Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

October 31, 2018

ICC Metadata – Vulnerability Pattern?

Filed under: Steganography,Tweets,Twitter — Patrick Durusau @ 2:07 pm

This Tiny Picture on Twitter Contains the Complete Works of Shakespeare by Joseph Cox.

From the post:


The trick works by leveraging how Twitter handles metadata. Buchanan explained that Twitter strips most metadata from images, but the service leaves a particular type called ICC untouched. This is where Buchanan stored his data of choice, including ZIP and RAR archives.

“So basically, I wrote a script which parses a JPG file and inserts a big blob of ICC metadata,” he said. “The metadata is carefully crafted so that all the required ZIP headers are in the right place.” This process was quite fiddly, he added, saying it took a few hours to complete, although he wrote the script itself over a span of a couple of months.

“I was just testing to see how much raw data I could cram into a tweet and then a while later I had the idea to embed a ZIP file,” Buchanan added.

The ICC link points to PhotoMe:

PhotoME is a powerful tool to show and edit the meta data of image files. Thanks to the well organised layout and intuitive handling, it’s possible to analyse and modify Exif and IPTC-NAA data as well as analyse ICC profiles – and it’s completely FREE!

Useful link/software but it doesn’t define ICC metadata.

I’m curious because the handling of ICC metadata may be a vulnerability pattern found in other software.

ICC metadata is a color profile defined by the International Color Consortium. The ICC specifications page has links to the widely implemented version 4, Specification ICC.1:2010-12 (Profile version 4.3.0.0); its successor, now in development, Specification ICC.2:2018 (iccMAX); and, the previous ICC Profile, Specification ICC.1:2001-04.

The member list of ICC alone testifies to the reach of any vulnerability enabled by ICC metadata. Add to that implementers of ICC metadata and images with it.

How does your image processing software manage ICC metadata?

February 16, 2018

@GalaxyKate, Generators, Steganographic Fields Forever (+ Secure Message Tip)

Filed under: Graphics,Steganography,Virtualization — Patrick Durusau @ 11:57 am

Before you skip this post as just being about “pretty images,” know that generators span grammars to constraint solvers. Artistry for sure, but exploration can lead to hard core CS rather quickly.

I stumbled upon a @GalaxyKate‘s Generative Art & Procedural Content Starter Kit

Practical Procedural Generation for Everyone: Thirty or so minutes on YouTube, 86,133 views when I checked the link.

So you want to build a generator: In depth blog post with lots of content and links.

Encyclopedia of Generativity: As far as I can tell, a one issue zine by @GalaxyKate but it will take months to explore.

One resource I found while chasing these links was: Procedural Generation.

Oh, and you owe it to yourself to visit GalaxyKate’s homepage:

The small scale of my blog presentation makes that screenshot a pale imitation of what you will find. Great resource!

There’s no shortage of visual content on the Web, one estimate says in 2017, 74% of all internet traffic was video.

Still, if you practice steganographic concealment of information, you should make the work of the hounds as difficult as possible. Generators are an obvious way of working towards that goal.

One secure message tip: Other than for propaganda, which you want discovered and read, omit any greetings, closings, or other rote content, such as blessings, religious quotes, etc.

The famous German Enigma was broken by messages having the same opening text, routine information, closing text (Heil Hitler!), sending the same message in different encodings. Exploring the Enigma

Or in other words, Don’t repeat famous cryptographic mistakes!

December 15, 2014

Tweet Steganography?

Filed under: Image Understanding,Security,Steganography,Twitter — Patrick Durusau @ 1:34 pm

Hacking The Tweet Stream by Brett Lawrie.

Brett covers two popular methods for escaping the 140 character limit of Twitter, Tweetstorms and inline screen shots of text.

Brett comes down in favor of inline screen shots over Tweetstorms but see his post to get the full flavor of his comments.

What puzzled me was that Brett did not mention the potential for the use of steganography with inline screen shots. Whether they are of text or not. Could very well be screen shots of portions of the 1611 version of the King James Version (KJV) of the Bible with embedded information that some find offensive if not dangerous.

Or I suppose the sharper question is, How do you know that isn’t happening right now? On Flickr, Instagram, Twitter, one of many other photo sharing sites, blogs, etc.

Oh, I just remembered, I have an image for you. 😉

kjv-genesis

(Image from a scan hosted at the Schoenberg Center for Electronic Text and Image (UPenn))

A downside to Twitter text images is that they won’t be easily indexed. Assuming you want your content to be findable. Sometimes you don’t.

Powered by WordPress