hidden data in internet published documents
play

Hidden Data in Internet Published Documents 2004-12-27 21. Chaos - PowerPoint PPT Presentation

Feb 03, 2024 •289 likes •1.16k views

Far More Than You Ever Wanted To Tell Hidden Data in Internet Published Documents 2004-12-27 21. Chaos Communication Congress 2004 Steven J. Murdoch & Maximillian Dornseif See http://md.hudora.de/presentations/#hiddendata-21c3 This

  1. Far More Than You Ever Wanted To Tell Hidden Data in Internet Published Documents 2004-12-27 21. Chaos Communication Congress 2004 Steven J. Murdoch & Maximillian Dornseif See http://md.hudora.de/presentations/#hiddendata-21c3 This Research was supported by the Carnegie Trust for the Universities of Scotland

  2. The Problem • Software we do not understand and trust • Complex data formats • We are not supposed to understand • or we are not willing to understand • Massive exchange of documents in this complex formats. • Covert channels everywhere! Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  3. Who we are • Cambridge Security Group - if you don’t know them you must have been living under a rock. • Laboratory for Dependable Distributed Systems at RWTH-Aachen University • Founded in late 2003 for theoretical & practical security research, topics include: • Security Education • Honeypot technology • Sensor Networks • Notable classes include “Hacker Seminar”, “Hacker Praktikum”, “Pen-Test Praktikum”, “Aachen Summerschool applied IT - Laboratory for Dependable Distributed Systems Security”, “Computer Forensics” • http://mail-i4.informatik.rwth-aachen.de/ mailman/listinfo/lufgtalk/ Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  4. Agenda • The MS Office Document problem • Problems with PDFs • So go for simple formats? • p0rn! • Never trust a girl named .jpeg Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  5. The MS Office Document Problem Monsterous!

  6. http://www.ntk.net/2002/04/19/treasurydoh.png Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  7. Tools to investigate • Antiword • Word 2, 6, 7, 97, 2000 and 2002 • http://www.winfield.demon.nl/ • catdoc & xls2csv • no support for OLE streams • http://www.45.free.net/~vitus/ice/catdoc/ • word2x • http://word2x.sourceforge.net/ Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  8. Laola • Laola “is a collection of documentations and perl programs dealing with binary file formats of Windows program documents.” • Contains • lclean - Laola Clean: “Saves the trash sections of e.g. Word 6, Word 7 or Excel documents to own files.” • ldat -Laola Display Authress Title: “Lists author, title, creation date and some other information sticked in a laola file. Gets printer information from Excel and Word files.” • lls - Laola List: “Lists the structure of a Laola document.” • Elser - “password resolving, macro decoding”. • Development ceased for 5 years. • http://www.cs.tu-berlin.de/~schwartz/pmh/index.html Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  9. wvWare • used by abiword • tested by kword • actively developed, but development lines are hard to understand: WordView, wv, wv2, wvWare ... • Tools • wvText, wvHtml • wvSummary, wvVersion http://wvware.sourceforge.net/ Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  10. WordDumper Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  11. Problems with PDFs A document exchange format is becoming a document editing format.

  12. PDF • Looks like an “open standard” ... • ... but very hard to decode in depth • Designed for document publishing distribution. • Very wide deployment • Adobe is pushing PDF as the default file format of their applications • The Problem of censorship / redaction Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  13. Redacted Documents • Documents where the public has “a right to know” ... • ... but contain confidential or private information • Or documents a party is forced to hand over to another party • Typical classes of documents: • court documents • public files Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  14. Who is using redaction? • The “legal community” • Historians • Journalists Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  15. Types of Redaction white text on white ground black boxes over text black boxes over graphics black text on black ground Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  16. Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  17. Legal Redaction Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  18. PDF Scrubbing Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  19. PDF Scrubbing Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  20. PDF Scrubbing Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  21. Removing Redactions • Methods • Very dependant on the amount of Adobe software you have at hand. • Copy black/white text on same ground • Copy text under black bars • Copy graphics under black bars • Remove overlaying graphics • Write your own tool Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  22. copy underlying text

  23. black text on black ground

  24. copy underlying graphics

  25. remove black bars

  26. just wait

  27. Coding your own • Strategy: • convert to Postscript • replace ‘box’ operators by NOOPs • (actually by poping the parameters to box into the bitbucket) • Problem: Real world postscript uses no boxes Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  28. 2204.84 5683.09 2.21 -63.26 1198.27 41.84 -2.21 63.26 -1198.27 -41.84 f* 1299.72 5515.11 2.21 -63.26 340.15 11.88 ^ ^ f* 1805 5374.75 2.21 -63.26 340.15 11.88 ^ ^ f* 2375.79 5245.32 2.21 -63.26 489.41 17.09 ^ ^ f* 2116.53 5081.14 2.21 -63.26 351.07 12.26 -2.21 63.26 -351.07 -12.26 f* 1833.88 4950.36 3.29 -94.24 1179.92 41.2 ^ ^ f* 2620.39 4798.75 2.21 -63.26 277.01 9.67 ^ ^ f* 5772.52 6352.31 2.21 -63.26 527.48 -12.31 ^ ^ f* 6151.04 8283.32 2.21 -63.26 705.89 19.75 ^ ^ f* /^{3 index neg 3 index neg}! /f*{P eofill}! /!{bind def}bind def /P{N 0 gt{N -2 roll moveto p}if}! /p{N 2 idiv{N -2 roll rlineto}repeat}! ... Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  29. Works! % pdf2ps washpost_sniperletter .pdf\ washpost_sniperletter .ps % perl -npe 's/ f\*$//;' \ < washpost_sniperletter.ps \ > washpost_sniperletter-\ unredacted.ps Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  30. Miserable Failure % pdf2ps 01.pdf 01.ps % perl -npe \ 's/^\d+ \d+ \d{3,10} \d+ rf$//' \ < 01.ps > 01-unredacted.ps Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  31. So go for simple formats? Simple things are easy to understand, aren’t they?

  32. Plain Text Formates bite • Mail/News headers • Signatures • Configuration files • HTML • META, Comments <img src=”c:\...\Jon Doe\My Documents\coolpix.jpg”> Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  33. Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  34. % curl -q http://www.affordablehairtransplants.com/robots.txt <?php header("Content-type: text/plain"); if (strstr($_SERVER["HTTP_USER_AGENT"],"lurp")) print "User- Agent: Slurp\nDisallow: /"; ?> Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  35. Girls named .jpeg

  36. The techtv moderator incident • Moderator adds picture to her weblog • People download it, archive it, view it with image browser • Picture was cropped, thumbnail remains uncropped • Male teenage geeks get totally mad Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  37. How did it happen? • Software glitch? • Widespread? • Desired behavior? • ... actually it is. Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  38. EXIF • JPEG works surprisingly fell considering that there is such e wide variety of JPEG standards and implementations. • EXIF is the standard way to store headers • Applications usually are leaving unknown EXIF headers (thumbnails?) untouched. • So we expect the problem to be quite widespread. Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  39. JPEG image data, EXIF standard 0.73, 10752 x 2048 JPEG image data, EXIF standard 0.77, "AppleMark", 42 x 0 JPEG image data, EXIF standard 0.77, 42 x 0 JPEG image data, JFIF standard 1.01, aspect ratio, 1 x 1 JPEG image data, JFIF standard 1.01, resolution (DPI), 180 x 180 JPEG image data, JFIF standard 1.02, resolution (DPI), 150 x 150 Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  40. Experimental Setup • Get as many images as possible from the Internet • Compare thumbnails to images Maximillian Dornseif • Laboratory for Dependable Distributed Systems

  41. Spidering the Web • We use a patched Version of Niels’ Provos’ crawl-0.4. Modifications: • Do not overload filesystem with 100.000 entries in a directory • Keep HTTP headers for fingerprinting • See http://c0re.23.nu/c0de/misc/crawl-*.patch Maximillian Dornseif • Laboratory for Dependable Distributed Systems

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet Data Portal Jay Daley, .nz https:/ /idp.nz Internet Data Portal ICANN54 2 What is

Internet Data Portal Jay Daley, .nz https:/ /idp.nz Internet Data Portal ICANN54 2 What is

Internet Data Portal Jay Daley, .nz https:/ /idp.nz Internet Data Portal ICANN54 2 What is it Repository for Internet data relating to NZ All open data Place to explore Forum to discuss and more Internet

683 views • 12 slides
IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by

IoT Security IoT: Internet of things Hidden Voice Commands, Usenix Security16 Presented by Jinli Zhong FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild, NDSS17 Presented by Jie Li Protecting Privacy of BLE

470 views • 34 slides
Data Mining l The Extraction of useful information from data l The automated extraction of hidden

Data Mining l The Extraction of useful information from data l The automated extraction of hidden

Data Mining l The Extraction of useful information from data l The automated extraction of hidden predictive information from (large) databases l Business, Huge data bases, customer data, mine the data Also Medical, Genetic, Astronomy, etc. l

535 views • 32 slides
Data analysis Piecewise-constant linear regression Hidden Markov Models Let x t denote the

Data analysis Piecewise-constant linear regression Hidden Markov Models Let x t denote the

Data analysis Piecewise-constant linear regression Hidden Markov Models Let x t denote the log-transformed data and u t the underlying signal. A transition kernel accounting for shift and drift Hidden state space: grid with Algorithmic

589 views • 27 slides
q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the

q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the

q.Datum Data Exchange The marketplace for big data Data is the new oil of the Internet and the new currency of the digital world . World Economic Forum 1 Problem: access to big data Data accessed &amp; analyzed Data in organizations

543 views • 30 slides
The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications

The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications

ITS323/CSS331 Internet Internetworking IP The Internet IP Addresses Internet Apps TCP ITS323: Introduction to Data Communications Application CSS331: Fundamentals of Data Communications Sirindhorn International Institute of Technology

745 views • 43 slides
Uncovering the hidden universe of rental units in Surrey UBC Data Science for Social Good 2018

Uncovering the hidden universe of rental units in Surrey UBC Data Science for Social Good 2018

Uncovering the hidden universe of rental units in Surrey UBC Data Science for Social Good 2018 By: Jocelyn Lee, Andy Fink, Hyeongcheol Park, Zhe Jiang Overview Introduction Data Sources and Collection Data Processing

438 views • 21 slides
The Hidden Data in AI IP Intellectual Property for Artificial Intelligence Marlow Thomas G

The Hidden Data in AI IP Intellectual Property for Artificial Intelligence Marlow Thomas G

The Hidden Data in AI IP Intellectual Property for Artificial Intelligence Marlow Thomas G Marlow | Black Hills IP | linkedin.com/in/thomasgmarlow/ | @UScode35 The Hidden Data in AI IP Intellectual Property for Artificial Intelligence Marlow

521 views • 28 slides
Internet routing is based on routing protocols that collect the input data No off-line route

Internet routing is based on routing protocols that collect the input data No off-line route

Introduction to Routing in Internet Internet basics IPv4 and ICMP Internet Addressing ARP - Address Resolution Protocol Routing Information (Distance Vector ) Protocol Principles 3-1 S-38.121 S-02 Rka, NB Internet routing is based on

214 views • 18 slides
Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$

Hidden$Terminals$ Nodes$A$and$C$are$hidden$terminals$when$sending$to$B$ Cant$hear$each$other$(to$coordinate)$yet$collide$at$B$ We$want$to$avoid$the$inefficiency$of$collisions $ CSE$461$University$of$Washington$ 53$

463 views • 31 slides
Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research

Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research

Challenges and a Path Forward for Realizing Data-Driven Federal Internet Policy A Research Agenda for Law and Computer Science and Internet Data 8th Workshop on Internet Economics (WIE 2017) JamesMillerEsquire@gmail.com Adjunct Prof. of Law,

531 views • 40 slides
Multivariate Hidden Markov model An application to study correlations among cryptocurrency

Multivariate Hidden Markov model An application to study correlations among cryptocurrency

Introduction Proposed Hidden Markov Model (HMM) Data Results Conclusions References Multivariate Hidden Markov model An application to study correlations among cryptocurrency log-returns Fulvia Pennoni Bartolucci F. , Forte G.

440 views • 28 slides
Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a

Hidden Markov Models Pratik Lahiri Introduction A hidden Markov model (HMM) is a statistical Markov model in which the system being modeled is assumed to be a Markov process with unobserved (hidden) states. We call the observed event

741 views • 13 slides
1993 Internet &amp; TCP/IP Not yet dreamed of Starting a Genomic Internet Simple, real-time,

1993 Internet &amp; TCP/IP Not yet dreamed of Starting a Genomic Internet Simple, real-time,

1993 Internet &amp; TCP/IP Not yet dreamed of Starting a Genomic Internet Simple, real-time, global network for sharing somatic cancer data and associated clinical information Users Researchers, Clinicians, Pharma, Data Analysts, Citizen

705 views • 25 slides
No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides
Todd Mytkowicz Kathryn S. McKinley Wikipedia Sensors Big data Sampson et al. Bishop hidden

Todd Mytkowicz Kathryn S. McKinley Wikipedia Sensors Big data Sampson et al. Bishop hidden

Uncertain&lt; T &gt; A First-Order Type for Uncertain Data James Bornholt Supervisor: Steve Blackburn Todd Mytkowicz Kathryn S. McKinley Wikipedia Sensors Big data Sampson et al. Bishop hidden units z M w (1) w (2) MD KM x D y K inputs

1.14k views • 84 slides
Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj

Reconfiguration Overhead in Dynamic Task-Based Implementations on FPGAs Padmini Nagaraj University of California, Berkeley, Distributed Mentor Program, Researcher Summer 2004 Professor Elaheh Bozorgzadeh University of California, Irvine,

415 views • 13 slides
f g u ,v = u f x , y g u x ,v y dx dy v Or, in

f g u ,v = u f x , y g u x ,v y dx dy v Or, in

Programming Example: Filter Operations Hannes Hofmann Programming Example: Filter Operations MB-JASS 2006, 19 29 March 2006 Convolution The convolution expresses the amount of overlap of one function g as it is shifted over another f .

253 views • 8 slides
Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False Sharing

Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False Sharing

/IN /INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2016 - Lecture 5: Caching (2) Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False Sharing A Handy Guide (to Pleasing the

569 views • 34 slides
Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False

Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False

/INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2019 - Lecture 4: Caching (2) Welcome! Todays Agenda: Caching: Recap Data Locality Alignment False Sharing A Handy Guide (to Pleasing the

1.02k views • 43 slides
The DCT domain and JPEG CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of

The DCT domain and JPEG CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of

The DCT domain and JPEG CSM25 Secure Information Hiding Dr Hans Georg Schaathun University of Surrey Spring 2008 Dr Hans Georg Schaathun The DCT domain and JPEG Spring 2008 1 / 62 Learning Objectives Be able to work with and JPEG images

1.27k views • 102 slides
Evaluating Computers: Bigger, better, faster, more? 1 What do you want in a computer? 2 What

Evaluating Computers: Bigger, better, faster, more? 1 What do you want in a computer? 2 What

Evaluating Computers: Bigger, better, faster, more? 1 What do you want in a computer? 2 What do you want in a computer? Low latency -- one unit of work in minimum time 1/latency = responsiveness High throughput -- maximum work per

774 views • 53 slides
Optimization Methods for Data Compression Giovanni Motta Motivations Data compression

Optimization Methods for Data Compression Giovanni Motta Motivations Data compression

Optimization Methods for Data Compression Giovanni Motta Motivations Data compression algorithms use heuristics How good a given heuristic is ? What if an heuristic is replaced by an optimal procedure ? Can we simplify an optimal

1.02k views • 65 slides
CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File

CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File

CS4405 JPEG File Format JPEG Lifecycle Container format required JFIF JPEG File Interchange Format is a minimal file format which enables JPEG bitstreams to be exchanged

344 views • 6 slides

More recommend