The University of Massachusetts Amherst
Categories
Linux Security Software

Hiding in Plain Sight with Steganography

Steganography is the process of hiding one file inside another, most popularly, hiding a file within a picture. If you’re a fan of Mr. Robot you are likely already somewhat familiar with this.

Although hiding files inside pictures may seem hard, it is actually rather easy. All files at their core are just text, so to hide one file into another it is just a case of inserting the text value of one file into another.

Even though this possible on all platforms, it is easiest to accomplish on Linux (although the following commands will probably work on Mac OS as well).

There are many different ways to hide different types of files, however the easiest and most versatile method is to use zip archives.

Once you create your own zip archive we can then append it to the end of an image file, such as a png.

cat deathstarplans.zip >> r2d2.png

If you’re wondering what just happened, let me explain. Cat prints out a file as text (deathstarplans.zip in this instance). Instead of printing to the terminal, >> tells your terminal to appends the text to the end of the specified file -> r2d2.png.

We could have also just done > however that would replace the text of the specified file, specifically the metadata of r2d2.png in this instance. This does work and it would still allow you to view the image… BUT r2d2.png would be easily recognized as containing a zip file and defeat the entire purpose.

Getting the file(s) out is also easy, simply run unzip r2d2.png. Unzip will throw a warning that “x extra bytes” are before the zip file, which you can ignore, basically just restates that we hid the zip in the png file. And so they files pop out.

So why zip? Tar tends to be more popular on Linux… however tar has a problem with this method. Tar does not parse through the file and get to the actual start of the archive whereas zip does so automatically. That isn’t to say its impossible to get tar to work, it simply would require some extra work (aka scripting). However there is another, more adavanced way, steghide.

Unlike zip, steghide does not come preinstalled on most Linux Distos, but is in most default repositories, including for Arch and Ubuntu/Linux Mint.

sudo pacman -S steghide – Arch

sudo apt install steghide – Ubuntu/Linux Mint

Steghide does have its ups and downs. One upside is that it is a lot better at hiding and can easily hide any file type. It does so by using an advanced algorithm to hide it within the image (or audio) file without changing the look (or sound) of the file. This also means that without using steghide (or at least the same mathematical approach as steghide) it is very difficult to extract the hidden files from the image.

However there is big draw back: steghide only supports a limited amount of ‘cover’ files – JPEG, BMP, WAV, and AU. But since JPEG files are a common image type, it isn’t a large draw back and will not look out of place.

To hide the file the command would be steghide embed -cf clones.jpg -ef order66.pdf

At which point steghide will prompt you to enter a password. Keep in mind that if you lose the password you will likely never recover the embedded file.

To extract the file we can run steghide extract -sf clones.jpg, assuming we use the correct password, the hidden file is revealed.

All that being said, both methods leave the ‘secret’ file untouched and only hide a copy. Assuming the goal is to hide the file, the files in the open need to be securely removed. shred is a good command which overwrites the file multiple times to make it as difficult to recover as possible.

shred -z order66.pdf

or to delete it automatically

shred -zu order66.pdf

Categories
Google

How to Google!

Google, the world’s most popular search engine, usually does a great job finding what we need with little information for us. But what about when Google isn’t giving us the hits we need?
This article will go over commonly unused tips that will help refine your search and tell Google exactly what you’re searching for. It will also go over fun, new features of Google.

 

 

1. Filter Results by Time
Users can now browse only the most recent results. After searching “Tools” will appear on the right below the search bar. If you click on ‘Tools’, ‘Any time’ and ‘All Results’ will appear under the search bar. Under ‘Any time’ there are options to show results ranging from the past hour to the past year.

 

2. Search Websites for Specific Words
If you are searching through a specific website you can now search for keywords. Ex: to see how many times Forbes mentioned Kylie Jenner you would simply type “Kylie Jenner site:Forbes.com”.

 

3. Search Exact Phrases and Quotes
A more commonly used trick is typing quotation marks around words or phrases to tell Google to only show results contain the exact words in quotes

 

4. Omit Certain Words Using the Minus Sign
In contrast to the last tip, using “-aword” will omit results containing the word right after the minus sign. For example typing “Apple -iPhone” will get rid of all results containing iPhone with the word Apple.

 

5. Use Google as a timer
Now Google has a stopwatch and timer feature that will show up by just searching “set timer”. No need to mess around on apps when you can just pull it up on the internet!

 

6. Search Newspaper Archives from the 1800s
Search “google news archive search” and the first link will bring you to a page with the names of hundreds of newspapers. You can browse issues of Newspapers by date and name.

 

7.  Use Google to Flip a Coin
Need help making a decision? Simply search “flip a coin” and Google will flip a virtually generated coin and give you an answer of heads or tails.

 

8. Search Through Google’s Other Sites
Google has other search engines for specific types of results. For example, if you’re searching for a blog use “Google Blog Search” or if you want to search for a patent use “Google Patent Search”, etc.

 

Now with these Google tips you can search Google like a pro!
Categories
Operating System

October Apple Event Preview

Today Apple sent out invitations for an event on October 30th in New York City. The event, titled “There’s more in the Making”, hints at a creative and pro focused event, which is further suggested by the event being hosted at the Howard Gilman Opera House. There are several rumored devices that will be launched at this event

The headline product that is rumored to be announced will be an update to the iPad Pro line. The line, which is made up of two models, is rumored to gain many of the features from the iPhone X line of phones. This includes smaller bezels and FaceID to replace the fingerprint reader. The devices are also said to switch over from their proprietary Lightning connector in favor of the more standard USB-C. This will also allow the iPad to connect to external display and other accessories much more easily. The iPad and the iPhone are some of the only devices in the industry that haven’t switched over to USB-C. This transition will help the industry converge on a single port type.

There are also rumored to be new Mac’s at this event. The Mac mini hasn’t been updated in over 4 years and is overly due for a refresh. The new minis are rumored to be smaller and more aimed at the pro market. This makes sense given the overall theme of the event. Apple is also rumored to be introducing a new low end Mac laptop at around the $1000 price point. This will replace the aging MacBook Air that Apple is still selling. This is by far Apple’s highest volume price range, so it’s important to have a modern, compelling option.

Is there anything else that Apple will announce next week? What are your predictions?

Categories
Operating System

Are Self-Driving Cars Safe?

Self-driving cars promise to revolutionize driving by removing human error from the equation altogether. No more drunk or tired driving, great reductions in traffic, and even the possibility of being productive on the commute to work. But what are the consequences of relying on algorithms and hardware to accomplish this vision? Software can be hacked or tricked, electrical components can be damaged. Can we really argue that it is safer to relinquish control to a computer than to operate a motor vehicle ourselves? Ultimately, this question cannot be answered with confidence until we conduct far more testing. Data analysis is key to understanding how these vehicles will perform and specifically how they will anticipate and react to the kind of human error which they exist to eliminate. But “the verdict isn’t out yet” is hardly a satisfying answer, and for this reason I would argue that despite concerns about ‘fooling’ self-driving cars, this technology is safer than human drivers.

The article “Slight Street Sign Modifications Can Completely Fool Machine Learning Algorithms” details how researchers have tricked computer vision algorithm to misinterpret street signs. Researchers were able to achieve these results by training their classifier program with public road sign data, and then adding new entries of a modified street sign with their own classifiers. Essentially, the computer is “taught” how to analyze a specific image and, after numerous trial runs, will eventually be able to recognize recurring elements in specific street signs and match them with a specific designation / classifier. The article mainly serves to explore how these machines could be manipulated, but only briefly touches upon a key safety feature which would prevent real-world trickery. Notably, redundancy is key in any self-driving car. Using GPS locations of signs and data from past users could ensure that signs are not incorrectly classified by the computer vision algorithm.

The article “The Long, Winding Road for Driverless Cars” focuses less on the safety ramifications of self-driving vehicles, and instead on how practical it is that we will see fully autonomous cars in the near future. The author touches upon the idea that selling current vehicles (such as Tesla) with self-driving abilities as “autopilot” might be misleading, as these current solutions still require a human to be attentive behind the wheel. She presents the hurdle that in order to replace human drivers, self-driving vehicles cannot just be “better” than human drivers but near perfect. While these are all valid concerns, they will only result in benefits for consumers. Mistrust in new tech means that companies and regulatory authorities will go through rigorous trials to ensure that these vehicles are ready for the road and maintain consumer confidence. We have already accepted many aspects of car automation (stopping when an object is detected, hands-free parallel parking, and lane-detection) to make our lives easier, and perhaps some time in the near future self-driving cars will be fully tested and ready for mass deployment.

Categories
Software

A Brief Introduction to Creating Functions in MATLAB

Hey wow, look at this!  I’ve finally rallied myself to write a blog article about something that is not digital audio!  Don’t get too excited though, this is still going to be a MATLAB article and, although I am not going to be getting too deep into any DSP, the fundamental techniques underlined in this article can be applied to a wide range of problems.

Now, let me go on record here and say I am not much of a computer programmer.  Thus, if you are looking for a guide to functional programming in general, this is not the place for you!  However, if you are perhaps an engineering student who’s learned MATLAB for school and are maybe interested in learning what this language is capable of, this is a good place to start.  Alternatively, if you are familiar with functional languages (*cough cough* Python), then this article may help you to start transposing your knowledge to a new language.

So What are Functions?

I am sure that, depending on who you ask, there are a lot of definitions for what a function actually is.  Functions in MATLAB more or less follow the standard signals-and-systems model of a system; this is to say they have a set of inputs and a corresponding set of outputs.  There we go, article finished, we did it!

Joking aside, there is not much more to be said about how functions are used in MATLAB; they are excellently simple.  Functions in MATLAB do provide great flexibility though because they can have as many inputs and outputs as you choose (and the number of inputs does not have to be the same as the number of outputs) and the relationship between the inputs and outputs can be whatever you want it to be.  Thus, while you can make a function that is a single-input-single-output linear-time-invariant system, you can also make literally anything else.

How to Create and Use Functions

Before you can think about functions, you’ll need a MATLAB script in which to call your function(s).  If you are familiar with an object oriented language (*cough cough* Java), the script is similar to your main method.  Below, I have included a simple script where we create two numbers and send them to a function called noahFactorial.

Simple Script Example

It doesn’t really matter what noahFactorial does, the only thing that matters here is that the function has two inputs (here X and Y) and one output (Z).

Our actual call to the noahFactorial function happens on line 4.  On the same line, we also assign the output of noahFactorial to the variable Z.  Line 6 has a print statement that will print the inputs and outputs to the console along with some text.

Now looking at noahFactorial, we can see how we define and write a function.  We start by writing ‘function’ and then defining the function output.  Here, the output is just a single variable, but if we were to change ‘output’ to ‘[output1, output2]’, our function would return a 2×1 array containing two output values.

Simple Function Example

Some of you more seasoned programmers might notice that ‘output’ is not given a datatype.  This will undoubtedly make some of you feel uncomfortable but I promise it’s okay; MATLAB is pretty good at knowing what datatype something should be.  One benefit of this more laissez-faire syntax is that ‘output’ itself doesn’t even have to be a single variable.  If you can keep track of it, you can make ‘output’ a 2×1 array and treat the two values like two separate outputs.

Once we write our output, we put an equals sign down (as you might expect), write the name of our function, and put (in parentheses) the input(s) to our function.  Once again, the typing on the inputs is pretty soft so those too can be arrays or single values.

In all, a function declaration should look like:

function output = functionName(input)

or…

function [output1, output2, …, outputN] = functionName(input1, input2, …,inputM)

And just to reiterate, N and M here do not have to be the same.

Once inside our function, we can do whatever MATLAB is capable of.  Unlike Java, return statements are not used to send anything to the output, rather they are used to stop the function in its tracks.  Usually, I will assign an output for error messages; if something goes wrong, I will assign a value to the error output and follow that with ‘return’.  Doing this sends back the error message and stops the function at the return statement.

So, if we don’t use return statements, then how do we send values to the output?  We make sure that in our function, we have variables with the same name as the outputs.  We assign those variable values in the function.  On the last line of the function when the function ends, whatever the values are in the output variables, those values are sent to the output.

For example, if we define an output called X and somewhere in our function we write ‘X=5;’ and we don’t change the value of X before the function ends, the output X will have the value: 5.  If we do the same thing but make another line of code later in the function that says ‘X=6;’, then the value of X returned will be: 6.  Nice and easy.

 

…And it’s that simple.  The thing I really love about functions is that they do not have to be associated with a script or with an object, you can just whip one up and use it.  Furthermore, if you find you need to perform some mathematical operation often, write one function and use it with as many different scripts as you want!  This insane flexibility allows for some insane problem-solving capability.

Once you get the hang of this, you can do all sorts of things.  Usually, when I write a program in MATLAB, I have my main script (sometimes a .fig file if I’m writing a GUI) in one folder, maybe with some assorted text and .csv files, and a whole other folder full of functions for all sorts of different things.  The ability to create functions and some good programming methodology can allow even the most novice of computer programmers to create incredibly useful programs in MATLAB.

 

NOTE: For this article, I used Sublime Text to write-out the examples.  If you have never used MATLAB before and you turn it on for the first time and it looks completely different, don’t be alarmed!  MATLAB comes pre-packaged with its own editor which is quite good, but you can also write MATLAB code in another editor, save it as a .m file, and then open it in the MATLAB editor or run it though the MATLAB kernel later.

Categories
Operating System Software

What is Docker and How Does it Work?

Docker is a very popular tool in the world of enterprise software development. However, it can be difficult to understand what it’s really for. Here we will take a brief look at why software engineers, and everyday users, choose Docker to quickly and efficiently manage their computer software.

Categories
Operating System Security

Password Security on Github

“The password you provided has been reported as compromised due to re-use of that password on another service by you or someone else. GitHub has not been compromised directly. To increase your security, please change your password as soon as possible.”

I thought this was funny when I first saw this message from Github, a website that has over 28 million users and 57 million repositories. I knew I was receiving this message because I used a very similar password for my IBM intern account and my personal account.

So I was telling my coworkers in IT about it, and they pointed out to me in horror – “That means they’re storing passwords in plaintext…”

Well turns out this isn’t true. In fact, they use fairly secure Key-Derivation Function (KDF) software called Bcrypt.

For obvious reasons, this is scary. The responsible practices for password storage are, well, complicated. It’s a combination of hashing or the more secure Key-Derivation Function, both of which basically scrambles up the user’s password so that not just anyone can decode it, and a careful implementation of where . If a company isn’t using proper security for user data, there’s an increased risk of getting hacked. And realistically, if someone managed to snag the password to your Github account, they’d likely be able to get into at least a few of your other accounts as well.

If you want to learn about this more in depth, you can read this interesting thread.