Wednesday, 29 August 2012

Hiding In Plain Sight

I recently wrote a short piece for the BBC Technology website in which I tried to explain why steganography (as opposed to cryptography) posed a very particualr threat.  Or least it might do.  The trouble is we don't really know, and the default position has been to assume that because we haven't discovered it being used en masse the threat is negligible.

For those who have been asking to learn more about steganography I would recommend beginning with the following sites:

  1. Wikipedia which in recent times has been updated with some really good introductory material on the subject including a bit about its history and the many forms it can take.
  2.  Dr Neil Johnson's introduction produced by a man who has been stduying teh subject for nearly 20 years and gives both introductory notes and some good further pointers to more advanced material.
  3. Dr Niels Provos site which is produced by someone I tned to thikn of as synonymous with the production of leading steganographic tools such as Outguess.
  4. SARC which is a centre of excellence for teh subject and holds a large database of tools and techniques in use.
  5. SANS reading room has a number of relatively recent papers discussing steganographic techniques and tools across a variety of digital media.
After that you really need to be looking at the text books. My personal favourites are:
  1. Digital Waternarking & Steganography by Shih from CRC Press
  2. Disappearing Cryptography by Wayner from MK
  3. Hiding in Plain Sight by Cole from Wiley