Feeds

cDc prepares user-friendly stego app

Secret messaging made simple

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

In an effort to help Netizens in the more paranoid corners of the world evade national censorship, the cDc's Hacktivismo group is developing a browser product called Camera/Shy capable of creating and displaying images with messages which would likely get a Web site shut down or filtered in places like Saudi Arabia and China.

The browser, created by Hacktivismo member 'The Pull', uses steganography, a method for inserting text into graphics files for viewing with companion software. The text is encrypted and can be pass-protected for an additional layer of secrecy.

The group hopes that people hobbled by official Internet censorship will be able to exchange information and opinions which might otherwise be politically risky. Since countries can use filtering and firewalling to keep their citizens from Web sites with 'objectionable' content, the idea here is to hide it in plain sight in approved venues. A discussion of human rights could be carried out under the noses of administrators and moderators on an approved Chinese BBS, for example. The local Feds would have a very difficult time stopping it.

"If there were no state-sponsored censorship of the Internet, if Cisco et al weren't crack hoes for hire, if there were no democracy activists screaming for help -- hell, we could be off having fun instead of working long hours after our day jobs," Hacktivismo member and occasional Reg contributor Oxblood Ruffin told us.

The original idea was conceived by The Pull. "I noted that one thing quite often missing from free security applications was ease of use -- automation for the end user. The lack of that ease and automation irked me as a gaping need because people don't use security products if they have to jump through hoops. People like shortcuts; people like automation," he told us.

We've been playing with a beta version which seems to work well and intuitively in a few simple demo situations. There are four windows, one which renders the page normally and one with a list of image files which can be selected for decryption. When one is selected, the text appears in the main window without further intervention. Other windows allow content to be inserted into image files which the user may post, and there is a format conversion tool as well. Entire Web pages can easily be concealed within an image file. And of course the files can easily be e-mailed around and viewed with the browser.

Camera/Shy will also (optionally) shut off all active scripting and clear the cache and history, and reject images not originating on the site being viewed. There are as yet a couple of bugs which the group intends to have sorted out in time for the application's release at the H2K2 conference on 13 July in New York.

No doubt the release will raise hackles among bureaucrats and Feds in many parts of the world, even in the Enlightened West where many in government believe our personal lives should be laid bare for their occasional inspection and approval. Since the 9/11 atrocity, there has been repeated speculation in the press that international terrorist organizations have been using stegged files to communicate across the Internet, though no evidence of this activity has ever been produced.

One financially-weak spyware outfit called iomart attempted a post-9/11 publicity stunt with unsubstantiated claims of this nature, which a number of superstitious reporters in the mainstream press did unfortunately parrot.

There are steganalysis tools such as the one iomart claims to have used, and the Thought Police in several countries may well use them to find stegged files posted on Web sites. But filtering and interrupting the exchange of this data is another matter. "Because the data is hidden in the most common image format on the Web, they would have to perform steganalysis on every gif coming through their wire. This is entirely impractical," The Pull reckons.

So far Camera/Shy works well and promises to be a very useful contribution to the fight against government censorship. It's to be released under the GPL. We look forward to seeing the finished product in a week or so. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.