Hey, I use to send passworded zip files encode INTO large BMP pictures at intervals (using linear or quadratic equations).
So whats new with using malformed packets, they just get dropped mostly. Hmm, Ofcourse you could hook a tcpdump to catch those packets where covert messages resides, beats Yahoo IM for sure ;p (i use snort and i get messages like "h4c1< d p74n3+" before) On Mon, 02 Aug 2004 07:54:37 +0800, Eric Noel <[EMAIL PROTECTED]> wrote: > > > On 7/30/2004 4:56 PM, [EMAIL PROTECTED] wrote: > > > gp writes: > > > >> What amaze me was another presentation on Spam and Covert channels. > >> Here the speaker from Computer Science Corp talked on analysis on > >> spam and Convert channels. Naka nga- nga ang lahat noong sabihin how > >> cutting edge mag communicate ang mga Pinoy thru seemingly spam but > >> was actually a convert channel of communication. It is like the > >> speaker alluded that group of Pinoy spam ring based in the > >> Philippines, US, Canada and France were communicating differently. > > > > > > cant resist but does anybody have an idea what is this 'covert channel' > > of communicating? the only thing that came to mind is the bastardized > > txt lingo that is getting prevalent not only on SMS ring but also on > > email conversations. > > un lng psok icp me. k? /*insert u with umlaut here*/ > > anyway, the mention of the DOST in the presented paper is really > > something to be proud of. :) > > ciao! > > -- > > "Programming, an artform that fights back" > > Anuerin G. Diaz > > Registered Linux User #246176 > > Friendly Linux Board @ http://mandrakeusers.org/index.php -- > > Philippine Linux Users' Group (PLUG) Mailing List > > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > > Official Website: http://plug.linux.org.ph > > Searchable Archives: http://marc.free.net.ph > > . > > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > > . > > Are you a Linux newbie? To join the newbie list, go to > > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > > > Its still about emails, header analysis, encoding (e.g. nonstandard > headers, seq duplication), content analysis. like for those outlook > users they will see a cool email from a spammer but if use text-only > when reading emails you will see the hidden links, garbled messages. > They mentioned about the ff based in phils: > -univ of immac conception uic.globe.com.ph/grimrod as well as > -cebu intl school that suggest spammers are likely school age > -filipino global irc > > > -- > Philippine Linux Users' Group (PLUG) Mailing List > [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) > Official Website: http://plug.linux.org.ph > Searchable Archives: http://marc.free.net.ph > .. > To leave, go to http://lists.q-linux.com/mailman/listinfo/plug > .. > Are you a Linux newbie? To join the newbie list, go to > http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie > -- Roger P. Filomeno Systems Developer Finger Apps Inc http://fingerapps.com 3/F Makati Finance Bldg., 7823 Makati Ave., Makati. -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
