Tip: Cygwin for Steganography in Sounds (.wav)

Archive for October, 2008

Tip: Cygwin for Steganography in Sounds (.wav)

Posted by

Cygwin can be used for hiding data in sound files.

First, run setup and select the “steghide: A steganography hiding tool” package under the Security category. You may also be prompted to install libjpeg7 and mhash. Complete the installation.

Second, copy your hidden file and cover file to the home folder (C:\cygwin\home\Administrator). For example, suppose we use “hidden.msg” and “applause.wav” to embed a text message inside a file of folks clapping. Let’s use the word “secret” as the passphrase.

$ steghide –embed –embedfile hidden.msg –coverfile applause.wav –passphrase secret –stegofile output.wav

embedding “hidden.msg” in “applause.wav”… done
writing stego file “output.wav”… done

The resulting “output.wav” file now contains the message. To extract, we use steghide with the passphrase.

$ steghide –extract –stegofile output.wav –passphrase secret –extractfile output.msg

wrote extracted data to “output.msg”.

That is how to use steghide in Cygwin to embed and extract files from sound files (.wav).

Clickjacking Revealed

Posted by

The “Clickjacking” attack bothers me because it seems so obvious. Well, obvious to someone who has done JavaScript web development.

Years ago, I worked on a web user interface (wui) where we tried to duplicate all the functionality of a gui using Javascript and XML. This was Ajax before it was called Ajax. I had a demo that basically was a clickjack attack whose intent was to annoy the user or to trigger an event. A prank or a feature, it was trivial to implement with a few lines of code.

Thus the attack is another case of media hype. Giving this attack a clever name like “Clickjacking” seems to be like calling a person who unplugs your network cable a “Cablejacker”.


J Wolfgang Goerlich



(Incidentally, in case anyone is interested, my employer attempted to patent the wui idea. The details are online.)

Hyper-V Disk Issues

Posted by

I am seeing an odd issue with Hyper-V vms on pass-thru disks. Say an event occurs on the storage array that causes the disks on the Hyper-V server go offline momentarily. They can be brought back online afterwards. Hyper-V then loses the handle on the disk. There are four broad categories of symptoms that then occur:

  1.  Very broadly speaking, if the disk contains server-specific information such as a paging file, then the server behaves erratically when it goes offline.
  2. If the disk in question goes offline and it contains the vm definition files (.bin, .vsv), then the vm disappears from the Hyper-V console.
  3.  If the disk goes offline and it contains vm disks (.vhd), then the vm in question crashes.
  4. If the disk is directly mapped to a vm as a host resource, then the vm is shutdown. Sometimes the state is saved. The settings show that the physical disk cannot be found. The vm’s saved state has to be deleted and then the physical disks reselected in the vm settings dialog.

I am still troubleshooting. More details to follow.

LinkedIn Security Information Management Group

Posted by

I have been working on a Security Information Management (Sim) system for some many years, off and on. It started as a collection of WMI scripts that gathered information into a flat file structure. Initially these were only for system logs. More recently, I have moved to a SQL back-end and added network traffic captures and analysis. A few people have joined in my efforts and we hope to have software release within a year.

The SimWitty project has a website and a LinkedIn group. I hope you will come join us. We could use the help, particularly in C# development and SQL Server 2005 optimizations.

iPhone Forensics book

Posted by

iPhone forensics guru Jonathan Zdziarski (NerveGas) has abook out with O’Reilly. “With iPhone use increasing in business networks, IT and security professionals face a serious challenge: these devices store an enormous amount of information. If your staff conducts business with iPhones, you need to know how to recover, analyze, and securely destroy sensitive data. iPhone Forensics supplies the knowledge necessary to conduct complete and highly specialized forensic analysis of the iPhone, iPhone 3G, and iPod Touch.”

Amazon.com has the iPhone Forensics book online.

The Technology Angle of the Economic Situation

Posted by

On Monday, I checked out the House’s website after the vote. I could not get thru. The site was still very sporadic on Tuesday. Wired has coverage and they point to the site’s email functionality as the culprit. “The House of Representative’s website is overwhelmed in the wake of the $700 billion Wall Street bailout vote. The site’s button allowing constituents to e-mail their representatives is functioning sporadically after receiving millions of hits.”

The website simply couldn’t handle the load. It is a reminder at how technology must respond to shifts in attention.


J Wolfgang Goerlich



House Website Crumbles Under Weight of $700 Billion Bailout