Hacker10

Steganography, hiding text inside photos and sound files

The word steganography has Greek origins, it means concealed writing, in the digital world steganography (aka steg or stego) consists in hiding data inside data, it is mostly used to hide text inside pictures or sound files but any kind of data can be hidden and any kind of file can be used as a carrier file.

Steganographic software takes advantage of the way binary works where the bits towards the right of a file are the ones with less significance, changing them results in little distortion for the file, an example of this would be changing the red colour of a few pixels on a digital photography for a different tone of red that it is not noticeable to the human eye, since a photography can have millions of pixels slightly changing a thousand of them would be very hard to notice without the the original picture to compare with.

Another use for steganography is digital watermarking, the film industry is known to embed an invisible watermark in their preview films, before release, if one of these copies is leaked and found in a file sharing site they can track down who the person responsible for that copy was. Steganographic software is commonly used in conjunction with encryption, the data is encrypted before hiding it to add an extra layer of security, if the hidden data is ever found it would still be protected by a password.

Steganography advantages over encryption

It does not attract attention: Encrypting a message gives away that there is something of value and this will attract unwanted attention.

Packet sniffing barrier: Encrypted PGP email messages start with a line identifying them as an encrypted PGP message, making it easy for a packet sniffer on an ISP to flag encrypted PGP emails by just scanning for the word PGP or GnuPG, this can not be used against steganography.

Makes Internet surveillance difficult: If someone’s Internet activities are being monitored visiting Flickr and uploading personal family photos with hidden messages will not trigger any alarm but sending encrypted messages and visiting a political discussion forum will.

Difficult to prove it exists: In some countries like the United Kingdom you can be required by the police to provide the password to your encrypted files, refusing to do so carries a prison sentence, if the data has been hidden inside a photograph the police would first have to show beyond reasonable doubt that there is definitely something hidden inside the file.

Methods to detect steganography

Steganalysis is the art of discovering hidden steganographic messages, this science is not perfect, it is possible for steganalysis not to detect steganographic files if the data has been very well concealed and the original file, before data has been hidden within it, is not available for analysis.

Image steganalysis

Steganographic software embeds information in front of the hidden message, this information contains details about the length of the message, compression method, and anything else the developer chooses, after all the data has to be readable at some point, if the software used to hide the information (aka payload) inserts some unique characteristic in the header then it can be proved the file has been tampered with.

A good method to find hidden messages inside pictures is by using an hexadecimal editor and read the image header first bytes, for example a GIF image seen by an hexadecimal editor will always read “47 49 46 38”, it means “GIF” in ASCII code, if a GIF image has been used to hide a message within it when viewed with an hex editor the first identifying bytes will be different from the standard ones.

There are automated tools to detect steganography, one such tool is Stegdetect, capable of detecting messages in jpeg images, after a hidden message has been found a brute force attack can be launched, with dictionary words attempting to guess the password and expose the data.

Highly compressed data like .rar, .mp3 or .jpeg files make it more difficult to hide data inside because they have less “spare” bits available, if you want to make it tough for someone to find your hidden data use an uncompressed carrier file, like .bmp for images and .wav for sound.

How to hide text in pictures and other files

There are various steganography programs available to hide text or files inside photographs, sound files and executable files, you can even hide data inside documents and HTML code, any kind of electronic file can be used to hide data within it.

StegHide: Open source project, it can hide data inside images (.jpeg, .bmp) and audio files (.wav, .au)

MSU StegoVideo: It hides any kind of file inside a video and protects it with a password.

Steganos Privacy Suite (Not free): It hides data inside pictures and sound files and encrypts is with AES256.

Mp3Stego: It encrypts and hides data inside .mp3 files, free program with source code available to look at.

21 June, 2011
Cloud storage investigation tool Dropbox Reader

Drobbox is an online cloud storage service with millions of users, they claim to keep the data encrypted but their terms and conditions state that (using slightly different wording) there is a backdoor to your private data to allow USA authorities to access it with a subpoena. Besides being unethical it is also a security risk because any backdoor that encryption has can be exploited by the bad guys, without one your data will be more secure from malicious hacking.

Computer hacking forensic investigator

In case using Dropbox back-doored cloud storage does not put you off, a command line computer forensics investigation tool targeting Dropbox users has been released by Architecture Technology Corporation, the tool takes advantage of Dropbox database files and it is meant to be used by computer forensic experts to aid them in their investigation. In real life, anyone with a little Python and Unix knowledge, bad and good people alike, can use this free tool to get data out of Dropbox user’s.

Dropbox Reader can get the user’s email address, Dropbox identifier, software version being used, a list of recently changed files stored in config.db, even without the actualy physical files, names many times reveal clues about the files content, Dropbox Reader can also get a list of files marked for synchronization and the shared directories, stored in filecache.db.

When Dropbox is installed it makes changes in the Windows registry, an investigator should be able to find out that Dropbox has been previously installed by just looking at the Windows registry keys and get some information out of Dropbox even when this has been uninstalled, when uninstalled Dropbox removes the database but keeps the installation directory in place.

Visit Dropbox Reader homepage

19 June, 2011
List of the best free Spyware removal tools

Antispyware software should be used in conjunction with antivirus software and not as a replacement, antispyware and antivirus have different functions, antivirus software for example, does not warn you of tracking cookies, good antispyware software will not cause you any incompatibility when you run it alongside an antivirus the developers will have designed it with that in mind.

Free antimalware tools

SuperAntispyware: Light on system resources, it has been designed not to slow down your computer during spyware scanning, it works alongside anti-virus software without compatibility problems, a very thorough antispyware tool, scanning your files, computer memory and Registry, it’s custom scanning engine allows you to check external USB devices like thumbdrives for spyware and exclude folders you are known to be safe in order to speed up the antispyware scan.

SuperAntiSpyware menu screen

MalwareBytes: Multilingual antispyware software that can detect spyware before installation and remove it if the computer has already been infected, the free basic version is very limited, it has no real time protection and no heuristics against zero day threats.

SpywareBlaster: It prevents installation of spyware, adaware and other malware designed to get into your system and invade your privacy. It doesn’t use any significant CPU or computer memory and will not slow down your computer while it protects your Internet browsing session, capable of running along other antivirus and firewall software.

SpywareBlaster malware scan

Spybot Search&Destroy: This malware protection tool provides complete information on any spyware it finds, it works in the backgrouond protecting you against new threats not found by your antivirus software, in between others, it protects you against toolbars installing in your browser without your knowledge and homepage hijacking.

SpywareTerminator: Real time HIPS protection, after scanning your computer SpywareTerminator will show you a list with easy to understand information of all of the threats it has found, the entries are classified by risk level and the user can decide what has to be removed, integrated with ClamAV open source antivirus which is included with the antispyware software download.

Lavasoft Ad-Aware: The free version provides basic behaviour based heuristic technology able to detect zero day threats, rootkit removal, integrated with Windows Security Center, spyware scanning can be scheduled and customized pin-pointing Ad-Aware to single files or external hard drives, you can submit suspicious files to Lavasoft technicians for analysis with just a click.

Beware of fake antivirus and antispyware!

A well know multimillion scam is run by fake software pretending to be a legitimate spyware removal tool that is not able to detect anything and makes computer users believe that they have been infected by malware by showing them window replicating a computer scan with annoying popups and scary messages, in order to remove the non existent malware from the operating system the user must to buy an “upgraded” version of the software which then removes the fake malware warming message.

Fake spyware alert

Stay out of brands you know nothing about, if you believe your system has been infected by spyware do as much research as possible on the Internet about the kind of malware you have, before upgrading to any paid for software whose brand you know little about inquire around first and most important of all, never install any pirated antivirus software in your system or buy it from dodgy sources, not only the updates for counterfeit antivirus will eventually stop working, but most times warez cracked antivirus software also comes embedded with a virus.

18 June, 2011
Trusted Platform Module cryptochip explained

Trusted Platform Module hardware contains a built-in chip with cryptographic capabilities able to perform RSA 2048 bit public key encryption and decryption with its own internal hardware engine for SHA-1 hashing, the private encryption keys are created within the TPM chip and never exposed to outside elements, TPM chips are usually found in high end notebooks, many of the of laptops using a fingerprint reader to login are linked to the motherboard’s TPM security chip.

A Trusted Platform Module chip stores digital certificates some of which are file encryption and login authentication keys, the data can only be decrypted by the TPM chip itself, one of the requirements for a notebook to contain a TPM chip is that the chip has been permanently attached by soldering it down to the motherboard, tampering mechanisms, e.g. tampering proof tape, are recommended but not mandatory.

A TPM chip can optionally forge a key tied up to specific computer hardware, aka “sealing” a key, by creating a snapshop of the computer values and hashing them (aka checksum), where a TPM sealed key exists, every time the computer boots file hashes are compared and if they do not match the computer will not boot, removing the hard drive from the device and plugin it in somewhere else will make it unbootable.

Trusted Platform Module encryption diagram

How to enable a TPM security chip

Not all computers have a TPM chip, it is normally found in enterprise level laptops, most of them come with the Trusted Platform Module chip disabled by default, you will need to enable it in the BIOS.

To enter the BIOS click on Del or F2 (depending on BIOS brand) while rebooting the computer, the TPM chip settings are found under “Integrated Peripherals” or in a separate “Security Section” that some motherboards have, choose to enable it, save the BIOS settings and boot your operating system, you will now need to install the motherboard device driver for the TPM chip, the motherboard manufacturer provides you with it.

TPM chip security considerations

Full disk encryption software like Bitlocker and PGP Whole Disk Encryption can be used with a TPM chip, but some basic security measures must be taken, like establishing ownership of your TPM chip by setting up its own unique password totally independent of other passwords. Because the private encryption keys will be stored inside the TPM chip, if you replace the computer motherboard or reset it to factory settings you will no longer be able to access your fully encrypted operating system.

Embassy Trust Suite, a business security suite that comes with most Dell business computers and can implement full disk encryption, makes use of the TPM hardware chip to generate encryption keys.

17 June, 2011
List of programs for full disk encryption

If you encrypt your whole hard drive including your operating system you will not have to worry about wiping data, clearing the Internet browser cache, deleting temporary files and encrypting individual files, all you will have to worry about is choosing a strong passphrase that can not be broken using a brute force attack (trying dictionary words).

The only way to access a fully encrypted operating system is by getting access to the computer while it is switched on (decrytped), you will save lots of time if you decide to encrypt your full operating system, it is not difficult and there is free software for that. Windows Vista and 7 come with BitLocker Drive Encryption for full disk encryption but only the more expensive business high end editions do and it has been designed for businesses with few home user features.

Full disk encryption software without backdoor

Truecrypt (Free): It’s wizard driven menu will guide you through the whole encryption process, there are many algorithm choices, if you do not understand what they mean leave all of the default choices on, they are secure enough for everyone. Truecrypt can encrypt external devices, create virtual encrypted drives and create a hidden encrypted operating system, to be used if you are forced to give up the password.

You will find it easy to find support for Truecrypt at computer security forums and Usenet groups as it is one of the most used full disk encryption programs.

Truecrypt encryption algorithm

DiskCryptor (Free): Open source encryption software, it can encrypt partitions that have already data on them, it supports AES, Twofish and Serpent encryption algorithms, allows you to encrypt USB flash drives and external hard disks with automatic mounting, support for key files, option to place the boot loader on an external device.

DiskCryptor full disk encryption

Symantec Encryption Dekstop: (Over $200): Suite of encryption applications to fully encrypt your operating system, external drive, USB thumbdrive, email and AIM Instant Messenger using PGP encryption. Software includes a data shredder. This product appears targeted at businesses, optionally it can deployed in multiple workstations using a central server.

Symantec Encryption Desktop PGP

DriveCrypt Plus Pack: (Over $100): Whole operating system encryption with AES256-bit, no backdoor, it can hide an undetectable operating system in the hard drive free space, this is useful if someone forces you give up your password, they would not be able to prove a second operating system exists, it can be used in conjunction with USB tokens for preboot authentication, login preboot screen can be changed, you can create your own.

DriveCrypt Plus Pack encryption

SecureDoc WinMagic (Over $100): Encryption of laptops, USB devices and desktop computers using AES 256 bit, certified FIPS 140-2 Level 2, it supports multifactor authentication at preboot level, no backdoor but password recovery is possible if you set it up, available in various languages, extended audit logging make SecureDoc a good option for businesses.

SecureDoc WinMagic full disk encryption

Full disk encryption performance

I have been using full disk encryption for over 5 years, I have used DiskCryptor, Truecrypt and DriveCrypt Plus Pack, in all cases there has been no computer slowdown while I was using full disk encryption, even using it on a low performance netbook with an Intel Atom CPU showed no noticeable performance issue.

If you are a home user you do not need to worry about full disk encryption slowing down your computer activities, the software normally needs very low resources to run on.

15 June, 2011
Quickly lock Windows in your absence with WinLockr

This free open source application will quickly lock your Windows computer while you are away doing something else and do not want to switch off the computer.

WinLockr is an easy to use application that besides locking the screen, it will disable the mouse and keyboard for extra protection, a key combination enables it again. The locked screen is replete of appropriate details, informing the user at what time the computer screen was locked and the failed unlock and shutdown attempts, WinLockr also protects against computer shut-off. If someone discovers your password to unlock the computer it will not be enough, they will also need to know the key combination to activate the keyboard to enter it in the login screen.

WinLockr to lock Windows desktop

If you choose it, you can set up WinLockr to unlock and lock your computer using a USB key instead of a password this makes locking Windows very quick and impossible for others to see what password you typed in since there isn’t one. Windows accounts can be set up with a password and lock the screen while you go away but it doesn’t have all of the features that WinLockr has, if you work in an office environment you will be better off protected using it instead of the default Windows lock screen.

Visit WinLockr homepage

13 June, 2011
Digital certificate email encrytion with Comodo SecureEmail
Sending email via Gmail, Yahoo and Hotmail it is like sending a postcard, anyone who comes across it can read its contents, that includes your ISP and your email provider, Gmail even scans your email contents to introduce what they call relevant publicity, encrypting email messages is the only way to make sure that no third party can eavesdrop on your communications.

There are a few specialist webmail providers that use encryption end to end but you are trusting them with your encryption keys, in security you must trust as few people as it is possible, the more people has access to your private encryption keys the easier a data leakage will be.

Comodo SecureEmail works locally in your computer to send, receive and store encrypted emails, including attachments, it is easy to use and deploy, and free, you can digitally sign emails to confirming the sender’s identity, a digital signature is even harder to fake than a real life pen and paper signature. The software is compatible with Windows Live Mail, Thunderbird, Eudora and other IMAP and SMTP email clients. Comodo SecureEmail comes with a wizard to easily import a Comodo email certificate for encryption and digital signing, or just choose to import someone’s public encryption key instead.

Comodo Secure Email

If the receiver of the emails does not use Comodo SecureEmail he can still read the encrypted messages using a web based reader, the messages will be encrypted using a single use session digital certificate.

Comodo SecureEmail main features
- Easy to use for newbies with automatic encryption and decryption of emails
- It supports most email clients even if they haven’t got built-in encryption
- Wizard to install the necessary digital certificates to encrypt and digital sign messages
- Web reader service to decrypt messages encrypted using a single use digital certificate (aka session certificate)
This email encryption software is light in resources, a small 6.5MB download and it is very flexible, you will not have to swap email software, once the digital certificates have been installed the whole encryption process is automated without having to exchange public encryption keys, encrypting emails using a digital certificate is as secure as using PGP keys to secure messages and easier to use for newbies.

Visit Comodo SecureEmail homepage
12 June, 2011