From owen at blacker.me.uk Wed Apr 10 14:16:42 2013 From: owen at blacker.me.uk (Owen Blacker) Date: Wed, 10 Apr 2013 14:16:42 +0100 Subject: =?UTF-8?Q?=E2=80=98Secretbook=E2=80=99_Lets_You_Encode_Hidden_Messages_in_?= =?UTF-8?Q?Your_Facebook_Pics?= Message-ID: http://www.wired.com/dangerroom/2013/04/secretbook/ Facebook is a place where you can share pictures of cute animals and fun activities. Now there?s a browser extension that lets you encode those images with secret, hard-to-detect messages. That?s the idea behind Secretbook, a browser extension released this week by 21-year-old Oxford University computer science student and former Google intern Owen-Campbell Moore. With the extension, anyone ? you, your sister, a terrorist ? could share messages hidden in JPEG images uploaded to Facebook without the prying eyes of the company, the government or anyone else noticing or figuring out what the messages say. The only way to unlock them is through a password you create. ?The goal of this research was to demonstrate that JPEG steganography can be performed on social media where it has previously been impossible,? Campbell-Moore tells Danger Room. He says he spent about two months spread out over the last year working on the extension as a research project for the university. [?] It wasn?t easy developing the extension. ?Many tools for steganography in JPEGs have existed in the past although they have always required that the images are transmitted exactly as they are,? Campbell-Moore says. This could be a single pixel changed to a different color, and then repeated over several images, spelling out a message ? which you can?t see, unless you have the translation key, and know which pixel to look for. But when you upload an image to Facebook, the image is automatically recompressed, which can lower the image quality. If you?ve encoded a secret message in the image, Facebook will garble it. Facebook competitor Google+ doesn?t do this, so you can share encoded messages there without needing an app for it. [continues?] -- Owen Blacker, London GB @owenblacker -------------- next part -------------- An HTML attachment was scrubbed... URL: From richard at highwayman.com Thu Apr 11 11:56:57 2013 From: richard at highwayman.com (Richard Clayton) Date: Thu, 11 Apr 2013 11:56:57 +0100 Subject: =?utf-8?q?=E2=80=98Secretbook=E2=80=99_Lets_You_Encode_Hidden_Messages_in?= =?utf-8?q?_Your_Facebook_Pics?= In-Reply-To: References: Message-ID: In article , Owen Blacker writes >http://www.wired.com/dangerroom/2013/04/secretbook/ > >Facebook is a place where you can share pictures of cute animals and fun >activities. Now there?s a browser extension that lets you encode those >images with secret, hard-to-detect messages. that's two different properties... if the stego message has been encrypted before it is embedded then if the key is long enough then it is likely to stay secret. If "too much" data is embedded then it will be detectable by one of a number of methods (real pictures have various statistical properties that are disrupted by the embedding of what is effectively "noise"). There's a vast literature on this, good starting place is Jessica Fridrich's work: http://www.ws.binghamton.edu/fridrich/ >?The goal of this research was to demonstrate that JPEG steganography can >be performed on social media where it has previously been impossible,? >Campbell-Moore tells Danger Room. He says he spent about two months spread >out over the last year working on the extension as a research project for >the university. Embedding short messages into media that will survive transforms is called "watermarking" and there is a large literature on that as well! The initial robustness scheme called StirMark dates from 1997 http://www.petitcolas.net/fabien/watermarking/stirmark/ and since this is usually successfully passed, there have been later proposals such as CheckMark which add more transforms. The particular proposal here seems to have been specifically designed to survive Facebook's transform rather than to survive more general changes to the image. >It wasn?t easy developing the extension. ?Many tools for steganography in >JPEGs have existed in the past although they have always required that the >images are transmitted exactly as they are,? Campbell-Moore says. His draft paper is at https://dl.dropboxusercontent.com/u/6853624/secretbook-draft-1.pdf it contains no references to other work at present, so it's not possible to see whether or not he has encountered the papers that might disabuse him of this exact statement :( >If you?ve encoded a secret message in the image, Facebook will garble >it. Facebook competitor Google+ doesn?t do this, so you can share >encoded messages there without needing an app for it. An important reason for processing the images is that this prevents people installing malicious images on their pages which will compromise visitors whose graphic display software contains security flaws! I fully expect [but have not tested] that Google+ does do some manipulations to avoid this ! -- richard Richard Clayton They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. Benjamin Franklin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 185 bytes Desc: not available URL: From igb at batten.eu.org Thu Apr 11 22:57:23 2013 From: igb at batten.eu.org (Ian Batten) Date: Thu, 11 Apr 2013 22:57:23 +0100 Subject: =?windows-1252?Q?Re=3A_=91Secretbook=92_Lets_You_Encode_Hidden_M?= =?windows-1252?Q?essages_in_Your_Facebook_Pics?= In-Reply-To: References: Message-ID: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org> On 11 Apr 2013, at 11:56, Richard Clayton wrote: > > The particular proposal here seems to have been specifically designed to > survive Facebook's transform rather than to survive more general changes > to the image. Which is an endless arms race, of course. If Facebook, or people who might lean on Facebook, decide to perturb pictures in such a way that steganography is corrupted, then there are a limitless number of ways that might be done. Especially if the photographs are assumed to only be displayed on screen, rather than used for critical editing and enlarged printing. You can propose a method of steganography which passes today's transformation, and as soon as the method is out there, the transformation can be changed to break it. What would be interesting, but a rather more substantial piece of work (to put it mildly), would be a technique which is demonstrably robust in the face of any transformation which preserves specific properties of the image, while also being undetectable in the same use. Rather than being proof against particular transformations, it would be proof against all transformations other than those which visibly break the images. That would break the cycle of the arms race. ian From ben at liddicott.com Fri Apr 12 00:01:34 2013 From: ben at liddicott.com (Ben Liddicott) Date: Fri, 12 Apr 2013 00:01:34 +0100 Subject: =?windows-1252?Q?Re=3A_=91Secretbook=92_Lets_You_Encode_Hidden_Messages?= =?windows-1252?Q?_in_Your_Facebook_Pics?= In-Reply-To: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org> References: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org> Message-ID: That isn't possible, up to a limit. Proof is that any such transformation can carry only a limited number of bits of data. Therefore any steganographic message can be destroyed by a transformation using the same stego technique to embed a different message of sufficient length. The limit is that the technique cannot destroy parts of the image that humans care about, which is by definition limited to things which are noticeable - at which point it is arguably no longer steganography. If Facebook were to do such a thing as a matter of policy, secret messages would be limited to such things as gang signs and T-shirt slogans. Cheers, Ben On 11 Apr 2013 22:58, "Ian Batten" wrote: > > On 11 Apr 2013, at 11:56, Richard Clayton wrote: > > > > The particular proposal here seems to have been specifically designed to > > survive Facebook's transform rather than to survive more general changes > > to the image. > > Which is an endless arms race, of course. If Facebook, or people who > might lean on Facebook, decide to perturb pictures in such a way that > steganography is corrupted, then there are a limitless number of ways that > might be done. Especially if the photographs are assumed to only be > displayed on screen, rather than used for critical editing and enlarged > printing. You can propose a method of steganography which passes today's > transformation, and as soon as the method is out there, the transformation > can be changed to break it. > > What would be interesting, but a rather more substantial piece of work (to > put it mildly), would be a technique which is demonstrably robust in the > face of any transformation which preserves specific properties of the > image, while also being undetectable in the same use. Rather than being > proof against particular transformations, it would be proof against all > transformations other than those which visibly break the images. That > would break the cycle of the arms race. > > ian > -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Fri Apr 12 03:22:09 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Fri, 12 Apr 2013 03:22:09 +0100 Subject: =?windows-1252?Q?=91Secretbook=92_Lets_You_Encode_Hi?= =?windows-1252?Q?dden_Messages_in_Your_Facebook_Pics?= In-Reply-To: References: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org> Message-ID: <51676FD1.2000805@zen.co.uk> On 12/04/13 00:01, Ben Liddicott wrote: > That isn't possible, up to a limit. Proof is that any such > transformation can carry only a limited number of bits of data. > Therefore any steganographic message can be destroyed by a > transformation using the same stego technique to embed a different > message of sufficient length. That proof doesn't work - the choice of which message/image to send can be significant. There is, in real life, no such thing as the entropy of a message - it depends on context, and like physical entropy, only the entropy of the entire system has meaning. Consider one bit - it may be an error, it may be "one sugar please", it may be the press of the button which launches a nuclear attack. It depends on what the bit is connected to. As we don't know the whole system - parts of it, eg a codebook to translate message choice to hidden message, are hidden from us - we can't talk about the entropy of the image in a meaningful way. > The limit is that the technique cannot destroy parts of the image that > humans care about, which is by definition limited to things which are > noticeable - at which point it is arguably no longer steganography. -- Peter Fairbrother From igb at batten.eu.org Sun Apr 14 08:16:18 2013 From: igb at batten.eu.org (Ian Batten) Date: Sun, 14 Apr 2013 08:16:18 +0100 Subject: =?windows-1252?Q?Re=3A_=91Secretbook=92_Lets_You_Encode_Hidden_M?= =?windows-1252?Q?essages_in_Your_Facebook_Pics?= In-Reply-To: References: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org> Message-ID: On 12 Apr 2013, at 00:01, Ben Liddicott wrote: > That isn't possible, up to a limit. Proof is that any such transformation can carry only a limited number of bits of data. Therefore any steganographic message can be destroyed by a transformation using the same stego technique > > That would rely on Facebook knowing the stego technique and any associated keys. If it's keyed (ie, Alice and Bob share a key from which they can derive a small subset of the pixels in the image which contain the message), then how can the attacker overwrite that message? The key would denote some small number of bits, drawn from potentially all the bits in the image. The attacker can choose some random key and insert a message using that, but if a key identifies some fraction F of the image, adding another message with an independent key would overwrite F of the first message. As F will typically be small, simple error correction will suffice. Facebook could attack this technique by dithering the whole image. But I suspect that you can perturb a small number of pixels more than all the bits, so the degradation caused by dithering all the bits sufficiently to extinguish information encoded in any subset of those bits would be visually unacceptable. ian -------------- next part -------------- An HTML attachment was scrubbed... URL: From igb at batten.eu.org Wed Apr 17 11:18:15 2013 From: igb at batten.eu.org (Ian Batten) Date: Wed, 17 Apr 2013 11:18:15 +0100 Subject: 3D Secure / Verified By Visa Message-ID: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Does anyone know more about how it currently works than Wikipedia and Murdoch and Anderson 2010 [1] and high-level descriptions for application writers [2]? Originally, it took you to an iFrame which prompted you for a password you had previously agreed with the issuer. Later, for me at least (Lloyds TSB) it instead put up the Verified by Visa or its Mastercard equivalent logo, said it was authenticating, and then immediately succeeded. I assumed, without checking, that it had dropped a random cookie which the issuer regarded as sufficient proof the card hadn't been stolen. Not ideal, but better than nothing, and avoids having to type the password. This morning, I used my credit card for a transaction in my wife's name, because my wife's card had been declined [3]. It was a non-trivial amount of money to a website I have never used before, but which Sue uses regularly for small transactions. This transaction was probably two orders of magnitude greater than any previous one. Our credit cards are separate accounts. I was using her web browser while logged in to her account. My card went straight through, without asking for a 3DS password. To which I say, huh? What state is there in a random user account on an OSX machine which allows it to assert that it's me? What are 3DS checking? ian [1] http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf [2] http://www.web-merchant.co.uk/3dsecure.asp [3] Itself an interesting point. We suspect that as we use my card for making large online purchases, I've built up a history of doing "that sort of thing", while Sue hasn't. Alternatively, if you do a lot of transactions of size x with a merchant, a transaction of size 100x might scream "insider fraud with stored credentials", while a first-time transaction of the same size doesn't raise the same concern. From nigel at dotdot.it Wed Apr 17 12:50:02 2013 From: nigel at dotdot.it (Nigel Metheringham) Date: Wed, 17 Apr 2013 12:50:02 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: <516E8C6A.5060405@dotdot.it> I don't know any real details of how it works, however, from observation:- 1. They are not using any long lasting cookies to determine whether or not to prompt for a password [I dump all cookies when the browser closes, and never keep one open for more than a day] 2. Different card issuers do different things. One of mine almost never seems to want a password - it just bounces through the page. Another, when I use it (which I haven't for a while) always wants a password. Amusingly the second card provider there, who I am tempted to name, has recently rolled out a new management website for cardholders. The entire setup strikes me as being intended to look really secure without giving any thought to how it works or balancing convenience against sheer bloody mindedness. If they were designing mediaeval weaponry, their swords would be sharp all over, not just at the business end! Nigel. -- [ Nigel Metheringham ------------------------------ nigel at dotdot.it ] [ Ellipsis Intangible Technologies ] From lists at internetpolicyagency.com Wed Apr 17 12:52:34 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Wed, 17 Apr 2013 12:52:34 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: <4CgXCJPC0obRFAQK@perry.co.uk> In article <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724 at batten.eu.org>, Ian Batten writes >Does anyone know more about how it currently works than Wikipedia and Murdoch and Anderson 2010 [1] and high-level descriptions for application >writers [2]? > >Originally, it took you to an iFrame which prompted you for a password you had previously agreed with the issuer. Later, for me at least >(Lloyds TSB) it instead put up the Verified by Visa or its Mastercard equivalent logo, said it was authenticating, and then immediately >succeeded. I assumed, without checking, that it had dropped a random cookie which the issuer regarded as sufficient proof the card hadn't been >stolen. Not ideal, but better than nothing, and avoids having to type the password. > >This morning, I used my credit card for a transaction in my wife's name, because my wife's card had been declined [3]. It was a non-trivial >amount of money to a website I have never used before, but which Sue uses regularly for small transactions. This transaction was probably two >orders of magnitude greater than any previous one. Our credit cards are separate accounts. I was using her web browser while logged in to >her account. My card went straight through, without asking for a 3DS password. > >To which I say, huh? What state is there in a random user account on an OSX machine which allows it to assert that it's me? What are 3DS >checking? It seems to work differently for different cards. For example, one of my cards is used regularly (at least once a week on average) to buy train tickets costing small amounts (maybe ?30 average) from a nationalised rail company's website (so presumably fairly trustworthy). It never fails to ask me for the Verified by Visa information. Another card, on the other hand, has never asked me to do VbV, and isn't even enrolled, even for one-off transactions with new vendors. They briefly wanted transactions to be verified with a keypad, but gave it up soon after. -- Roland Perry From pwt at iosis.co.uk Wed Apr 17 13:14:44 2013 From: pwt at iosis.co.uk (Peter Tomlinson) Date: Wed, 17 Apr 2013 13:14:44 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: <516E9234.4020401@iosis.co.uk> I have two Visa debit cards, different banks. One of them is with HSBC, which uses Verified by Visa, and most (imaybe all) online transactions trigger the password process. The other is with a bank that is also UK situated and long standing [1], and transactions trigger the V by V screen and box, but its content is blank, it very quickly disappears, and then the transaction completes - mysterious. This isn't because I use one card for one set of merchants and the other for another set, or because I restrict which card I choose according to transaction value - I don't differentiate like that. And, after reading Murdoch and Anderson, I can report that I have never received a message 'impersonating the ADS form to ask for banking details'. Peter [1] I'm not stating which, in case anyone reading this is interesting in attacking such a bank On 17/04/2013 11:18, Ian Batten wrote: > Does anyone know more about how it currently works than Wikipedia and Murdoch and Anderson 2010 [1] and high-level descriptions for application writers [2]? > > Originally, it took you to an iFrame which prompted you for a password you had previously agreed with the issuer. Later, for me at least (Lloyds TSB) it instead put up the Verified by Visa or its Mastercard equivalent logo, said it was authenticating, and then immediately succeeded. I assumed, without checking, that it had dropped a random cookie which the issuer regarded as sufficient proof the card hadn't been stolen. Not ideal, but better than nothing, and avoids having to type the password. > > This morning, I used my credit card for a transaction in my wife's name, because my wife's card had been declined [3]. It was a non-trivial amount of money to a website I have never used before, but which Sue uses regularly for small transactions. This transaction was probably two orders of magnitude greater than any previous one. Our credit cards are separate accounts. I was using her web browser while logged in to her account. My card went straight through, without asking for a 3DS password. > > To which I say, huh? What state is there in a random user account on an OSX machine which allows it to assert that it's me? What are 3DS checking? > > ian > > [1] http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf > > [2] http://www.web-merchant.co.uk/3dsecure.asp > > [3] Itself an interesting point. We suspect that as we use my card for making large online purchases, I've built up a history of doing "that sort of thing", while Sue hasn't. Alternatively, if you do a lot of transactions of size x with a merchant, a transaction of size 100x might scream "insider fraud with stored credentials", while a first-time transaction of the same size doesn't raise the same concern. > From chl at clerew.man.ac.uk Wed Apr 17 19:06:20 2013 From: chl at clerew.man.ac.uk (Charles Lindsey) Date: Wed, 17 Apr 2013 19:06:20 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: On Wed, 17 Apr 2013 11:18:15 +0100, Ian Batten wrote: > Does anyone know more about how it currently works than Wikipedia and > Murdoch and Anderson 2010 [1] and high-level descriptions for > application writers [2]? > > Originally, it took you to an iFrame which prompted you for a password > you had previously agreed with the issuer. Later, for me at least > (Lloyds TSB) it instead put up the Verified by Visa or its Mastercard > equivalent logo, said it was authenticating, and then immediately > succeeded. I assumed, without checking, that it had dropped a random > cookie which the issuer regarded as sufficient proof the card hadn't > been stolen. Not ideal, but better than nothing, and avoids having to > type the password. I am usually taken to the Natwest/RBS VBY page, and there I am always expected to divulge my password (or part of it, Natwest et al don#t ask for a full password, presumably to avoid replay attacks). However, the VBY page always appears like part of the Merchant's page, so how easy would it be for the Merchant to put up a fake VBV page, and then use it in a man-in-the-middle attack? -- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Web: http://www.cs.man.ac.uk/~chl Email: chl at clerew.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5 From ben at liddicott.com Wed Apr 17 21:38:23 2013 From: ben at liddicott.com (Ben Liddicott) Date: Wed, 17 Apr 2013 21:38:23 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <516E9234.4020401@iosis.co.uk> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> <516E9234.4020401@iosis.co.uk> Message-ID: <516F083F.8070205@liddicott.com> After reaching the point where I had four VBV logins, and noting that the only thing I had to do to create a new one, and for the transaction to succeed, was give my DOB, I decided it was a complete waste of time. I phoned my bank and told them that I didn't want to use it any more, as I considered it worthless from a security point of view and if anything an increased risk, and if they made me use it I would change banks. They said it was not possible to opt me out. However immediately afterwards I found that I was no longer required to use it - I just got the VBV screen which immediately approved, as you describe. That doesn't mean I don't deal with 3d secure though. It means that I keep getting "fraud calls" from them whenever I make a purchase from Amazon, and every Christmas. I have explained that: * Amazon put purchases of multiple items through as multiple small purchases - surely you know that!!! (this issue seems to have gone away now, about a year ago). * People make otherwise unusual purchases at Christmas - yes, and to unusual delivery addresses. * I have no idea who that merchant account with the generic name in Canada is but that doesn't mean I didn't make the purchase! What was the trading name? What did I buy? How do you expect me to connect Secure Trading And Whutevar Ltd (a payment processor) with my actual purchase? Just my tuppence. Cheers, Ben On 17/04/2013 13:14, Peter Tomlinson wrote: > I have two Visa debit cards, different banks. One of them is with > HSBC, which uses Verified by Visa, and most (imaybe all) online > transactions trigger the password process. The other is with a bank > that is also UK situated and long standing [1], and transactions > trigger the V by V screen and box, but its content is blank, it very > quickly disappears, and then the transaction completes - mysterious. > This isn't because I use one card for one set of merchants and the > other for another set, or because I restrict which card I choose > according to transaction value - I don't differentiate like that. > > And, after reading Murdoch and Anderson, I can report that I have > never received a message 'impersonating the ADS form to ask for > banking details'. > > Peter > > [1] I'm not stating which, in case anyone reading this is interesting > in attacking such a bank > > On 17/04/2013 11:18, Ian Batten wrote: >> Does anyone know more about how it currently works than Wikipedia and >> Murdoch and Anderson 2010 [1] and high-level descriptions for >> application writers [2]? >> >> Originally, it took you to an iFrame which prompted you for a >> password you had previously agreed with the issuer. Later, for me at >> least (Lloyds TSB) it instead put up the Verified by Visa or its >> Mastercard equivalent logo, said it was authenticating, and then >> immediately succeeded. I assumed, without checking, that it had >> dropped a random cookie which the issuer regarded as sufficient proof >> the card hadn't been stolen. Not ideal, but better than nothing, >> and avoids having to type the password. >> >> This morning, I used my credit card for a transaction in my wife's >> name, because my wife's card had been declined [3]. It was a >> non-trivial amount of money to a website I have never used before, >> but which Sue uses regularly for small transactions. This transaction >> was probably two orders of magnitude greater than any previous one. >> Our credit cards are separate accounts. I was using her web browser >> while logged in to her account. My card went straight through, >> without asking for a 3DS password. >> >> To which I say, huh? What state is there in a random user account on >> an OSX machine which allows it to assert that it's me? What are 3DS >> checking? >> >> ian >> >> [1] http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf >> >> [2] http://www.web-merchant.co.uk/3dsecure.asp >> >> [3] Itself an interesting point. We suspect that as we use my card >> for making large online purchases, I've built up a history of doing >> "that sort of thing", while Sue hasn't. Alternatively, if you do a >> lot of transactions of size x with a merchant, a transaction of size >> 100x might scream "insider fraud with stored credentials", while a >> first-time transaction of the same size doesn't raise the same concern. >> > > From ben at liddicott.com Wed Apr 17 21:44:57 2013 From: ben at liddicott.com (Ben Liddicott) Date: Wed, 17 Apr 2013 21:44:57 +0100 Subject: =?windows-1252?Q?=91Secretbook=92_Lets_You_Encode_Hi?= =?windows-1252?Q?dden_Messages_in_Your_Facebook_Pics?= In-Reply-To: References: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org>

Message-ID: <516F09C9.6080603@liddicott.com> Firstly, I don't think anyone is suggesting that Facebook are actually trying to prevent people sending secret messages. They just want to optimise bandwidth away from meaningless chatter and towards advertising, and compressing the images is purely incidentally preventing some steganographic techniques from working. I am pretty sure you could send quite long messages purely as variations in the use and misspelling of non-words like Lollzr! and how many exclamation marks are used. A technique which is hidden only from casual inspection is one thing, and I don't think really qualifies as steganography, it's more like a dead drop - if you look for it you will find it. Such techniques can be erased simply by looking for the message and then deleting it purposely. So the discussion is about techniques which are not detectable even if you suspect they are there and if you know the algorithm. On 14/04/2013 08:16, Ian Batten wrote: > > On 12 Apr 2013, at 00:01, Ben Liddicott > wrote: > >> That isn't possible, up to a limit. Proof is that any such >> transformation can carry only a limited number of bits of data. >> Therefore any steganographic message can be destroyed by a >> transformation using the same stego technique >> >> > That would rely on Facebook knowing the stego technique and any > associated keys. Indeed, it's assumed that Oscar knows the library of available techniques. > If it's keyed (ie, Alice and Bob share a key from which they can > derive a small subset of the pixels in the image which contain the > message), then how can the attacker overwrite that message? The key > would denote some small number of bits, drawn from potentially all the > bits in the image. The attacker can choose some random key and insert > a message using that, but if a key identifies some fraction F of the > image, adding another message with an independent key would overwrite > F of the first message. As F will typically be small, simple error > correction will suffice. In the presence of a given level of redundancy, the number of bits Oscar would have to store in any given image in order to erase the message is left as an exercise to the reader. > > Facebook could attack this technique by dithering the whole image. > But I suspect that you can perturb a small number of pixels more than > all the bits, so the degradation caused by dithering all the bits > sufficiently to extinguish information encoded in any subset of those > bits would be visually unacceptable. > Do you think you can perturb a small number of pixels enough to withstand an erasure attack, without those pixels becoming detectable as a hidden message, and thereby defeating the purpose of steganography? Oscar can perturb the image as much as he likes provided it isn't noticeable to a human - and if it's noticeable to a human it isn't steganography. -------------- next part -------------- An HTML attachment was scrubbed... URL: From zenadsl6186 at zen.co.uk Thu Apr 18 00:48:10 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 18 Apr 2013 00:48:10 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: <516F34BA.6010803@zen.co.uk> On 17/04/13 19:06, Charles Lindsey wrote: > On Wed, 17 Apr 2013 11:18:15 +0100, Ian Batten wrote: > >> Does anyone know more about how it currently works than Wikipedia and >> Murdoch and Anderson 2010 [1] and high-level descriptions for >> application writers [2]? >> >> Originally, it took you to an iFrame which prompted you for a password >> you had previously agreed with the issuer. Later, for me at least >> (Lloyds TSB) it instead put up the Verified by Visa or its Mastercard >> equivalent logo, said it was authenticating, and then immediately >> succeeded. I assumed, without checking, that it had dropped a random >> cookie which the issuer regarded as sufficient proof the card hadn't >> been stolen. Not ideal, but better than nothing, and avoids having to >> type the password. > > I am usually taken to the Natwest/RBS VBY page, and there I am always > expected to divulge my password (or part of it, Natwest et al don#t ask > for a full password, presumably to avoid replay attacks). > > However, the VBY page always appears like part of the Merchant's page, > so how easy would it be for the Merchant to put up a fake VBV page, and > then use it in a man-in-the-middle attack? > Extremely easy. I hear VBV have a something on the page by which you can tell it's from them, but an attacker can get that very easily and put it on the fake page he sends you. One things is, can an attacker use it to defraud you/the banks, and actually get away with some ill-gotten cash? Difficult, but probably not impossible. I haven't heard of it happening. I just click the "no thanks" button. Never registered, registering doesn't do anything for me. -- Peter Fairbrother From roger at hayter.org Wed Apr 17 22:31:51 2013 From: roger at hayter.org (Roger Hayter) Date: Wed, 17 Apr 2013 22:31:51 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <516F083F.8070205@liddicott.com> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> <516E9234.4020401@iosis.co.uk> <516F083F.8070205@liddicott.com> Message-ID: <7F66EAC0-FB3F-4930-8293-10A32BD3BA06@hayter.org> -- Roger Hayter On 17 Apr 2013, at 21:38, Ben Liddicott wrote: > After reaching the point where I had four VBV logins, and noting that the only thing I had to do to create a new one, and for the transaction to succeed, was give my DOB, I decided it was a complete waste of time. I phoned my bank and told them that I didn't want to use it any more, as I considered it worthless from a security point of view and if anything an increased risk, and if they made me use it I would change banks. They said it was not possible to opt me out. > > However immediately afterwards I found that I was no longer required to use it - I just got the VBV screen which immediately approved, as you describe. > > That doesn't mean I don't deal with 3d secure though. It means that I keep getting "fraud calls" from them whenever I make a purchase from Amazon, and every Christmas. I have explained that: > > * Amazon put purchases of multiple items through as multiple small purchases - surely you know that!!! (this issue seems to have gone away now, about a year ago). > * People make otherwise unusual purchases at Christmas - yes, and to unusual delivery addresses. > * I have no idea who that merchant account with the generic name in Canada is but that doesn't mean I didn't make the purchase! What was the trading name? What did I buy? How do you expect me to connect Secure Trading And Whutevar Ltd (a payment processor) with my actual purchase? > > > Just my tuppence. > > Cheers, Ben > > On 17/04/2013 13:14, Peter Tomlinson wrote: >> I have two Visa debit cards, different banks. One of them is with HSBC, which uses Verified by Visa, and most (imaybe all) online transactions trigger the password process. The other is with a bank that is also UK situated and long standing [1], and transactions trigger the V by V screen and box, but its content is blank, it very quickly disappears, and then the transaction completes - mysterious. This isn't because I use one card for one set of merchants and the other for another set, or because I restrict which card I choose according to transaction value - I don't differentiate like that. >> >> And, after reading Murdoch and Anderson, I can report that I have never received a message 'impersonating the ADS form to ask for banking details'. >> >> Peter >> >> [1] I'm not stating which, in case anyone reading this is interesting in attacking such a bank >> >> On 17/04/2013 11:18, Ian Batten wrote: >>> Does anyone know more about how it currently works than Wikipedia and Murdoch and Anderson 2010 [1] and high-level descriptions for application writers [2]? >>> >>> Originally, it took you to an iFrame which prompted you for a password you had previously agreed with the issuer. Later, for me at least (Lloyds TSB) it instead put up the Verified by Visa or its Mastercard equivalent logo, said it was authenticating, and then immediately succeeded. I assumed, without checking, that it had dropped a random cookie which the issuer regarded as sufficient proof the card hadn't been stolen. Not ideal, but better than nothing, and avoids having to type the password. >>> >>> This morning, I used my credit card for a transaction in my wife's name, because my wife's card had been declined [3]. It was a non-trivial amount of money to a website I have never used before, but which Sue uses regularly for small transactions. This transaction was probably two orders of magnitude greater than any previous one. Our credit cards are separate accounts. I was using her web browser while logged in to her account. My card went straight through, without asking for a 3DS password. >>> >>> To which I say, huh? What state is there in a random user account on an OSX machine which allows it to assert that it's me? What are 3DS checking? >>> >>> ian >>> >>> [1] http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf >>> >>> [2] http://www.web-merchant.co.uk/3dsecure.asp >>> >>> [3] Itself an interesting point. We suspect that as we use my card for making large online purchases, I've built up a history of doing "that sort of thing", while Sue hasn't. Alternatively, if you do a lot of transactions of size x with a merchant, a transaction of size 100x might scream "insider fraud with stored credentials", while a first-time transaction of the same size doesn't raise the same concern. >>> >> >> > > > Just to add to diversity, two of my cards (different banks) always require a password when using Firefox in Windows, but the window disappears immediately and authorisation occurs when using Safari in OS X. My cookie policy is liberal in both. -- Roger Hayter From zenadsl6186 at zen.co.uk Thu Apr 18 01:23:46 2013 From: zenadsl6186 at zen.co.uk (Peter Fairbrother) Date: Thu, 18 Apr 2013 01:23:46 +0100 Subject: =?windows-1252?Q?=91Secretbook=92_Lets_You_Encode_Hi?= =?windows-1252?Q?dden_Messages_in_Your_Facebook_Pics?= In-Reply-To: <516F09C9.6080603@liddicott.com> References: <46808D8B-B01D-4824-B455-48F8943DEC18@batten.eu.org>

<516F09C9.6080603@liddicott.com> Message-ID: <516F3D12.7030706@zen.co.uk> On 17/04/13 21:44, Ben Liddicott wrote: > > Firstly, I don't think anyone is suggesting that Facebook are actually > trying to prevent people sending secret messages. They just want to > optimise bandwidth away from meaningless chatter and towards > advertising, and compressing the images is purely incidentally > preventing some steganographic techniques from working. I am pretty sure > you could send quite long messages purely as variations in the use and > misspelling of non-words like Lollzr! and how many exclamation marks are > used. > > A technique which is hidden only from casual inspection is one thing, > and I don't think really qualifies as steganography, it's more like a > dead drop - if you look for it you will find it. Such techniques can be > erased simply by looking for the message and then deleting it purposely. > So the discussion is about techniques which are not detectable even if > you suspect they are there and if you know the algorithm. There is a well-studied warden problem - the warden has two prisoners in seperate cells, and he wants them to exchange messages without any hidden content. Turns out it's impossible. Entropy (in the Shannon sense) is not the same as meaning. Entropy refers only to the probability of a particular selection being made from a set of possible selections. The selection which is actually made, the fact that a selection is made at all, the channel by which it is sent, the time it is made - all are information in the message which are not the entropy of the selection. You can do much the same analysis with Kolmogorov-Chaitin complexity as a measure of information, and come to the same conclusion - preventing hidden transfer of meaning is impossible, especially where the participants can prearrange a codebook between anything which is passed in the message. That said, imagine a "standard" Facebook picture has 360,000 bits of information (200 pixels by 100 pixels by 18 bits per pixel). That's 2^360k posible pictures. Now let's suppose 2^360 of those possible pictures are non-redundant. Alice posts one of those 2^360 non-redundant pictures - Bob now has 360 bits of information from Alice, the choice of which picture she posted. Also Bob knows when she posted it, and so on. In practice it is, of course, impossible to tell exactly whether a picture is non-redundant. I don't know who Oscar is in the rest your post - seems to be Facebook sometimes, Alice other times - but I will say that Facebook could change images so that they were detectably changed without that being steganography, only Alice can't introduce detectable changes Oh, and it's impossible for facebook to know every stego technique. -- Peter Fairbrother > > > On 14/04/2013 08:16, Ian Batten wrote: >> >> On 12 Apr 2013, at 00:01, Ben Liddicott > > wrote: >> >>> That isn't possible, up to a limit. Proof is that any such >>> transformation can carry only a limited number of bits of data. >>> Therefore any steganographic message can be destroyed by a >>> transformation using the same stego technique >>> >>> >> That would rely on Facebook knowing the stego technique and any >> associated keys. > > Indeed, it's assumed that Oscar knows the library of available techniques. >> If it's keyed (ie, Alice and Bob share a key from which they can >> derive a small subset of the pixels in the image which contain the >> message), then how can the attacker overwrite that message? The key >> would denote some small number of bits, drawn from potentially all the >> bits in the image. The attacker can choose some random key and insert >> a message using that, but if a key identifies some fraction F of the >> image, adding another message with an independent key would overwrite >> F of the first message. As F will typically be small, simple error >> correction will suffice. > > In the presence of a given level of redundancy, the number of bits Oscar > would have to store in any given image in order to erase the message is > left as an exercise to the reader. > >> >> Facebook could attack this technique by dithering the whole image. >> But I suspect that you can perturb a small number of pixels more than >> all the bits, so the degradation caused by dithering all the bits >> sufficiently to extinguish information encoded in any subset of those >> bits would be visually unacceptable. >> > Do you think you can perturb a small number of pixels enough to > withstand an erasure attack, without those pixels becoming detectable as > a hidden message, and thereby defeating the purpose of steganography? > > Oscar can perturb the image as much as he likes provided it isn't > noticeable to a human - and if it's noticeable to a human it isn't > steganography. From lists at internetpolicyagency.com Thu Apr 18 08:11:17 2013 From: lists at internetpolicyagency.com (Roland Perry) Date: Thu, 18 Apr 2013 08:11:17 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <516F083F.8070205@liddicott.com> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> <516E9234.4020401@iosis.co.uk> <516F083F.8070205@liddicott.com> Message-ID: In article <516F083F.8070205 at liddicott.com>, Ben Liddicott writes >* I have no idea who that merchant account with the generic name in >Canada is but that doesn't mean I didn't make the purchase! What was >the trading name? What did I buy? How do you expect me to connect >Secure Trading And Whutevar Ltd (a payment processor) with my actual >purchase? It's increasingly common when buying (eg) software licences or downloads online that the vendor makes a point of saying what obscurely named payment processor's name will appear on your bill (rather than theirs). -- Roland Perry From ian at cellar.org.uk Fri Apr 19 09:58:40 2013 From: ian at cellar.org.uk (Ian Hill) Date: Fri, 19 Apr 2013 09:58:40 +0100 Subject: 3D Secure / Verified By Visa In-Reply-To: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> References: <3AE8AEDF-AC64-4FAD-B2E3-22CCAB2D9724@batten.eu.org> Message-ID: On 17 April 2013 11:18, Ian Batten wrote: > Originally, it took you to an iFrame which prompted you for a password you had > previously agreed with the issuer. Later, for me at least (Lloyds TSB) it instead > put up the Verified by Visa or its Mastercard equivalent logo, said it was > authenticating, and then immediately succeeded. I assumed, without checking, > that it had dropped a random cookie which the issuer regarded as sufficient proof > the card hadn't been stolen. No that's not quite what's happening. What happens is this: 1. Merchant submits an initial request to their payment provider saying "I want to charge ?x to card Y" 2. Payment provider responds indicating that this card is covered by 3D secure. The response includes a short piece of javascript which the provider is obliged to present to the user. 3. Merchant does so and the user is directed to a 3D secure page hosted entirely by the bank. 4. It is up to the bank what to do next. Originally they all asked for some sort of password 5. Once the bank is happy it redirects you back to the merchant 6. The merchant submits a second request to the payment provider saying "I want to charge ?x to card Y and I'm pretty sure they've passed 3D secure" 7. Payment either progresses or fails. All that's changed in the last few years in my experience is what the banks are dong at step 4. They are now frequently not bothering to issue a password challenge and instead pass the stage automatically. My guess is that this allows the bank a real time opportunity to analyse the transaction against their fraud protection systems. It's not even slightly about authenticating you. See, for example, LloydsTSB's page on the subject which says: "The service will assess each transaction and either verify it automatically or, in some cases, ask you for some further information to help us verify the payment. " http://www.lloydstsb.com/debit_cards/clicksafe.asp So when you don't get asked for a password that's everything to do with your bank and nothing to do with cookies etc local to you. As I understand it :-) Cheers, Ian -- Ian Hill ian at cellar.org.uk