RE: steganography

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Thu Sep 20 2001 - 07:32:05 MDT


hal@finney.org wrote,
> There is one program which is supposedly undetectable at embedding data
> into JPEG images. http://www.outguess.com has some very sophisticated
> statistical analysis behind it (see the papers on the web site).
> The author has shown how to detect all the other JPEG embedders and
> has constructed his software to be undetectable by the best methods he
> could come up with. So far I am unaware of anyone showing how to detect
> data embedded using his technique.

It's <www.outguess.org> not <www.outguess.com>, and I'm perfectly familiar
with it. It is a very wonderful program and much more secure than other
ones. But don't assume that it is "perfectly" secure.

The webpage itself confirms that earlier versions of the program produced
detectable messages. They urge everyone to upgrade to the latest version
and to stop using the earlier version because it was flawed. They even
offer a program called stegdetect that demonstrates that these previous
outguess messages can be detected.

It is the best defense against *known* detection. But like a virus checker,
it isn't perfect, it won't defend against new or unknown methods, and it
will have to be regularly updated as new methods surface.

--
Harvey Newstrom <http://HarveyNewstrom.com> <http://Newstaff.com>



This archive was generated by hypermail 2b30 : Fri Oct 12 2001 - 14:40:53 MDT