April 13th, 2003, 05:45 PM
Steganography article on SecurityFocus
There is a new article on SecurityFocus that provides a pretty good basic introduction and overview into what steganography is and how it works.
I am no steganography expert so I can't speak to the validity of this statement:
While we are discussing it in terms of computer security, steganography is really nothing new, as it has been around since the times of ancient Rome. For example, in ancient Rome and Greece, text was traditionally written on wax that was poured on top of stone tablets. If the sender of the information wanted to obscure the message - for purposes of military intelligence, for instance - they would use steganography: the wax would be scraped off and the message would be inscribed or written directly on the tablet, wax would then be poured on top of the message, thereby obscuring not just its meaning but its very existence
Is that accurate? Are there no tools or techniques currently to detect information hidden using steganography? If so, why? Is it not possible, or has it just not caught on yet? Could this be an area for security firms to jump on as the next big wave in security?
Unfortunately, all of the methods mentioned above can also be used to hide illicit, unauthorized or unwanted activity. What can you do to prevent or detect issues with stego? There is no easy answer. If someone has decided to hide their data, they will probably be able to do so fairly easily. The only way to detect steganography is to be actively looking for in specific files, or to get very lucky.
The article also has some links to other steganography information.