Re: cDc prepares user-friendly stego app!

From:
Date: 07/07/02 

Date: Sun, 07 Jul 2002 07:15:39 -0400

> Looking up S-Tools... I don't see anything useful. It appears rather old,
> and the most user friendly feature it has is drag and drop. It does not automatically
> scan the webpage for stegged content using your signature and password. It does
> not make links to this content so you can double click it and open the content. It
> appears to use the same steganographic routine I do.
>
> This means you have to know the exact url of the stegged content. You have
> to save the file seperately to disk. (Which will be a double save across
> the wires).
>
> It does not have one button encrypting of such items.

S-Tools4 will prompt for a passphrase regardless of whether the target
file is a stego carrier or not, thereby confusing the whole issue of
where the information is hidden. A CD w/ S-Tools4 and some carrier
images on it make a great way to hide information...pop the CD in, stego
the data, and send the stego'd data out. The CD can be removed and
destroyed separately, in order to prevent discovery or use in a criminal
case.

Your statement about S-Tools4 not automatically scanning for and
identifying stego'd content in a web page implies that this new app from
cDc does do this...making it somewhat dangerous, don't you think? I'm
not as knowledgeable of this new app as you are, but wouldn't you think
that if I had the signature and passphrase from someone else, I could
then find the stego'd files? I'm not talking about actually recovering
the hidden data at this point...just finding the stego'd images.

> Not to disparage other steganographic applications, but geesh, at least
> mention F5 or outguess...

Why?

 
> You stated, "Also, I'm kind of curious about the "automatic invisible cache and
> history clearing"...what does that mean? Do we want cDc and their
> constituent groups doing this on our systems?"
>
> Then you come out and say this about the virus. The first sentences have
> nothing to do with virii.

Exactly. Two separate issues all together.

> It is implying malicious intent other than virii.

Not at all. I'm pretty much against anything that happens
automagically, w/o my knowledge. I'm against RealSecure performing
automatic updates of a CheckPoint firewall, as well...

 
> Unless you believe automatic invisible cache and history cleaning means
> it is more likely to have a virus -- which is simply stupid.

I'd agree. Which is why I never said that. Again...separate issues.

> Let me clue you in: automatic cache cleaning and history wiping makes an
> application no more nor no less possible to have a virus in it.

It wasn't a misunderstanding on my part that led to your comment about
wiping being a virus...it was a leap of logic you put together.

> So, let me ask again, you friggin weasel, what the hell are you implying?

Uhm...nothing.

> The post was about my application, dumb ***.

"dumb ***"? Ouch! Oh, I'm so hurt.

> You talk this way to people in real life?

Do you?

> You start off nasty and go to nastier.

Not at all. I'm simply asking some questions, and giving an opposing
view in some cases. Nothing nasty. I haven't called anyone names yet.

> Typical troll with nothing good or true to say... just ranting
> about a bunch of lies and innuendo just because you can.

Bunch of lies? Niels Provos' research is a bunch of lies?

> An all too common trait of people on the internet. They believe they
> are anonymous so they descend to the worst possible denominator just because
> they can't do it in person.

I'm not going to get into a pissing contest with you about something
entirely off topic. If you get bored or frustrated with my posts, so be
it. I'm not attacking you or anyone else. I'm looking at this new app
and trying to find out more, and get a better understanding of it, thats
all.

Loading