the encrypted info.

MOD PARENT DOWN! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660068)

grub is a known troll who has already posted a goatse link on this same article! Don't give him any karma!

Re:Steg is fairly useful, but it is crackable (0, Informative)

Anonymous Coward | more than 10 years ago | (#7660009)

MIT proved that stenographic files can be detected nearly 100%

then you have to crack them

How come ... (4, Interesting)

DogIsMyCoprocessor (642655) | more than 10 years ago | (#7659944)

BSD is mentioned 3 times in the post, while the utilities that actually do the work are only mentioned once? This is like titling a post "Processing Images with Filters on Mac OS X" and only mentioning once that you use Photoshop.

Re:How come ... (-1, Flamebait)

Zebbers (134389) | more than 10 years ago | (#7660005)

ummm
one was in the title, good place
one is the SUBMITTERS FUCKING NAME
and one in the post

how bout you go read the friggin article
i did, it was a decent intro

Re:How come ... (0)

Anonymous Coward | more than 10 years ago | (#7660076)

Actually, it's in 4 places, as it's in the BSD section (haven't been in here in MONTHS).

And how is that different than... (3, Insightful)

Anonymous Coward | more than 10 years ago | (#7660109)

Posts/books/whatever that say "My webserver is Linux" (No it is not. It is Apache) "How to use LInux to serve Windows files" (No, you are using SAMBA and LDAP.) "Robot runs on Linux" (No, its some custom code that runs ON the GNU/Linux environment)

Where have YOU posted objecting to abuses like the above?

Well?

No... (4, Interesting)

SuperBanana (662181) | more than 10 years ago | (#7659947)

Bad guys in the movies all keep their wall safes hidden behind paintings

No, bad guys in movies walk into the Rich Dude's house, immediately realize where the safe is, pull the painting away and get whatever's in the safe. How many times have we said that security through obscurity isn't security, and now we're all clamoring about obscuring data to make it safer.

Data-wise, it seems like you'd need to be hiding a relatively small amount of data. Otherwise, you're like an elephant trying to blend in at an LA cocktail party.

Re:No... (0, Insightful)

Anonymous Coward | more than 10 years ago | (#7660077)

So your instructions on how to be a cat burglar would be:
  1. Find safe
  2. ???
  3. Take stuff from safe

Re:No... (2, Funny)

Anonymous Coward | more than 10 years ago | (#7660112)

Otherwise, you're like an elephant trying to blend in at an LA cocktail party.

Delta Burke did this for years

Re:No... (1)

hey (83763) | more than 10 years ago | (#7660160)

Better to put the safe behind a painting than in front!

Re:No... (2, Insightful)

Lumpy (12016) | more than 10 years ago | (#7660228)

Yes and no. I dare you or anyone else to locate my valuables in my house. hell they're not even in a safe.

I used to use hollowed out books in college for safe storage from the idiot friends my roommate had, same as the trick of the first 4 bottles of beer in the fridge were filled with piss, the pattern of real beer versus piss was changed weekly by the beer owner. It kept the mooch friends out of the beer, although was a bit wierd to have bottles of piss in the fridge as far as I was concerned.

You can blend in if you make that elephant look like it belongs there... release a herd of elephants and your elephant will not be noticed.

It's the same trick as the fake rock holding your house key.

Re:No... (2, Interesting)

wideBlueSkies (618979) | more than 10 years ago | (#7660238)

OK, so you get a bunch of dummy .jpg files right? Fill em up with whatever you have to hide. Then rename them to look like object files.

So myBankAccountNumbers.jpg becomes mban.o and myMistressesAddressAndPhone.jpg becomes maap.o.

Then drop em in with your system files. Done.

On Window$, rename them to .dll or .obj to accomplish the same thing.

OR, drop them into your MySQL data folder, and rename to pictures to match what's in there. This might work for you if you use MySQL and do regular backups.

So it's kinda like changing the paintings on the walls to look like sheetrock or bricks.

I don't guarantee that this would keep forensics guys from finding stuff, but I don't think the first place they're going to look for stuff is in system or development files.

The only problem here is to keep track of what is what. After a couple of files, it's going to be a pain to remember which file has your pr0n site passwords in it, versus Gramma's cookie recipe.

wbs.

Why FreeBSD? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7659954)

Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.

And FreeBSD zealots, as much as this simple truth hurts, please don't mod this -1,troll or -1, flamebait, that is known as denail.

Re:Why FreeBSD? (-1)

Charles_Anus (729584) | more than 10 years ago | (#7660167)

"denail" ?

Really cool demo... (5, Interesting)

veecee_veecee (694455) | more than 10 years ago | (#7659959)

This was my first exposure to a steganopraphy demo....Written by the author of a bunch of books on Computer Networks and Operating Systems... http://www.cs.vu.nl/~ast/books/mos2/zebras.html [cs.vu.nl]

To myself... (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7659961)

To myself I won't be lying,
that Free B S D isn't dying.

Bad Guys? (5, Interesting)

philovivero (321158) | more than 10 years ago | (#7659962)

All the BAD GUYS hide their safes behind pictures? Is the metaphor you're trying to paint that BAD GUYS use steganography? The government propaganda wars are working. Newspeak is ingrained.

Every citizen of these modern times is a criminal, and because everyone is a criminal, everyone should use steganography. Most criminals are not BAD GUYS, but instead, good loving parents, patriots, and friends to society. It no longer makes sense to equate criminal to BAD.

Imagine the uses (1)

pbug (728232) | more than 10 years ago | (#7659968)

I am thinking spy stuff now because this trend [slashdot.org] you have that critical file excahnged without detection (yeah right). Or you can hide your critical data in one of these [thinkgeek.com] just a thought

Not so good.. (5, Informative)

tr0llx0r (730590) | more than 10 years ago | (#7659975)

Stegdetect is an automated tool for detecting steganographic content in images. It is capable of detecting several different steganographic methods to embed hidden information in JPEG images. Currently, the detectable schemes are
  • jsteg,
  • jphide (unix and windows),
  • invisible secrets,
  • outguess 01.3b,
  • F5 (header analysis),
  • appendX and camouflage.
Stegbreak is used to launch dictionary attacks against JSteg-Shell, JPHide and OutGuess 0.13b.

Re:Not so good.. (2, Insightful)

Lumpy (12016) | more than 10 years ago | (#7660246)

and it becomes 100% useless if you make it trigger tons of false positives.

if EVERY picture on a website trigger's it's detection and yet you find nothing in them you begin to suspect the usefulness of the tool.

here lies the true power in stenagraphy.

Are there secrets in the opensource images? (4, Interesting)

ksheka (189669) | more than 10 years ago | (#7659976)

First time I read the headline, I thought it was implying that there are secret messages in the icons/images that are part of the freeBSD installation. Which brings me to wonder: what prevents people from putting messages hidden in the KDE or Gnome icons and such?

(Maybe a "If you can read this, you're too paranoid" sort of message in the Redhat splash picture?)

Re:sig (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660141)

--
alias uptime="echo '5:33pm up 22342352324 days, 6:28, 2124315623 users, load average: 2432.40, 12312.31, 123123.19'"


Yes, I'm ENTIRELY SURE that users will believe your box has been up since the Paleolithic period. If you're going to fake uptimes at least make it believable.

How to hide files in windows (3, Funny)

j_dot_bomb (560211) | more than 10 years ago | (#7659993)

Simply rename its extension to .dll. It will fit right in to the gigs of OS files.

Steganographers Need To Hide Their Tools Too (3, Insightful)

Anonymous Coward | more than 10 years ago | (#7660004)

I have yet to see a good treatment of the necessity of hiding the fact that one may have knowledge of or tools capable of implementing steganography. While hiding data is a nifty thing, it's not of much practical use unless you can also hide the code - the tools that you use to embed and deembed your steganographically hidden files.

Adding hooks to libraries and hiding executable code in data areas and coming up with slick ways of calling into that code when you actually do some stega processing is an area ripe for exploration. It may be more challenging than data hiding as well, especially when you consider the huge libraries of md5sums for all known executables and libraries that are maintained and distributed by computer forensics people.

Why FreeBSD? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7660006)

Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.

And FreeBSD zealots, as much as this simple truth hurts, please don't mod this -1,troll or -1, flamebait, that is known as denail. I am reposting this because some deluded zealot modereted it down. I have plenty of proxies thanks to comprimized BSD boxes, and I will keep on posting this until it gets a 5, insightful.

Why FreeBSD? (3) (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7660031)

Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.

And FreeBSD zealots, as much as this simple truth hurts, please don't mod this -1,troll or -1, flamebait, that is known as denail. I am rereposting this because some deluded zealot modereted it down. I have plenty of proxies thanks to comprimized BSD boxes, and I will keep on posting this until it gets a 5, insightful.

Re:Why FreeBSD? (3) (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7660129)

Gee, only 2 posts. Did you run out of OpenBSD boxes to post from?

Does this mean ... (2, Interesting)

value_added (719364) | more than 10 years ago | (#7660035)

I can hide my entire pr0n collection in a single gigpixel [slashdot.org] image?

Seriously, though, I read a news article some time ago describing how the FBI are onto such data hiding techniques after discovering terrorists (ok, "Arabs") had been posting stego encrypted messages in images posted to various popular terrorist (there I go again!) websites.

Don't know to what extent they're "onto" it (they never say, do they?), but I imagine looking for secret clues [abeautifulmind.com] can be a full-time job.

I wonder . . . (5, Interesting)

lavaface (685630) | more than 10 years ago | (#7660049)

What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

Re:I wonder . . . (5, Informative)

The Darkness (33231) | more than 10 years ago | (#7660156)

What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

Of course.

These utilities usually use bits that will not make a change apparent to a human observing the data with our normal senses (ie. the last bit in each color field) so obviously doing anything to change the bit pattern will destroy the message.

Re:I wonder . . . (2, Interesting)

gosand (234100) | more than 10 years ago | (#7660180)

What happens if you edit the file in a graphic utility? Does it alter the hidden info? Destroy it? Do different actions (hue shift, paining-on-top) affect the outcomes?

Hmm. If it does, you could use it to your advantage. Encrypt your message. Use steg to hide it in an image. For that added level of (ob)s(e)curity you could hue shift the image whatever values you wanted before hiding your message in it. Adjust the values to "normal" before sending it.

To completely decrypt it, you would have to be able to set the R,G, and B values to the correct ones, then de-steg it to get the message, then unencrypt it.

Seriously, do any of you have information that is THAT secret? :-)

why the old stuff? (4, Interesting)

Tom (822) | more than 10 years ago | (#7660055)

Why do we get articles about tools that are what? 3 years old?

There is enough new and interesting (and better) stuff around. For example, rubberhose [rubberhose.org] would've been much more interesting to read about.

Re:why the old stuff? (0)

Anonymous Coward | more than 10 years ago | (#7660221)

from the homepage:

available for Linux 2.2
Latest alpha: Rubberhose 0.8.3

Sounds very interesting... hmm, we have nearly 2.6 coming out. Doesn't look too up2date to me.

Besides, steganography in images etc may be used to transmit data. So these stuff has its merits as have encrypted filesystems.

Why FreeBSD (4) (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660079)

Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.

And FreeBSD zealots, as much as this simple truth hurts, please don't mod this -1,troll or -1, flamebait, that is known as denail. I am rereposting this because some deluded zealot modereted it down. I have plenty of proxies thanks to comprimized BSD boxes, and I will keep on posting this until it gets a 5, insightful. So don't waste your mod points, just reply nicely, as you know, if I did s/FreeBSD/Windows/g I wouldnt need to tell you not to mod it down.

Ehh? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7660082)

I can't tell a difference in the audio quality, which, granted, I've never found that great for .wav files anyway.

Fucking fool..

Serious question about FreeBSD (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660091)

OK, I know this is very much OT but a busy site such as Slashdot should be able to help me out here. Bear in mind that I'm not trying to start a flamewar or anything; just want some good reasoned responses. Right...

Why should I use FreeBSD over Linux?

The reason I'm asking is this: despite having used Linux for many years, I'm constantly being told by FreeBSD fans to switch to their favourite OS. Some make pleasant suggestions, others act with great zealotry and tell me things I know aren't true. The way I see it is as follows:

Stability - Various BSD fans have told me that it's "more stable" and "crashes less". I can safely say that my Debian and Slackware boxes have _never_ crashed or kernel panicked in five years of use; yes, in comparison to a bleeding edge desktop distro such as Mandrake, FreeBSD is bound to be more solid, but proper, well-designed and thoroughly tested distros like Debian and Slackware are totally rock-solid.

Performance - I've been told by FreeBSD users that their OS is much faster than Linux. To make this judgement myself, I performed a few benchmarks with FreeBSD 4.8 and Linux 2.4.20, and also FreeBSD 5.1 and Linux 2.6.0-test. The differences were negligible, although on my 2-CPU box Linux was the clear winner. 2.6.0-test also showed more responsive behaviour on the desktop.

Hardware support - I had troubles getting FreeBSD running on my laptop. Linux supported the hardware much better, and has a significantly broader range of x86 support.

Software support - It's so much easier to find software that will compile natively on Linux. Yep, Ports are good, but they're nowhere near as tested and integrated as, say, Debian's stable repositories.

Security - Both OSes are pretty secure by modern standards, but I can't see the value in FreeBSD's updating method. With Debian, one simple "apt-get" command is needed to get the latest security fixes. With FreeBSD, a tiresome chore of CVSuping, compiling and installing is required, which is doubly annoying on lots of boxes.

Community - Even when I've researched my problem and read up on the docs, I've had BSD fans act incredibly obnoxiously towards me. That's not good at all.

Long term support - FreeBSD only supports each release for 12 months; this means that users have to upgrade. And although upgrading isn't too difficult, the end result is a slightly different system and difficult to target apps against (new features/bugs/changes is newer Ports releases etc). Meanwhile, Debian has over 2 years support for each release, and Red Hat offer 5 - perfect for corporate adoption.

So those are the criteria I judge an OS on, and while many BSD fans keep telling me to use FreeBSD, I can't see what it offers in the real-world over Linux (subjective licensing issues aside).

What concrete benefits does FreeBSD offer? Serious question. It appears that Linux wins in the above areas, but any input would be good to hear.

Here's the best reason (1, Funny)

jridley (9305) | more than 10 years ago | (#7660146)

http://www.xs4all.nl/~marcone/bsdversuslinux.html

Interesting.. (1)

devphaeton (695736) | more than 10 years ago | (#7660101)

Steganography is new to me (as a science). All i can say is i'm RTFA'ing and it's badass cool :o)

Does this disqualify me as a slashbot?

moderation (-1, Offtopic)

tarzan353 (246515) | more than 10 years ago | (#7660114)

Moderators are selected from the Slashdot community, and so have the same biases. Six months ago I would have said that the Slashdot BSD section had a trolling problem. I think it's pretty clear now that Slashdot itself is a good part of the problem.

Slashdot has taken the attitude that the BSD community is responsible for cleaning up the problem via moderation, and failure to do so means that the community doesn't care. Since the community doesn't care enough, the reasoning goes, BSD really is, in some sense, dying and not worth saving. But this makes two assumptions that are easily shown to be false:

  1. If the BSD community (or other small community within Slashdot) cares to use it, moderation can effectively clean up the trolls, crap floods, and so forth.

    This ignores the asymmetry of the situation. A crapflooder with a dialup connection and an idle hour or two can post dozens of messages. For this, several community members have to use up all of their weekly (if they're lucky) mod points, knowing full well that the same misfit can come back and do it again minutes later.

    There aren't that many more trolls or crap flooders in the more popular sections but there are a lot more moderators, so no one has to blow their entire allotment of mod points dealing with miscreants. (And I might note that all the complaints about trolls and crapflooding here indicate a community that would deal with the situation if it had the mod points to do it.)

  2. Moderation is self-regulating.

    The fallacy of this belief was brought home to me not long ago when I was metamoderated "unfair" twice in succession for down-moderating obvious trolls in the BSD section. And, as many of us have noted lately, there are an increasing number of irrelevant postings and even blatant trolls getting positive mods. Once again, the supposed self-correcting nature of moderation fails for lower-trafficked sections.

This is actually just the tip of an iceberg which threatens to smash Slashdot into a chaotic free-for-all; I don't think the BSD section is likely to be an isolated case for long (if this is even the case now). Just skim through the postings on nearly any technophile (i.e. geeky) subject, and see how little interest there is for true "News for Nerds" any more. At least the half the posts will be "Who the hell thinks this is interesting enough for an article?" or "Hasn't this been done before?" There is little moderation and it can take some time before the trolls and crapfloods get mopped up.

On the other hand, each tidbit from the SCO or RIAA affairs gets many hundreds of highly-moderated "Ain't it awful" posts, and at least for the first several hours obvious trolls get squashed in minutes. (This despite the fact that very little is newly Insightful or Informative any more on thse subjects, or even much left that is Interesting.) I'm sure that Slashdot gets loads of ad impressions when they run these stories, however, and perhaps the cynics who claim that this is the reason Slashdot runs them are right. But that's irrelevant; the fact is that as a result of these stories Slashdot's content is getting softer and softer, and therefore the average Slashdotter is more likely to be only a camp follower of the technophile community, driven by peer influence rather than an actual passion for computers and technology.

This is all grossly off-topic (except in the sense that Slashdot is a proper topic for a posting on Slashdot), and I expect some Offtopic moderations as a result. But over the years I've seen Slashdot becoming a bloated caricature of its former self, and this seemed as good a time as any to speak up.

Why FreeBSD? (10) (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7660147)

Why should I have to risk screwing up my system using an unproven, unstable potentially dangerous system like FreeBSD? Why can't you just provide binaries for Linux, the industry standard for security.

And FreeBSD zealots, as much as this simple truth hurts, please don't mod this -1,troll or -1, flamebait, that is known as denail. I am rereposting this because some deluded zealot modereted it down. I have plenty of proxies thanks to comprimized BSD boxes, and I will keep on posting this until it gets a 5, insightful. So don't waste your mod points, just reply nicely, as you know, if I did s/FreeBSD/Windows/g I wouldnt need to tell you not to mod it down.

Re:Why FreeBSD? (10) (-1)

Anonymous Coward | more than 10 years ago | (#7660194)

It's denial btw. Learn to spell, being 14 is no excuse.

Examples of good steno-encryption (5, Interesting)

MURD3R3R (691512) | more than 10 years ago | (#7660151)

The first and probably best steno-encrypted file I ever remember seeing was the first linux no-modchip hack for the XBOX, from http://xbox-linux.sourceforge.net/docs/007analysis .html

It is a good read.

Lies, Deceipt, and Trickery

The rest of the hack does everything it can to hide itself. There are two major components to the disguise: the "fake" hack, and the JPEG image of Tux.

Firstly the fake hack. The fake hack begins at offset 0xD00 in the game save. If you disassemble the game save, you are likely to notice that some interesting stuff begins there. It appears to be getting it's own address, turning off write protection in memory, patching the kernel, and calling XLaunchNewImage. There is some branching logic which seems to imply that it is patching the kernel in different ways, depending on the value of location 0x8001FFFF in memory. The patches even resemble those that certain modchips perform, some are even at the same offsets. The path to the linux xbe is noticeable as well, at offset 0xFD5.

Upon initial inspection this code seems very plausible. When you look at it closer, there are a lot of inconsistencies. Firstly, the value being tested at 0x8001FFFF does not match up to any known kernels that I know of anyway. Secondly, a lot of the patches to the kernel are junk code and don't make any sense. Thirdly, there is no call to IoCreateSymbolicLink in order for the call to XLaunchNewImage to work. XLaunchNewImage checks to make sure that the path to the executable resides on the 'D:' drive to prevent applications being launched from the hard drive, and therefore only from the DVDROM drive. Without remapping \Device\Harddisk0\Partition1 to 'D:' using IoCreateSymbolicLink, there is no way for the kernel to find the default.xbe as specified.

Secondly there is the Tux JPEG. Starting at offset 0x1080 in the game save is a JPEG image. This is obvious from the text JFIF which is present in all JPEG headers. If you extract out this block, you get a nice little picture of Tux. Seems like a harmless little addition by a linux fanatic. It is typical of linuxheads to stick stuff like this everywhere. In reality, the real hack is encrypted and stored in this image. The practice of storing data in images is known as steganography. Perhaps this doesn't count, as it stores the data in the header and not in the actual image data. It's still rather devious. We'll come back to the contents of the hidden data in a moment.

Hide Gates (-1)

Anonymous Coward | more than 10 years ago | (#7660171)

Maybe if I hide a picture of Bill Gates on my BSD box it will keep crashing.

neat (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660186)

post it on www.kuro5in.org though... slashdot sucks.

Along Came a Spider (1)

tripoc85 (639875) | more than 10 years ago | (#7660201)

Forget metamphors. In Morgan Freeman's
  • Along Came A Spider
    • stenography is used extensivly. By the Bad guy and by kids at school.

Yeah, steganography (5, Funny)

Scholasticus (567646) | more than 10 years ago | (#7660225)

I've been staring at this pictures of Jenny McCarthy for years now, trying to discover the steganographically hidden messages.

That's what I told my girlfriend.

FreeBSD: why's it better than Linux? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7660230)

OK, I know this is very much OT but a busy site such as Slashdot should be able to help me out here. Bear in mind that I'm not trying to start a flamewar or anything; just want some good reasoned responses. Right...

Why should I use FreeBSD over Linux?

The reason I'm asking is this: despite having used Linux for many years, I'm constantly being told by FreeBSD fans to switch to their favourite OS. Some make pleasant suggestions, others act with great zealotry and tell me things I know aren't true. The way I see it is as follows:

Stability - Various BSD fans have told me that it's "more stable" and "crashes less". I can safely say that my Debian and Slackware boxes have _never_ crashed or kernel panicked in five years of use; yes, in comparison to a bleeding edge desktop distro such as Mandrake, FreeBSD is bound to be more solid, but proper, well-designed and thoroughly tested distros like Debian and Slackware are totally rock-solid.

Performance - I've been told by FreeBSD users that their OS is much faster than Linux. To make this judgement myself, I performed a few benchmarks with FreeBSD 4.8 and Linux 2.4.20, and also FreeBSD 5.1 and Linux 2.6.0-test. The differences were negligible, although on my 2-CPU box Linux was the clear winner. 2.6.0-test also showed more responsive behaviour on the desktop.

Hardware support - I had troubles getting FreeBSD running on my laptop. Linux supported the hardware much better, and has a significantly broader range of x86 support.

Software support - It's so much easier to find software that will compile natively on Linux. Yep, Ports are good, but they're nowhere near as tested and integrated as, say, Debian's stable repositories.

Security - Both OSes are pretty secure by modern standards, but I can't see the value in FreeBSD's updating method. With Debian, one simple "apt-get" command is needed to get the latest security fixes. With FreeBSD, a tiresome chore of CVSuping, compiling and installing is required, which is doubly annoying on lots of boxes.

Community - Even when I've researched my problem and read up on the docs, I've had BSD fans act incredibly obnoxiously towards me. That's not good at all.

Long term support - FreeBSD only supports each release for 12 months; this means that users have to upgrade. And although upgrading isn't too difficult, the end result is a slightly different system and difficult to target apps against (new features/bugs/changes is newer Ports releases etc). Meanwhile, Debian has over 2 years support for each release, and Red Hat offer 5 - perfect for corporate adoption.

So those are the criteria I judge an OS on, and while many BSD fans keep telling me to use FreeBSD, I can't see what it offers in the real-world over Linux (subjective licensing issues aside).

What concrete benefits does FreeBSD offer? Serious question. It appears that Linux wins in the above areas, but any input would be good to hear.

MOre stuff on Peter Wayner's website (1, Informative)

Anonymous Coward | more than 10 years ago | (#7660237)

YOu might want to check out Peter Wayner's website [wayner.org] for his book, Disappearing Cryptography . There are several applets that let you hide information in a list of disco songs or even in the order of letters in a word.

Steganography Links (0)

Anonymous Coward | more than 10 years ago | (#7660251)

Steganography http://www.staff.uiuc.edu/~ehowes/soft11c.htm for all your needs.

You sir, are an idiot. (1)

Follis (702842) | more than 10 years ago | (#7660262)

1) .Wav files are not compresed 2) If you don't like .wav files you must REALLY hate cds.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>