- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Where would you hide something if you never wanted it to be found? In plain sight, of course. (A familiar idea if you’ve ever read Edgar Allan Poe’s The Purloined Letter -- or, for that matter, misplaced your TV remote.) “Hiding in plain sight” is the principle behind one of the most exciting -- and controversial -- fields in computer security: steganography.
In steganography, secret information is embedded within routine, apparently innocuous communications of any kind -- JPEGs of your vacation photos, MP3 music files, you name it. Since nobody’s looking there, your message passes undetected, no matter how closely you’re being watched.
How does it work? How would you use it? How would you detect it if someone were using it against you? Those are the subjects of Hiding in Plain Sight by Eric Cole.
Cole is one of the field’s leading experts -- in fact, his doctoral dissertation covers stego. His security career has taken him from the SANS Institute (where he served as Director of the Cyber Defense Initiative) to the CIA (where he identified security holes in the agency’s Web servers, earning several “Exceptional Performance Awards” along the way). Who better to explain state-of-the-art security technologies to you?
It’s often been speculated that the 9/11 terrorists used stego. Nobody’s sure, but here’s Cole’s educated opinion: “I believe the terrorists did use stego because they had the technical savvy, the money, access to the technology, and images to hide data in. Perhaps most importantly, they had not only the means, but the motive for hiding information.” Possibly an even better reason to suspect Al Qaeda’s use of stego is that, based on Cole’s research, it’s used far more widely than most people imagine.
In Hiding in Plain Sight, Cole begins by placing stego in historical and technological context, and then explaining how it works, in simple English. He then explains today’s least ominous and most widespread application of steganography: digital watermarking. Next, you’ll dive more deeply into this “hidden realm,” understanding traditional insertion-based, algorithmic-based, and grammar-based forms of steganography, as well as newer substitution- and generation-based approaches.
Cole offers step-by-step instructions for utilizing S-Tools, stego software that will both encrypt your message and embed it into files for you. He then introduces a wide variety of stego tools -- including Hide and Seek, Jsteg, EZ-Stego, Image Hide, Digital Picture Envelope, Camouflage, Gif Shuffle, and Spam Mimic. If you’re a programmer, you’ll appreciate his detailed coverage of “rolling your own” stego software for embedding messages in everything from WAV audio files to HTML white space. He also presents a full chapter on sending stego files across a network (including techniques hiding data in email attachments -- or even IP and TCP message headers).
The book’s final section offers detailed techniques for identifying and cracking stego -- including ways to recognize files coded with each of the leading stego tools. Cole concludes by presenting high-level security strategies that take stego into account. If you’re a security professional, you need to know about this stuff. Even if you’re not, you may still want to read this book, just for the sheer fascination of it. Bill Camarda
Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2000 and Upgrading & Fixing Networks for Dummies, Second Edition.