Joe King wrote:

Something called "Stenography" and malicious hackers have known about this for
ages.

Tracker

http://story.news.yahoo.com/news?tmp...=1&u=/nm/20031
225/tc_nm/security_saudi_disks_dc

How did they hide the files?

Insufficient information to come to a conclusion.

Dave



"Joe King" <jking@mindzpring.net> wrote in message
news:dmOGb.9798$IM3.3396@newsread3.news.atl.earthl ink.net...
| http://story.news.yahoo.com/news?tmp...=1&u=/nm/20031
| 225/tc_nm/security_saudi_disks_dc
|
| How did they hide the files?
|
|

"Tracker" <"snailmail222000(valid)"@yahoo.com> wrote in message
news:3FEB954B.1C2078E7@yahoo.com...
And exactly how would /you/ know about the method used?

From the story text, the file could simply have the hidden attribute set
(something that non-malicious-hackers have known about for probably longer
than some less-informed people have been stealing oxygen from the rest of
us).

Other blatantly obvious things include "hiding" it in a subdirectory,
"hiding" it in a /hidden/ subdirectory, placing it as a randomly-named
document, chopping it into pieces and using a tool/binary copy to put it
back together, placing it on a different session on the CD, renaming the
extension, ZIPping/similar with a password and renaming the extension,
placing it as an OLE attachment into something else, binary-formatting as
text (e.g. base 64 with no header/footer), encoding into specific blocks,
encoding into an executable (e.g. using Windows Resources or simply
selecting a given block-boundary) and so on (I got bored of typing.. ;o)

Then, of course, there's stenography. The most famous technique is, I'd say,
Pitman Shorthand (which fell out of common use not long after the invention
of the Word Processor).

/Steganography/, OTOH, is not only a completely different word but also an
encryption technique, where one hides a message inside something else
(famously as noise in an image).

So, let's see.. given the subject, I'd say that the minimum useful amount of
information would be two images, 800x600/256-greyscale, about 1:6 GIF
compression and about 10k of text. Which would come to around 170kB.
Assuming no more than 1% noise (which, TBH, sounds a bit high to me), we
need a 17MB image.

Hmm. Sounds a bit like trying to hide an elephant in an ashtray.

--

Hairy One Kenobi

Disclaimer: the opinions expressed in this opinion do not necessarily
reflect the opinions of the highly-opinionated person expressing the opinion
in the first place. So there!

Leythos wrote:

Have you ever heard of a Man-In-The-Middle in Real Life? Well, this babe has and
it's not too hard to figure out how it works in "Real Life"; not this Virtual Life.
Thank You So Much for showing me how much I've learned over the past few years.
Hope your New Year is a Fantastic!

Tracker

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:XYZGb.10903$FN.474@newsfep4-winn.server.ntli.net...
<snip>

Sorry, Tracker - forgot to include the link:

http://www.31337.pl/start.php

H1K

Tracker <"snailmail222000(valid)"@yahoo.com> wrote in message news:<3FEB954B.1C2078E7@yahoo.com>...
heh, heh, heh....
.... oh that's too funny...
BAWHAHAHAHAHAHAHAHAHAHA...

http://story.news.yahoo.com/news?tmp...=1&u=/nm/20031

And exactly how would /you/ know about the method used?

IT’S TIME THE WORLD HEAR THESE METHODS OF COMPUTER HACKING AND THEY WILL HAVE TO
LEARN HOW TO DEAL WITH THEM.

Computer hacking deals with a few of the following issues:

1. Credit Card Fraud
2. Identity Theft
3. Encryption Methods
4. Stenography
5. Mules
6. Extortion
7. Cyberstalking
8. Trading of guns, bombs, denoting devices, child exploitation, drugs,
racketeering, money laundering by abusing innocent victim computers though some
of the methods mentioned in my book.

Other blatantly obvious things include "hiding" it in a subdirectory,
"hiding" it in a /hidden/ subdirectory, placing it as a randomly-named
document, chopping it into pieces and using a tool/binary copy to put it
back together, placing it on a different session on the CD, renaming the
extension, ZIPping/similar with a password and renaming the extension,
placing it as an OLE attachment into something else, binary-formatting as
text (e.g. base 64 with no header/footer), encoding into specific blocks,
encoding into an executable (e.g. using Windows Resources or simply
selecting a given block-boundary) and so on (I got bored of typing.. ;o)

You could be 100% correct on this issue!

Then, of course, there's stenography. The most famous technique is, I'd say,
Pitman Shorthand (which fell out of common use not long after the invention
of the Word Processor).
/Steganography/, OTOH, is not only a completely different word but also an
encryption technique, where one hides a message inside something else
(famously as noise in an image).
So, let's see.. given the subject, I'd say that the minimum useful amount of
information would be two images, 800x600/256-greyscale, about 1:6 GIF
compression and about 10k of text. Which would come to around 170kB.
Assuming no more than 1% noise (which, TBH, sounds a bit high to me), we
need a 17MB image.

You could be 100% correct on this issue! The person who already knows and has
the keys in their hands can decipher the world of "how to be a terrorist". Just
don’t let the government grab your computer or your dead in the water and so are
you conspirators.

BTW- Don’t worry about my words being used in this post since my name is already
on the "Red List".

Want to learn about keeping your computers secure, the Internet and how to stay
safe, visit:
geocities.com/hacking_internet_secrets

Tracker

"Tracker" <"snailmail222000(valid)"@yahoo.com> wrote in message
news:3FED1848.E926CADF@yahoo.com...
OK, then - I'll bite.

Your explanation was based on a false assumption, completely unfeasible, and
misspelt. Not that I generally have a go at the latter - it's easy to make a
spleling mistake, but in this case just showed your ignorance. Because
you've done it again. "Stenography" is shorthand, you pillock.

You're obviously trying to equate yourself with a "malicious hacker", which
is fine, I suppose - it's not as though there's a minimum IQ requirement or
an entrance exam.

OTOH, making such a glaring set of mistakes would make you, at best, an
incompetent would-be cracker - after all, even lamers have to be able to
type the name of a program!

<snip>

Nope, it doesn't. Hacking is the ability to hack (or cut) code at short
notice, in minimum time, and achieve an elegant result. Cracking invovles
getting something/into something that you shouldn't. Only two of the 12
things you list really have anything whatsoever to do with computing -
"mule" is the biggest laugh, as the whole point of being sneaky is to remove
the requirement.

Of course I can - you made a stupid assumption that doesn't stand up to
either scrutiny or the facts. I could also be wrong - there is insuffisient
data.

Oh dear. Have you ever thought of avoiding coffee and fizzy drinks? A twelve
year old could have made the same calculation, and come to the same
conclusion.

The "government" could, of course, attempt to "grab" my computer, although I
personally thing that they'd probably ring the door-bell, rather than
already have a set of my front door keys.

And if I'm a conspirator, then the conspiracy is /so/ secret that even I
don't know about it.

Surely the "Red-faced List"? Where people are too embarrassed to be
associated with you in public?

OK. So you've been spamming this for a while. Best take a look and write a
quick [impartial] review..

1. You're showing your [lack of] age when you refer to Google Newsgroups.
"DejaNews" would be much more kewl as a reference.

2. I also severely doubt that Google would have anything to do with cracking
your PC. What's the betting that, if I were to CC this posting to someone at
Google, you'd be sitting on a lawsuit within a fortnight?

3. A computer <> an IBM PC compatible.

4. Computers pre-date the 1980s.

5. I'd reread that chapter on "internet posting anonymously" again, if I
were you. Either that, or read-up on NNTP headers. And such an old box
you're using, and with so many security flaws..!

6. Traceroutes are not unique to an individual, just a specific route at a
specific time. It's kinda the point of IP.

7. Learn to use a spellchecker - that's "paedophile"

8. "Reverse Language" - is that playing a record backwards to get a message
from the Devil? Or is the book written in "reverse language", i.e. the
opposite of normal language (clear and useful communication)? Or have you
mixed-up with Reverse Polish Notation?

9. "SMTP Server Road Runner" - is this a Warner Brothers thing, or are you
devoting an entire chapter on how to type "nslookup -type=MX rr.com"?

10. "Why I believe malicious hackers have kept my computer systems alive" -
you /can/ upgrade, you know. And I'm sure that Microsoft's Win95 support
team would be less than impressed by the implication. OTOH, certain Linux
evangelists have been saying the same thing for years..

11. "If you tell me the country you reside in, research will be performed to
verify the Copyright Laws in your country"? Hint - it's normally on the
bottom line of the address. If it's just an electronic communication, you
might want to learn how to use WHOIS.

12. Posting you full name and address isn't very bright, particularly when
you've already said that you will check on someone first.

13. An EBook is a particular format, not an RTF file.

14. Getting free Usenet access from an old ISP account of yours (where your
details are still retained) isn't what I'd describe as "bright".
Particularly if you're intending something nasty. The word I would use is
"stupid".

15. If someone at your ISP said that it is impossible to remove trial time
on DSL accounts, then they're probably even less qualified than yourself.
OTOH, you believed them..

16. 50,000 customers doing this per day, per ISP? Tosh. If you remove your
head from whichever orifice it's currently inserted, you'd realise that the
vast majority of ISPs - numerically - have just 64k addresses to start with.

17. Oh dear. You really can't tell the difference between SMB and SMTP? Hmm.
How about TCP and a step-ladder? Is that easier?

18. DSL list is incomplete, inaccurate, and geographically parochial. And,
if it's so easy, why are you using dialup?

19. "On unlimited occasions then (sic) you could count"? "Unlimited" is a
*lot* of fingers..

20. "I could connect to the Internet with an e-mail address as many times as
I liked"? Most people use a modem, or some other form of hardware. Next up -
how to configure a Cisco PIX by standing on a telephone directory..

21. MSN charges per email sent? First I've heard.. although the Penny Black
proposal is sort-of similar.

22. A Trojan is not a VPN. They are very different - I suggest that you
either consult a dictionary, or talk to someone who knows what they are
talking about.

23. The majority of Trojans can be found. I'll give you the root-exploit
class, but..

24. Viruses and Worms can be quickly and easily located using something
called "Anti Virus" (the clue's in the name). They can also be stopped from
ever getting there (in the majority of cases) by simple "safe hex".

25. "Hackers disable your Daylight Savings Time"? Gasp. The sheer audacity.
Is noone safe? It'll bring the whole Western economy to its knees! (Sorry,
don't know what came over me there ;o) Still, as "secret weapons" go, it's
pretty unique - most weapons can be used to attack something.

26. There is no effective difference between Windows OEM versions and
Retail. Just the customisation (freely explained on MSDN, last time I
looked), and easily reversible. I suspect in your case that you got caught
by a Script Kiddie accessing a completely insecure system.

27. "If you play Yahoo Games, you may find yourself being kicked out of the
board your playing in" - I know how they feel. Try not saying anything, and
see if that helps.

28. "A browser application like Netscape, or Internet Explorer you use to ..
kill file certain individuals" - now /there's/ a thought. Not quite sure how
you'd manage to do that - sharpen the edge of the CD and inflict a nasty
cut?

29. Hackers have a thing against ferret owners? No, afraid that you've got
me on that one.

30. "I have seen a number of personal files modified 7-8 years before they
were even created"? Are you on medication, by any chance? OK, so VMS had the
command "dir/since=tomorrow", but what you appear to have there is a non-Y2k
version of Win95. Bet you've not seen a file with a date before 1980..

31. Hidden and Read-only files are very common in the non-hacking world.
Every NT-class machine has them. As do "several" CDs and other read-only
media. You can even get the same effect if you place some tape over the slit
in an eight-inch disk.

32. The NT boot loader does not, AFAIK, include a complete VPN installation.

33. Why export [a subset] of the registry when you can just read it in-situ?
Can't comment on the preceding paragraph because, basically, it didn't make
sense.

34. "You will have to turn your computer off by the power supply on a
regular basis". Ah. Now I see the source of many of your problems - you're
corrupting the hard drive by not following instructions. Soft shutdown good,
hard shutdown bad.

35. The next few paragraphs are "black helicopter" stuff - sounds like your
system's been compromised by a ten-year-old.

36. Wow. A port scan. Blocked by a firewall.

37. I'll try to be gentle with this one - someone port scanning does /not/
mean that the machine has been compromised. In fact, it means the exact
opposite.. do you regularly pay parking fines for cars you don't own?
(Seattle readers take note - she's published a postal address)

38. Your co-workers probably already know your name. If they don't then they
can always check your website.. there may be other reasons why they don't
talk to you all that much.

39. Private information is no longer private if you publish it to a public
place.

40. Only an idiot of an employer would stipulate the use of personal
e-mail - they're leaving themselves open to litigation. Mind you, this
sounds like a personal tale - /your/ employer is an idiot..?

41. There are authorities that can help in the event of stalking. Of course,
they might not be too impressed by someone publishing their address.. even a
PO box. Particularly when a quick scan reveals that name to be apparently
unique in Washington State.

42. That bit about posting from work also rings true as a personal story.
Weren't you saying something about how-to-anonymize, earlier? Plus, of
course, your employer (even if stupid) might be less than impressed about
you spending all of your day annoying people on the 'net, rather than
working.

43. Fake horoscopes, cured by Aspirin? Hi, I'm posting from Earth; the sky's
blue here - what's it on your planet?

Lots of mistakes to make in just one page of HTML, IMHO.

H1K

"Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
news:ynfHb.11249$526.74122@newsfep4-glfd.server.ntli.net...
<snip>

Must work on my proof-reading.. (

H1K

"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:ec4ruvcuqpubdss49j29sesd45mfuji61o@4ax.com...
That's the problem with jumping to conclusions.. it could all blow-up in
your face ;o)

H1K

"Tracker" <"snailmail222000(valid)"@yahoo.com> wrote in message
news:3FEC6BE1.4E4931A5@yahoo.com...
I imagine youve heard of piggie in the middle too havent you.
Spitroast anyone ?? eeewww

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Tracker" <"snailmail222000(valid)"@yahoo.com> wrote in message
news:3FED1848.E926CADF@yahoo.com...
BWHWHAHHAHAHAHAHAHAHAHA oh i nearly.... no wait, i HAVE pissed myself shit,
brb....
........ ok, lol, tracker, you provide us with such laughter. You clearly
dont know shit LOL

Binary is Base 64 LMFAO! , And word processing has fallen out of common use
BWAHHAHAHAHAHAHA,
And number 6.Mules, is that a new word for Trojan Horse or just summink you
made up.
Oh thank you, that has really brightened up my day.

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

"Mimic" <null@void.net> wrote in message
news:k4udnSKjGq49k3OiRVn-hA@brightview.com...
You put me off my dinner. :/

Regards,

Pete.

"Pete" <user@host.domain> wrote in message
news:bsl4pv.s8.1@terminalsurfer.dyndns.org...
muhahahahha ;D

--
Mimic

"Without Knowledge you have fear, With fear you create your own nightmares."
"There are 10 types of people in this world. Those that understand Binary,
and those that dont."
"C makes it easy to shoot yourself in the foot. C++ makes it harder, but
when you do, it blows away your whole leg"

get yer head out of your snatch babe ..... idiot terrorists dont use
stenography... it's too hard for them to spell much less use competently

your life is virtual life babe

we're all the real deal in real life
"Tracker" <"snailmail222000(valid)"@yahoo.com> wrote in message
news:3FEC6BE1.4E4931A5@yahoo.com...

Actually - There you are wrong. Al-Qaeda is using sophisticated coded messages hidden in
"plain sight".

You might have come across one and did not even know it.

Don't underestimate their sophistication of computer technology. Think "out of the box" !

Dave



"leftnutrzr" <admin@roNckOzoSnePraAdiMo.com> wrote in message
news:UiCJb.34098$tY5.31986@nwrdny01.gnilink.net...
| get yer head out of your snatch babe ..... idiot terrorists dont use
| stenography... it's too hard for them to spell much less use competently
|
| your life is virtual life babe

Jim:

I never stated steganography or stenography.

And since I don't want to take an extended vacation at Leavenworth Kansas, I won't go an
further in my statement.

Dave



"Jim Watt" <jimwatt@aol.no_way> wrote in message
news:n5ievvs1mjona7l4pkouhim5uemqticu14@4ax.com...
| On Sat, 03 Jan 2004 17:53:58 GMT, "David H. Lipman"
| <DLipman~nospam~@Verizon.Net> wrote:
|
| >Actually - There you are wrong. Al-Qaeda is using sophisticated coded messages hidden in
| >"plain sight".
|
| ah the lost art of stenography
|
| I understand that their operative from Bangkok was chosen for
| this becuase she had very small deliicate fingers. Sadly she
| took to the bottle and the result was a short hand thai pissed.
|
| None of this compares to the WMD in Iraq disguised
| as .... well if I told you I'd have to kill myself.
|
| However, al-Qa'eda are hiding their messages so effectivly
| how come you know?
| --
| Jim Watt http://www.gibnet.com