Steganography with Flickr
http://digitalphotography.weblogsinc.com/entry/1234000647052419
Posted Jul 29, 2005, 3:36 PM ET by Keith McDuffee
steganographyI¹ve recently purchased a Pro account over on Flickr. Since I¹m
moving to a new place in a few weeks, paranoia has set in over possibly
losing all of my digital photos due to a dropped computer, lost backup DVDs
and CDs, or simply stolen equipment. What¹s great about Flickr is the
sorting capabilities and, most importantly, unlimited storage. Surely they
must have something in place to avoid taking too much advantage of that
unlimitedness? Actually, it seems they don¹t.
Steganography is a way of embedding just about any kind of file or data
within another ³cover² file, though not noticably altering the cover file¹s
content. Usually this embedded content is encrypted with a passphrase of
some sort, only extractable via special programs. So should you embed a file
within a JPEG image, for example, the casual observer would only see the
image and perhaps only notice something odd due to the image¹s file size.
I decided to give steganography a try on Flickr¹s system, wondering if they
somehow sensed altered images and stripped the extra or raised a red flag of
some sort. Since I¹m primarily a Linux user, I opted for the Steghide
utility, though there are several freeware Windows applications available
that do the same. Steghide allows you to embed any data within JPEG, BMP,
WAV and AU files, encrypting, passwording and compressing the content if you
wish.
After installing the program on my Fedora Core 4 system, the procedure was
rather simple. I decided to use a nice B&W photo of my dog, Guinness, as the
cover file (image links to Flickr location):
guinness the dog
Next I picked a basic PDF file as the embedded document. I just picked a PDF
job application form from my old school.
$ steghide embed -ef JobApp.pdf -cf guinness.jpg -p testing123 -sf
guinness-steg.jpg
embedding ³JobApp.pdf² in ³guinness.jpg²... done%
writing stego file ³guinness-steg.jpg²... done
$ ls -g
total 3416
-rw-rr 1 admin 1709600 Jul 29 13:39 guinness.jpg
-rw-rr 1 admin 1696487 Jul 29 14:25 guinness-steg.jpg
-rw-rr 1 admin 73255 Jun 30 14:09 JobApp.pdf
As you can see, the compression did a pretty good job the image containing
the PDF is actually smaller than the original! Do they look any different?
Nope.
Now let¹s get some info on the file:
$ steghide info guinness-steg.jpg
³guinness-steg.jpg²:
format: jpeg
capacity: 104.6 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file ³JobApp.pdf²:
size: 71.5 KB
encrypted: rijndael-128, cbc
compressed: yes
And to extract the embeded file:
$ steghide extract -sf guinness-steg.jpg -p testing123 -xf JobApp2.pdf
wrote extracted data to ³JobApp2.pdf².
[EMAIL PROTECTED] ls -g
total 3492
-rw-rr 1 admin 1709600 Jul 29 13:39 guinness.jpg
-rw-rr 1 admin 1696487 Jul 29 14:25 guinness-steg.jpg
-rw-rr 1 admin 73255 Jul 29 14:30 JobApp2.pdf
-rw-rr 1 admin 73255 Jun 30 14:09 JobApp.pdf
I¹ve tested uploading the guinness-steg.jpg¹ to Flickr and then downloading
it again, and the embedded PDF file stays intact. Check it for yourself.
So basically Flickr can be used as a personal off-site backup system for all
of your documents, not just images. Steganographied images can be shared
with Flickr friends to pass on documents or other files. Honestly, though, I
feel Flickr is an amazing service that I¹d rather not see abused and lead to
limit Pro account sizes. I¹d rather see them figure out a way to stop such a
thing from being possible or else let it be known such a practice is OK or
not in their eyes.
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
