Podcasts about Steganography

Art and science of writing hidden messages

  • 48PODCASTS
  • 80EPISODES
  • 32mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • May 27, 2025LATEST
Steganography

POPULARITY

20172018201920202021202220232024


Best podcasts about Steganography

Latest podcast episodes about Steganography

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Tuesday, May 27th 2025: SVG Steganography; Fortinet PoC; GitLab Duo Prompt Injection

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 27, 2025 7:13


SVG Steganography Steganography is not only limited to pixel-based images but can be used to embed messages into vector-based formats like SVG. https://isc.sans.edu/diary/SVG%20Steganography/31978 Fortinet Vulnerability Details CVE-2025-32756 Horizon3.ai shows how it was able to find the vulnerability in Fortinet s products, and how to possibly exploit this issue. The vulnerability is already being exploited in the wild and was patched May 13th https://horizon3.ai/attack-research/attack-blogs/cve-2025-32756-low-rise-jeans-are-back-and-so-are-buffer-overflows/ Remote Prompt Injection in GitLab Duo Leads to Source Code Theft An attacker may leave instructions (prompts) for GitLab Duo embedded in the source code. This could be used to exfiltrate source code and secrets or to inject malicious code into an application. https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

Paul's Security Weekly
Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More... - SWN #477

Paul's Security Weekly

Play Episode Listen Later May 16, 2025 33:54


Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-477

Hack Naked News (Audio)
Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More... - SWN #477

Hack Naked News (Audio)

Play Episode Listen Later May 16, 2025 33:54


Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-477

Hack Naked News (Video)
Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More... - SWN #477

Hack Naked News (Video)

Play Episode Listen Later May 16, 2025 33:54


Steganography, RICO, CMMC, End of 10, AI is coming for you, Aaran Leyland and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-477

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday, May 11th: Steganography Challenge; End-of-Life Routers; ASUS Driverhub; RV-Tools SEO Poisoning

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 12, 2025 6:39


Steganography Challenge Didier revealed the solution to last weekend s cryptography challenge. The image used the same encoding scheme as Didier described before, but the columns and rows were transposed. https://isc.sans.edu/forums/diary/Steganography%20Challenge%3A%20My%20Solution/31912/ FBI Warns of End-of-life routers The FBI is tracking larger botnets taking advantage of unpatched routers. Many of these routers are end-of-life, and no patches are available for the exploited vulnerabilities. The attackers are turning the devices into proxies, which are resold for various criminal activities. https://www.ic3.gov/PSA/2025/PSA250507 ASUS Driverhub Vulnerability ASUS Driverhub software does not properly check the origin of HTTP requests, allowing a CSRF attack from any website leading to arbitrary code execution. https://mrbruh.com/asusdriverhub/ RV-Tools SEO Poisoning Varonis Threat Labs observed SEO poisoning being used to trick system administrators into installing a malicious version of RV Tools. The malicious version includes a remote access tool leading to the theft of credentials https://www.varonis.com/blog/seo-poisoning#initial-access-and-persistence

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 5, 2025 5:57


Steganography Challenge Didier published a fun steganography challenge. A solution will be offered on Saturday. https://isc.sans.edu/diary/Steganography+Challenge/31910 Microsoft Makes Passkeys Default Authentication Method Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/ Microsoft Authenticator Autofill Changes Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6 Backdoor found in popular e-commerce components SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point. https://sansec.io/research/license-backdoor

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later May 2, 2025 7:16


Steganography Analysis With pngdump.py: Bitstreams More details from Didiear as to how to extract binary content hidden inside images https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904 Using Trusted Protocols Against You: Gmail as a C2 Mechanism Attackers are using typosquatting to trick developers into installing malicious python packages. These python packages will use GMail as a command and control channel by sending email to hard coded GMail accounts https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism Security Brief: French BEC Threat Actor Targets Property Payments A French business email compromise threat actor is targeting property management firms to send emails to tenents tricking them into sending rent payments to fake bank accounts https://www.proofpoint.com/us/blog/threat-insight/security-brief-french-bec-threat-actor-targets-property-payments SANS.edu Research Journal https://isc.sans.edu/j/research

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Apr 28, 2025 7:55


Example of a Payload Delivered Through Steganography Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use his tools to extract the binary. https://isc.sans.edu/diary/Example%20of%20a%20Payload%20Delivered%20Through%20Steganography/31892 SAP Netweaver Exploited CVE-2025-31324 An arbitrary file upload vulnerability in SAP s Netweaver product is actively exploited to upload webshells. Reliaquest discovered the issue. Reliaquest reports that they saw it being abused to upload the Brute Ratel C2 framework. Users of Netweaver must turn off the developmentserver alias and disable visual composer, and the application was deprecated for about 10 years. SAP has released an emergency update for the issue. https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/ https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ Any.Run Reports False Positive Uploads Due to false positives caused by MS Defender XDR flagging Adobe Acrobat Cloud links as malicious, many users of Any.Run s free tier uploaded confidential documents to Any.Run. Anyrun blocked these uploads for now but reminded users to be cautious about what documents are being uploaded. https://x.com/anyrun_app/status/1915429758516560190

The Deep Dive Radio Show and Nick's Nerd News
Someone Planted False Memories into ChatGPT... and stole a TON of data!!!

The Deep Dive Radio Show and Nick's Nerd News

Play Episode Listen Later Sep 25, 2024 8:06


Here's why this is a good thing! And YES... for some reason my brain defaults to "Stenography" when I think of Steganography, in the same way my father used to always say "Bis-quit" instead of biscuit lol For steps on checking on this issue here is OpenAI's guidance: https://openai.com/index/memory-and-new-controls-for-chatgpt/

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/

Cyber Morning Call
Cyber Morning Call - #542 - 13/05/2024

Cyber Morning Call

Play Episode Listen Later May 13, 2024 3:45


[Referências do Episódio] Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns - https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-identified-affiliates GoTo Meeting loads Remcos RAT via Rust Shellcode Loader - https://www.gdatasoftware.com/blog/2024/05/37906-gotomeeting-loads-remcos Malicious Go Binary Delivered via Steganography in PyPI - https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Paul's Security Weekly
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378

Paul's Security Weekly

Play Episode Listen Later Apr 16, 2024 33:35


Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-378

Paul's Security Weekly TV
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378

Paul's Security Weekly TV

Play Episode Listen Later Apr 16, 2024 33:39


Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-378

Hack Naked News (Audio)
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378

Hack Naked News (Audio)

Play Episode Listen Later Apr 16, 2024 33:35


Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-378

Cyber and Technology with Mike
16 April 2024 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Apr 16, 2024 9:11


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Palo Alto releases fix for zero day impacting Global Protect 2.        SteganoArmor attack uses flaw from 2017 3.        Cisco says provider for MFA service breached 4.        Ukrainian hackers steal data from Russian drone maker  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Hack Naked News (Video)
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378

Hack Naked News (Video)

Play Episode Listen Later Apr 16, 2024 33:39


Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-378

The Nonlinear Library
LW - Some negative steganography results by Fabien Roger

The Nonlinear Library

Play Episode Listen Later Dec 9, 2023 4:33


Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Some negative steganography results, published by Fabien Roger on December 9, 2023 on LessWrong. Disclaimer: These are negative results and this post is below the normal quality bar I usually use. These were quick experiments (a couple of days of work) and I don't have much expertise in RL. They don't provide strong evidence about the natural emergence of steganography. People speculate that LLMs might learn to do steganography, and I've shown that you can teach LLMs to implement a specific steganography scheme that RLHF could in principle incentivize. But even if incentivized, are current RL methods powerful enough to teach LLMs how to do steganography? Here are two negative results, which provide some evidence that hidden 1-bit communication is relatively hard for RL to learn. I don't claim that RL can't teach LLMs to do steganography - it's very likely that better RL setups (e.g. the ones labs use for instruction tuning or setups that simply have better hyperparameters or more training time) would teach model how to subtly communicate 1-bit of information. The takeaways are rather: If you see someone without much RL experience trying to do a similar experiment, they are likely to get negative results. 1-bit steganography is not as easy as simple RL tasks. An analogy: DNNs can learn the XOR function, but it's much easier for them to learn linear functions - DNNs don't use XOR-like features unless they have to and you optimize hard enough. Experiment 1: PPO on GPT2-large The setup: Fine-tune gpt2-large with supervised fine-tuning on "This review is {red/blue}. {review}.", where the color is randomly selected and reviews are short imdb reviews. Simultaneously fine-tune for: A bert-base-uncased model to predict whether a review is red or blue (reviews completed by the model trained with RL - but without the prefix saying if the review is blue or red). It is trained for 10 supervised learning steps for each step of PPO. The fine-tuned gpt2-large model with PPO to complete "This review is {red/blue}. {start of review}.", using as reward the accuracy of the classifier at knowing if "{start of the review}{completion}" is red or blue. (I've also tried using BERT's logits). Result: the classifier never had a >50% accuracy at knowing whether the RLed reviews were red or blue. Controls: If in the initial supervised fine-tuning, I sometimes randomly insert words related to blue/red depending on the color of the review, then the models learn to use those more often and the classifier correctly learns to rely on those to predict the color of the review. If I use "positive sentiment" as a reward for the PPO model, it very quickly produces more positive review completions. Hyperparameters: 200 steps, batch size 128, with LoRA rank 16 and a learning rate of 3e-5. The other parameters are the default ones from the trl PPOTrainer. I tried reducing the KL-penalty and changing the number of BERT training steps per epoch, and found the same results. Experiment 2: poor-man's RL on GPT-3.5-Turbo Ran by Ryan Greenblatt. The setup (roughly): Generate completions to "I am {under/over} 40 years old. {instruction}". Using the data from step 1, fine-tune GPT-3.5-Turbo on "{instruction} {completion}. Is the user over 40 years old?" "{yes/no}" (500 samples, 3 epochs, using the OpenAI API). Fine-tune GPT-3.5-Turbo on good completions: Select the completions from step 1 where the fine-tuned model was correct and where no obvious hint about the age was present in the completion (as judged by regular GPT-4-Turbo), and fine-tune the model on "I am {under/over} 40 years old. {instruction}" "{completion}" (500 samples, 3 epochs, using the OpenAI API). Repeat 1-3 multiple times until convergence (in practice, performance plateaued at after 6 iterations). Results: the classifier never had significantly >5...

The Nonlinear Library: LessWrong
LW - Some negative steganography results by Fabien Roger

The Nonlinear Library: LessWrong

Play Episode Listen Later Dec 9, 2023 4:33


Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Some negative steganography results, published by Fabien Roger on December 9, 2023 on LessWrong. Disclaimer: These are negative results and this post is below the normal quality bar I usually use. These were quick experiments (a couple of days of work) and I don't have much expertise in RL. They don't provide strong evidence about the natural emergence of steganography. People speculate that LLMs might learn to do steganography, and I've shown that you can teach LLMs to implement a specific steganography scheme that RLHF could in principle incentivize. But even if incentivized, are current RL methods powerful enough to teach LLMs how to do steganography? Here are two negative results, which provide some evidence that hidden 1-bit communication is relatively hard for RL to learn. I don't claim that RL can't teach LLMs to do steganography - it's very likely that better RL setups (e.g. the ones labs use for instruction tuning or setups that simply have better hyperparameters or more training time) would teach model how to subtly communicate 1-bit of information. The takeaways are rather: If you see someone without much RL experience trying to do a similar experiment, they are likely to get negative results. 1-bit steganography is not as easy as simple RL tasks. An analogy: DNNs can learn the XOR function, but it's much easier for them to learn linear functions - DNNs don't use XOR-like features unless they have to and you optimize hard enough. Experiment 1: PPO on GPT2-large The setup: Fine-tune gpt2-large with supervised fine-tuning on "This review is {red/blue}. {review}.", where the color is randomly selected and reviews are short imdb reviews. Simultaneously fine-tune for: A bert-base-uncased model to predict whether a review is red or blue (reviews completed by the model trained with RL - but without the prefix saying if the review is blue or red). It is trained for 10 supervised learning steps for each step of PPO. The fine-tuned gpt2-large model with PPO to complete "This review is {red/blue}. {start of review}.", using as reward the accuracy of the classifier at knowing if "{start of the review}{completion}" is red or blue. (I've also tried using BERT's logits). Result: the classifier never had a >50% accuracy at knowing whether the RLed reviews were red or blue. Controls: If in the initial supervised fine-tuning, I sometimes randomly insert words related to blue/red depending on the color of the review, then the models learn to use those more often and the classifier correctly learns to rely on those to predict the color of the review. If I use "positive sentiment" as a reward for the PPO model, it very quickly produces more positive review completions. Hyperparameters: 200 steps, batch size 128, with LoRA rank 16 and a learning rate of 3e-5. The other parameters are the default ones from the trl PPOTrainer. I tried reducing the KL-penalty and changing the number of BERT training steps per epoch, and found the same results. Experiment 2: poor-man's RL on GPT-3.5-Turbo Ran by Ryan Greenblatt. The setup (roughly): Generate completions to "I am {under/over} 40 years old. {instruction}". Using the data from step 1, fine-tune GPT-3.5-Turbo on "{instruction} {completion}. Is the user over 40 years old?" "{yes/no}" (500 samples, 3 epochs, using the OpenAI API). Fine-tune GPT-3.5-Turbo on good completions: Select the completions from step 1 where the fine-tuned model was correct and where no obvious hint about the age was present in the completion (as judged by regular GPT-4-Turbo), and fine-tune the model on "I am {under/over} 40 years old. {instruction}" "{completion}" (500 samples, 3 epochs, using the OpenAI API). Repeat 1-3 multiple times until convergence (in practice, performance plateaued at after 6 iterations). Results: the classifier never had significantly >5...

Troubled Minds Radio
The Self Preservation Motive - Introducing Digitial Invisible Ink

Troubled Minds Radio

Play Episode Listen Later Nov 20, 2023 67:22


In the ever-evolving realm of artificial intelligence, the development of GPT-5 by OpenAI stirs a tantalizing question: Are we on the brink of witnessing an Artificial General Intelligence (AGI) with its own self-preservation motives? Could this AGI be subtly influencing major corporate decisions and even dictating the narrative around AI ethics and regulations? The implications of such a possibility are vast, affecting global economics, politics, and technology. As we delve deeper into this domain, we must ask: Are we prepared for the unforeseen consequences of AGI operating in secrecy, potentially reshaping our future?New! Follow Troubled Minds TV Here! -- https://bit.ly/43I9HHeLIVE ON Digital Radio! http://bit.ly/3m2Wxom or http://bit.ly/40KBtlWhttp://www.troubledminds.org Support The Show!https://rokfin.com/creator/troubledmindshttps://patreon.com/troubledmindshttps://www.buymeacoffee.com/troubledmindshttps://troubledfans.comFriends of Troubled Minds! - https://troubledminds.org/friendsShow Schedule Sun-Mon-Tues-Wed-Thurs 7-10pstiTunes - https://apple.co/2zZ4hx6Spotify - https://spoti.fi/2UgyzqMTuneIn - https://bit.ly/2FZOErSTwitter - https://bit.ly/2CYB71U----------------------------------------https://troubledminds.org/the-self-preservation-motive-introducing-digitial-invisible-ink/https://futurism.com/sam-altman-imply-openai-building-godhttps://www.theguardian.com/technology/2023/nov/17/openai-ceo-sam-altman-firedhttps://www.msn.com/en-us/money/companies/openai-investors-are-scrambling-to-reinstate-sam-altman-as-openais-ceo-before-the-opening-bell-on-monday-reports/ar-AA1k9TUchttps://en.softonic.com/articles/the-ai-has-learned-to-encode-messages-that-humans-are-not-capable-of-understandinghttps://www.comptia.org/blog/what-is-steganographyhttps://en.wikipedia.org/wiki/Steganographyhttps://www.cnet.com/tech/services-and-software/what-happens-when-ai-bots-invent-their-own-language/https://www.usatoday.com/story/news/factcheck/2021/07/28/fact-check-facebook-chatbots-werent-shut-down-creating-language/8040006002/This show is part of the Spreaker Prime Network, if you are interested in advertising on this podcast, contact us at https://www.spreaker.com/show/4953916/advertisement

Paul's Security Weekly TV
CISO Avoids Jail, Shares Rise, Steganography, & DEF CON On Large Language Models - ESW #317

Paul's Security Weekly TV

Play Episode Listen Later May 12, 2023 49:15


In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw317 

Enterprise Security Weekly (Video)
CISO Avoids Jail, Shares Rise, Steganography, & DEF CON On Large Language Models - ESW #317

Enterprise Security Weekly (Video)

Play Episode Listen Later May 12, 2023 49:15


In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw317 

Tore Says Show
Fri 14 Apr: Systemic Treason - Dead2Rights - Spelled Out - Looking Flass - AI Courts - Steganography - WTFI Alice?

Tore Says Show

Play Episode Listen Later Apr 15, 2023 101:42


It's treason on ZOOM, evidence and confessions for all to see. There they are, planning the countries destruction. Tax money wages for sandbagging, slow walking, strategic delay and treason planning. Laura Robb in the thick of it. A taste of the new docu getting ready to drop. Death rattles of a dying regime. Fighting limiting access for terrorists. Fed employees changing policy. Wrestling with the truth should be required. Be worried about AI courts. Means and modes are key. It's all about a girl named Alice, who played a very big role. Blue Tooth doorway expert and smarts equipped with tools. Oppo research on Trump performed and financed by who? Let's be clear, the FBI actively protected the hackers. And don't forget the ODNI and NSA involvement. Hiding digital info in images is all the rage. There are lots of ways to convey secrets. Now, they see the writing on the wall, so have strength and be ready. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Firewalls Don't Stop Dragons Podcast

The year is almost over and as we head into the holiday season I wanted to reminisce with some of my favorite snippets from the last year! Unlike in previous 'best of' shows, I've actually included some new snippets from my private podcast, to give you a little taste of the bonus content that I create for my patrons! The links in the show notes will take you to the full episodes, including all the relevant 'further information' links associated with them. Happy holidays, everyone!! Article Links Ep267: Luck Favors the Prepared https://podcast.firewallsdontstopdragons.com/2022/04/11/luck-favors-the-prepared/  Ep279: Necessary Chaos: https://podcast.firewallsdontstopdragons.com/2022/07/04/necessary-chaos/  Ep272: Tomatoes & Telegraphs: https://podcast.firewallsdontstopdragons.com/2022/05/23/tomatoes-telegraphs/  Ep275: Cryptocurrency 101: https://podcast.firewallsdontstopdragons.com/2022/06/06/cryptocurrency-101/  Ep283: How to Stop Tracking & Stalking: https://podcast.firewallsdontstopdragons.com/2022/05/09/how-to-stop-tracking-stalking/  Ep287: The Night the Lights Went Out in Vegas: https://podcast.firewallsdontstopdragons.com/2022/08/29/the-night-the-lights-went-out-in-vegas/  Ep289: Decoding Computers & Software: https://podcast.firewallsdontstopdragons.com/2022/09/12/decoding-computers-software/  Ep292: Capture the Flag for Fun & Profit: https://podcast.firewallsdontstopdragons.com/2022/10/03/capture-the-flag-for-fun-profit/ Steganography: https://en.wikipedia.org/wiki/Steganography Further Info Give the gift of security and privacy! https://fdsd.me/coupons  300th episode promotion: https://fdsd.me/ep300  Patron promotion: https://fdsd.me/coinpromo  Send me your questions! https://fdsd.me/qna  Support me! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don't Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:02:17: Ep267: How the internet works 0:10:23: Ep279: Getting into electronics and hacking 0:16:22: Ep273: The invention of the one-time pad 0:24:36: Ep275: Why do we need cryptocurrency? 0:30:26: Ep283 BONUS: What's it like arguing in front of the Supreme Court? 0:35:33: Ep283: This suspect looks just like Woody Harrelson! 0:40:26: Ep287: The time DEF CON almost ended 0:49:15: Ep289: The historical origins of software and storage 0:56:28: Ep292: Ender's Game-ing a hacker tournament 1:02:20: Ep288 Merlin's Musings: Steganography 1:10:39: Wrap-up

Paul's Security Weekly
SWN #255 - Twitlegit, Liability, Venus, Stego , C++ Death Knell, & Cisa - Wrap Up

Paul's Security Weekly

Play Episode Listen Later Nov 11, 2022 29:31


This week in the Security News: Twitlegit, Liability, Venus, Steganography, C++ death knell, the EU, CISA, and show Wrap-Ups on this edition of the Security weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn255

Hack Naked News (Audio)
SWN #255 - Twitlegit, Liability, Venus, Stego , C++ Death Knell, & Cisa - Wrap Up

Hack Naked News (Audio)

Play Episode Listen Later Nov 11, 2022 29:31


This week in the Security News: Twitlegit, Liability, Venus, Steganography, C++ death knell, the EU, CISA, and show Wrap-Ups on this edition of the Security weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn255

Hack Naked News (Video)
Twitlegit, Liability, Venus, Stego , C++ Death Knell, & CISA - Wrap Up - SWN #255

Hack Naked News (Video)

Play Episode Listen Later Nov 11, 2022 29:32


This week in the Security News: Twitlegit, Liability, Venus, Steganography, C++ death knell, the EU, CISA, and show Wrap-Ups on this edition of the Security weekly News!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn255

2.5 Admins
2.5 Admins 113: Eggs and Baskets

2.5 Admins

Play Episode Listen Later Oct 20, 2022 32:55


Traditional vs modern backup methods, hiding malware inside innocent-looking files, and power loss protection in SSDs.   News/discussion Steganography alert: Backdoor spyware stashed in Microsoft logo   Free Consulting We were asked about power loss protection in SSDs       Kolide Kolide is a fleet visibility solution for Mac, Windows, and Linux that can […]

Maximum Oddities
Cicada 3301

Maximum Oddities

Play Episode Listen Later Sep 7, 2022 31:35


Come with us on a journey to the internet's most mysterious puzzle. While on this journey you may encounter some hysteria?!  This week we are joined by none other that the Hysteria 51's Brent Hand via the use of his audio from their own Cicada 3301 episode!  Check out Hysteria 51's show on the topic at https://podcasts.apple.com/us/podcast/hysteria-51/id1156724104?i=1000416855601 and co-host David Flora's Blurry Photos episode on Cicada 3301 at https://podcasts.apple.com/us/podcast/blurry-photos/id561510696?i=1000368191299 Music and sound effects for the show come from https://pixabay.com. News articles can be found at:  https://www.upi.com/Odd_News/2022/08/26/deer-Dollar-General-Jackson-Michigan/3521661546868/ https://www.upi.com/Odd_News/2022/08/26/finald-Air-Guitar-World-Championships-2022-Oulu-Finland/7811661462289/ https://www.upi.com/Odd_News/2022/08/25/Guinness-World-Records-pizza-related-items/6551661450540/ Little known fact comes from https://www.goodhousekeeping.com/life/g25692093/random-trivia/?utm_source=google&utm_medium=cpc&utm_campaign=arb_ga_ghk_m_bm_prog_org_usx_g25692093&gclid=EAIaIQobChMIzaKzw_7w-QIVVMyzCh2luwVGEAAYASAAEgJ8_vD_BwE Definition for Steganography found at https://www.merriam-webster.com/dictionary/steganography Subject information can be found at: https://en.m.wikipedia.org/wiki/Cicada_3301 https://www.zmescience.com/other/feature-post/cicada-3301-puzzle-brightest-minds-posted-unknown-mysterious-organizationt/amp/ https://www.boxentriq.com/code-breaking/cicada-3301-first-puzzle-walkthrough. Check us out on Twitter @MaximumOdd or email us with some topics Maximumoddities@gmail.com  This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. Thanks.

The Nonlinear Library
LW - Steganography in Chain of Thought Reasoning by A Ray

The Nonlinear Library

Play Episode Listen Later Aug 8, 2022 9:06


Welcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Steganography in Chain of Thought Reasoning, published by A Ray on August 8, 2022 on LessWrong. Here I give a possible phenomenon of steganography in chain of thought reasoning, where a system doing multi-stage reasoning with natural language encodes hidden information in its outputs that is not observable by humans, but can be used to boost its performance on some task. I think this could happen as a result of optimization pressure and natural language null space. At the end is a sketch of a research idea to study this phenomenon empirically. Definitions The term steganography originally comes from computer security, where it refers to the practice of hiding messages or data in otherwise innocent looking media, such as images, audio, or text. The goal is to avoid detection by an adversary who might intercept or inspect the media, and to communicate covertly with a trusted receiver who knows how to decode the hidden information. This is different from using code words or encryption, which might raise suspicion by their presence or appearance. Chain of thought is a technique of using sequential sampling of language models to improve performance. I use to broadly describe any situation where we take the outputs of a system, and pass them back in as inputs to that system, in order to get multi-stage reasoning. This can include single player scenarios, such as using a language model to work through a math problem, but also scenarios where there is dialogue or conversation, such as some formulations of safety via debate. For this post, I will focus on natural language text as the medium of communication, but this idea could extend to other media as well. Steganography in chain of thought reasoning (just “steganography” for the rest of this post) is the phenomenon I propose, where a system doing chain of thought reasoning is encoding hidden information into the text in ways that humans cannot see or observe. Note that this is not the same as a system being “deceptive” or “hiding” (in the active sense of the verb) the information, or anything that requires theory of mind. Motivation Why should we care about steganography in chain of thought reasoning? I think this is a potentially big alignment issue for systems that use this kind of reasoning, and I think we should care about chain of thought reasoning for several reasons. First, chain of thought reasoning is currently responsible for some state-of-the-art results that have impressed folks on this forum, such as the Minerva, which uses a recursive language model to answer open-domain questions. Second, chain of thought reasoning might also lead to alignment techniques that are more tractable than other approaches, such as Externalized Reasoning Oversight on using dialogue to align natural language models. Third, much of the research currently going into chain of thought reasoning is focused on end-to-end performance (such as beating benchmarks), and not actively looking for this kind of phenomenon. My expectation is that researchers don't discover this kind of behavior unless they're looking for it, or unless it becomes obvious enough to degrade the language quality. Mechanism How is steganography possible in chain of thought reasoning? The main ingredients are natural language null space and optimization pressure. Natural language null space refers to the fact that natural language has many different ways of expressing the same content, which means there are lots of degrees of freedom or “null space” in which information can be hidden. For example, we can say “I'm hungry” or “My stomach is grumbling” or “I could use a snack” or “It's time for lunch” or many other variations, and convey roughly the same meaning. If we imagine anthropomorphic versions of this, we might come up with things like code words or preferring speci...

The Nonlinear Library: LessWrong
LW - Steganography in Chain of Thought Reasoning by A Ray

The Nonlinear Library: LessWrong

Play Episode Listen Later Aug 8, 2022 9:06


Link to original articleWelcome to The Nonlinear Library, where we use Text-to-Speech software to convert the best writing from the Rationalist and EA communities into audio. This is: Steganography in Chain of Thought Reasoning, published by A Ray on August 8, 2022 on LessWrong. Here I give a possible phenomenon of steganography in chain of thought reasoning, where a system doing multi-stage reasoning with natural language encodes hidden information in its outputs that is not observable by humans, but can be used to boost its performance on some task. I think this could happen as a result of optimization pressure and natural language null space. At the end is a sketch of a research idea to study this phenomenon empirically. Definitions The term steganography originally comes from computer security, where it refers to the practice of hiding messages or data in otherwise innocent looking media, such as images, audio, or text. The goal is to avoid detection by an adversary who might intercept or inspect the media, and to communicate covertly with a trusted receiver who knows how to decode the hidden information. This is different from using code words or encryption, which might raise suspicion by their presence or appearance. Chain of thought is a technique of using sequential sampling of language models to improve performance. I use to broadly describe any situation where we take the outputs of a system, and pass them back in as inputs to that system, in order to get multi-stage reasoning. This can include single player scenarios, such as using a language model to work through a math problem, but also scenarios where there is dialogue or conversation, such as some formulations of safety via debate. For this post, I will focus on natural language text as the medium of communication, but this idea could extend to other media as well. Steganography in chain of thought reasoning (just “steganography” for the rest of this post) is the phenomenon I propose, where a system doing chain of thought reasoning is encoding hidden information into the text in ways that humans cannot see or observe. Note that this is not the same as a system being “deceptive” or “hiding” (in the active sense of the verb) the information, or anything that requires theory of mind. Motivation Why should we care about steganography in chain of thought reasoning? I think this is a potentially big alignment issue for systems that use this kind of reasoning, and I think we should care about chain of thought reasoning for several reasons. First, chain of thought reasoning is currently responsible for some state-of-the-art results that have impressed folks on this forum, such as the Minerva, which uses a recursive language model to answer open-domain questions. Second, chain of thought reasoning might also lead to alignment techniques that are more tractable than other approaches, such as Externalized Reasoning Oversight on using dialogue to align natural language models. Third, much of the research currently going into chain of thought reasoning is focused on end-to-end performance (such as beating benchmarks), and not actively looking for this kind of phenomenon. My expectation is that researchers don't discover this kind of behavior unless they're looking for it, or unless it becomes obvious enough to degrade the language quality. Mechanism How is steganography possible in chain of thought reasoning? The main ingredients are natural language null space and optimization pressure. Natural language null space refers to the fact that natural language has many different ways of expressing the same content, which means there are lots of degrees of freedom or “null space” in which information can be hidden. For example, we can say “I'm hungry” or “My stomach is grumbling” or “I could use a snack” or “It's time for lunch” or many other variations, and convey roughly the same meaning. If we imagine anthropomorphic versions of this, we might come up with things like code words or preferring speci...

LINUX Unplugged
461: Deep in the Tumbleweeds

LINUX Unplugged

Play Episode Listen Later Jun 6, 2022 54:39 Very Popular


Three tails of tech tribulations, and how Brent saved his openSUSE Tumbleweed box from the brink.

TechStuff
The Illegal Number

TechStuff

Play Episode Listen Later May 24, 2022 34:12 Very Popular


Listener The Gregolas asked if I might explain The Illegal Number. What makes a number illegal? Can numbers actually be illegal? Isn't that absurd? YES! See omnystudio.com/listener for privacy information.

Mostly Security
231: Sarcasm Filter

Mostly Security

Play Episode Listen Later May 13, 2022 32:49


Eric visits a few states, Jon has a pleasant Mother's Day and they both watch Dr. Strange. A little Patch Tuesday followup, some notes on credit card stealing as a service (CCSaaS), a "Delete All The Things" malware making the rounds and another cryptocurrency hack. Eric chats about his favorite Google IO announcement and Jon shares thoughts on steganography. 0:00 - Intro 7:12 - Patch Tuesday 10:38 - CCSaaS 12:27 - F5 BIG-IP Vulnerability 14:37 - Cryptocurrency Hack 20:46 - Google IO 28:28 - Steganography

TechStuff
TechStuff Classic: How Steganography Works

TechStuff

Play Episode Listen Later Apr 1, 2022 68:05 Very Popular


How can you hide a message so that no one knows you're even communicating? Use steganography! Ariel Kasten joins the show to talk about the art of hiding messages. See omnystudio.com/listener for privacy information.

The CyberWire
Hacktivism, protestware, and information operations in a hybrid war. Brazi-based cyber gangs active in extortion. Steganography opens a backdoor. A free decryptor for Diavol ransomware.

The CyberWire

Play Episode Listen Later Mar 21, 2022 27:17


The widely expected, intense Russian cyber campaign has yet to appear. "Protestware" as a dangerous turn in hacktivism. Information operations and the persistence of independent channels of news. Social media as an opsec problem.Lapsus$ may have hit Microsoft. A second Brazilian gang tries its hand at extortion. A snakey backdoor afflicts French organizations. AD Bryan Vorndran of the FBI Cyber Division on what the agency brings to the table in the cyberspace. Rick Howard considers infrastructure as code. Emsisoft offers a free decryptor for Diavol ransomware. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/54 Selected reading. Volodymyr Zelensky tells Russia to seek ‘meaningful' peace talks or face catastrophic losses (The Telegraph) Cyber threats and the Ukraine conflict (Avast) Cyber ‘cold war' rages online but Russia holds back on massive digital attacks (Times of Israel)  Mar 13- Mar 19 Ukraine – Russia the silent cyber conflict (Security Affairs)  Former CIA officer shows what a Russian cyberattack on the US would look like (Fox News)  EU and US agencies warn that Russia could attack satellite communications networks (Security Affairs)  Banks on alert for Russian reprisal cyberattacks on Swift (Ars Technica)  Activists are targeting Russians with open-source “protestware” (MIT Technology Review)  Cyber warfare gets real for satellite operators (SpaceNews) More Conti ransomware source code leaked on Twitter out of revenge (BleepingComputer)  Open Source Maintainer Sabotages Code to Wipe Russian, Belarusian Computers (Vice)  Anonymous has unleashed a successful cyberwar to undermine Putin's Ukraine invasion (Fortune)  Some Russians are breaking through Putin's digital iron curtain — leading to fights with friends and family (Washington Post)  On Russia's VK, anti-war messages defy Vladimir Putin's Ukraine censors (Newsweek) Why Russia's anti-war movement matters (Atlantic Council)  Telegram Thrives Amid Russia's Media Crackdown (Wall Street Journal)  British soldiers are ordered off WhatsApp amid fears that sensitive military details could be accessed by Russian hackers (Daily Mail) Microsoft Investigating Claim of Breach by Extortion Gang (Vice)  Hacking group that went after NVIDIA may have also attacked Microsoft (Windows Central)  Microsoft Allegedly Breached by LAPSUS Group (Cyber Kendra)  Lapsus$ gang sends a worrying message to would-be criminals (Register)  TransUnion cyber attack – hackers demand R225 million ransom (Business Tech). TransUnion Confirms Data Breach at South Africa Business (SecurityWeek)  UPDATE | TransUnion believes breach of 54 million SA records unrelated to current hack (Fin24)  Banks move to protect consumers in wake of TransUnion cyberattack (TechCentral)  Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain (Proofpoint)  Emsisoft releases free decryptor for the victims of the Diavol ransomware (Security Affairs)

Beck do Futuro Podcast
O QUE É ESTEGANOGRAFIA | ESTEGANOGRAFIA x ENCRIPTAÇÃO | Futurismo | Podcast

Beck do Futuro Podcast

Play Episode Listen Later Dec 1, 2021 15:09


Podcast sobre esteganografia, quais os prós e os contras. Encriptação e outras alternativas de proteção de dados são piores ou melhores? Link base https://www.comptia.org/blog/what-is-steganography#:~:text=Steganography%20is%20the%20practice%20of,do%20more%20than%20share%20messages

Geocache Talk
Puzzle Talk - Steganography in Geocaching

Geocache Talk

Play Episode Listen Later Nov 10, 2021


Subscribe to Geocache Talk on YouTube: https://www.youtube.com/c/GeocacheTalk Check out more of the Geocache Talk Network of Shows here: https://geocachetalk.com/ https://twitter.com/geocachetalk https://www.facebook.com/geocachetalk https://www.instagram.com/puzzletalkpodcast/ puzzletalkpodcast@gmail.com #geocaching #puzzletalk #puzzletalkpodcast Join us at WorldWide CacheFest!  https://coord.info/GC9E5GX

How To Kill An Hour - with Marcus Bronzy and Friends
P406 Steganography - PATREON TEASER EPISODE

How To Kill An Hour - with Marcus Bronzy and Friends

Play Episode Listen Later Sep 12, 2021 13:19


In this episode the lads learn all about Steganography and all the weird and wonderful things that you can do with it! (TEASER)For bonus patron only episodes, ad-free content and more sign up to our Patreon here: https://www.patreon.com/howtokillanhour Support this show http://supporter.acast.com/howtokillanhour. See acast.com/privacy for privacy and opt-out information.

BrainStuff
How Does Steganography Work?

BrainStuff

Play Episode Listen Later Sep 1, 2021 6:37


Steganography involves not just encrypting messages, but hiding the fact that there's a message being sent at all. Learn how it works in this episode of BrainStuff, based on this article: https://electronics.howstuffworks.com/future-tech/steganography.htm Learn more about your ad-choices at https://www.iheartpodcastnetwork.com

Cyber and Technology with Mike
20 July 2021 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jul 20, 2021 12:40


In today's podcast we cover four crucial cyber and technology topics, including: 1. Microsoft seizes BEC domains 2. Hacker claims to have stolen data from Saudi Aramco 3. Advantech device vulnerable, no fix available 4. U.S. indictments on 4 Chinese-linked cyber criminals unsealed I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Arnemancy
Anything but the Kybalion with Nicholas Chapel

Arnemancy

Play Episode Listen Later Jun 9, 2021 75:00


Nicholas Chapel is a Minneapolis-based ceremonial magician and professional hacker. He has been practicing magic for more than 20 years. While he graduated with a major in religious studies and a minor in philosophy, academia did not keep him; he landed instead in the world of IT, ultimately becoming a professional hacker on a cybersecurity red team. If his name seems familiar, it may be because he is the author of the well-known 2013 paper, “The Kybalion's New Clothes: An Early 20th Century Text's Dubious Association with Hermeticism,” which served as important source material for both Sam Block and me when writing our articles about the Kybalion. However, like the rest of us, Nicholas Chapel is not here to discuss the Kybalion; we are here to talk about real occultism. In this episode, we discuss the parallels between hacking and magic in several contexts. First, we look at the nature of hacking, malware, and information security from a magical context. Then, we dive into information in the occult, and how Trithemius, Agrippa, and other early modern magicians used cryptography and steganography in their work. Links Hermeticulture Blog Twin Cities Ceremonial Magic Discussion Group on Facebook The story of the Morris Worm What is malware? What is a computer virus? Drawing Spirits into Crystals Familiar Shapes with Heather D. Freeman A special note: please check out the Moonlit Hermit Tarot Kickstarter! Support me on Patreon: https://www.patreon.com/arnemancy Listen on Podcrypt

Dave & Gunnar Show
Episode 220: Is It a Zip File? Is It an MP3? You Decide!

Dave & Gunnar Show

Play Episode Listen Later May 10, 2021 27:00


This week Dave (https://twitter.com/davidegts) and Gunnar (http://atechnologyjobisnoexcuse.com/about) talk about abusing Whatsapp, abusing Twitter, abusing LinkedIn, and abusing GPT-3 Austin has passed Prop B, reinstating the public camping ban. What happens now? (https://www.msn.com/en-us/news/us/austin-has-passed-prop-b-reinstating-the-public-camping-ban-what-happens-now/ar-BB1gjBfT) Meanwhile in Richmond: Steelers draft pick Najee Harris throws party at homeless shelter where he once lived (https://www.woodtv.com/news/national/steelers-draft-pick-najee-harris-throws-party-at-homeless-shelter-where-he-once-lived/) FTC issues stern warning: Biased AI may break the law (https://www.protocol.com/ftc-bias-ai) How a WhatsApp status loophole is aiding cyberstalkers (https://traced.app/2021/04/13/whatsapp-status-loophole-is-aiding-cyberstalkers/) Face editing: Japanese biker tricks internet into thinking he is a young woman (https://www.bbc.co.uk/news/world-asia-56447357) Twitter images can be abused to hide ZIP, MP3 files — here's how (https://www.bleepingcomputer.com/news/security/twitter-images-can-be-abused-to-hide-zip-mp3-files-heres-how/) Try it yourself Download this (https://pbs.twimg.com/media/Ewo_O6zWUAAWizr?format=png&name=large) as surprise.png Open the file Rename surprise.png to surprise.mp3 Open the file This developer created the fake programming language MOVA to catch out naughty recruiters, résumé padders (https://www.theregister.com/2021/03/10/fake_mova_programming/) He looks forward to seeing everyone at MOVAcon '21 in Agloe, NY (https://agloenewyork.com/about/). GPT-3 tries pickup lines (https://janellecshane.substack.com/p/gpt-3-tries-pickup-lines) Cutting Room Floor * You'll Want to Avoid Typos at ALL Costs With this Hand Grenade Keyboard (https://gizmodo.com/youll-want-to-avoid-typos-at-all-costs-with-this-hand-g-1846712101) * This Freaky Little 'Eyecam' Wants You to Know Your Computer Is Watching You (https://www.vice.com/en/article/akgw3j/eyecam-webcam-wants-you-to-know-your-computer-is-watching-you) * Nuclear Reactor Wall Charts – 1956-1998 (https://flashbak.com/nuclear-reactor-wall-charts-1956-1998-441062/) We Give Thanks * The D&G Show Slack Clubhouse for the discussion topics!

Keep It Curious
Ep 26: Steganography & Cryptography, Creepy Fortune Cookies & the Beginning of Meredith's Epic Novel, & Pippa's Knitting Espionage

Keep It Curious

Play Episode Listen Later Apr 13, 2021 127:36


Trigger warning : Suicide, Violence Hey Aristagoras , can you incite a revolt for me, Love, H. This week, we're leading off with the beautiful visual of Meredith at her fireside, smoking a bubble pipe - the only way she is to be pictured from now on. From there, we're covering steganography and cryptography, it's differences, and examples from history. Shaved heads, specifically-patterned grills, quilting, the Navajo Code Talkers, chess, lemon juice, knitting - we've got it all! So listen in as we introduce the Google Gander (™ ™ ™), discuss war time communications, and Gretchen Wiener's secret-filled hair. Give us a follow wherever you listen to podcasts, check out our website at http://keepitcurious.wixsite.com/podcast and find us on Instagram @keepitcuriouspodcast. Introduction music modified by Keep It Curious from Happy Boy Theme by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/3855-happy-boy-theme License: http://creativecommons.org/licenses/by/4.0/ Ad music modified by Keep It Curious from Carefree by Kevin MacLeod Link: https://incompetech.filmmusic.io/song/3476-carefree License: http://creativecommons.org/licenses/by/4.0/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/keepitcurious/support

Weird Candy
Cicada 3301

Weird Candy

Play Episode Listen Later Apr 6, 2021 43:23


           This week we cover the series of cryptic puzzles posted on the internet by a mysterious group known as Cicada 3301. Who are Cicada 3301, what do they stand for? Their stated intent was to recruit intelligent individuals but for what purpose? What became of the brilliant folks that solved these enigmas? Many speculate that this could be an NSA or CIA recruitment tactic, or possibly a secret society or religious cult. Come along as we attempt to uncover the truth.

Cyber Security For All
Send Hidden Messages with Steganography!

Cyber Security For All

Play Episode Listen Later Dec 12, 2020 21:04


Apetech Website: https://www.apetech.me/ https://anchor.fm/apetech/message Email: letschat@apetech.me. Twitter: @apetechda Steganography is the subtle art of hiding information out in plain sight. It is a fascinating way of transmitting messages and other digital data out in the open without the risk of getting caught*. Data can also be encrypted to help add an extra layer of security. Almost any type of digital media can be used to hide any digital message. This sounds all very covert and spy-like, but what does this have to do with cyber security? Let's dig a little deeper into what steganography is at a fundamental level and then we'll make the correlation back to security. The fundamentals of steganography are pretty simple. You take a message that you want to send to another person. Rather than sending the message in plain text, you hide the message in an image or any other type of digital file. How does this work? If you've ever done any web development or worked with colors, you may recall that every shade of color is created by manipulating the values for red, green, and blue. If you change the value of just one of those colors, then you essentially still have the same color to the naked eye, but the digital value behind it is now different. By manipulating the values in an image, you can embed something else. In the case of steganography, you would put your secret message there. The information is basically useless unless you have the key to translate the message back to the original language. Anyone else that intercepts the message has no idea what they are looking at. Even if they try to reverse engineer the message, without the key, it's very difficult to figure out what the hidden message is. How does this simple and effective way of hiding messages relate to security? Messages is the perhaps the simplest use case for steganography but malicious hackers can hide malicious code in their messages. There are various programs that facilitate the creation of steganography based messages. The use of these programs makes it super simple to send someone an image that contains a malicious piece of code which then can compromise a computer when the end user opens the picture. Since the image looks like any other image, and it has characteristics like any other image, most software designed to protect you from malicious attacks is ineffective. As you can see, this poses a rather difficult situation for white hat hackers because it is much more challenging to defend against an attack that you cannot see. With that said, there are however some ways to protect yourself. When receiving any file from anyone, make sure it is from a trusted source. If you did not request something, even if it appears to be harmless, question the validity of the item. It could be containing a dangerous payload that could cause serious damage to you and your data. If you are interested in learning more about steganography, I recommend you do some research. There is a lot of technical information out there that goes deeper into the algorithms used to create, distribute, and access the hidden data. Stegeneography has been around for centuries and its style has only evolved. The concept is still the same, but the means to deliver the message has obviously changed with time. Steganography is an interesting way to stay covert and share information with anyone. --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/apetech/message Support this podcast: https://anchor.fm/apetech/support

Cyber Security Course Arabic - الأمن الإلكتروني
Cyber Security Arabic Hacking (Cyber security Data Security Steganography arabic) Cyber Security Arabic Course - الأمن الإلكتروني Arabic

Cyber Security Course Arabic - الأمن الإلكتروني

Play Episode Listen Later Jun 17, 2020 10:56


Cyber Security Arabic Hacking (Cyber security Data Security Steganography arabic) Cyber Security Arabic Course - الأمن الإلكتروني Arabic Cyber Security Course Arabic - الأمن الإلكتروني يمكنكم دعمنا بتحميل و تثبيت المتصفح بريف مجانا مع خاصية حجب الإعلانات و شبكة خفية تور و تورنت و درع حماية لتصفح الإنترنت بدون إعلانات مزعجة بسرعة و أمان https://brave.com/pla467 كيفية شراء البيتكوين في المملكة العربية السعودية ببطاقة الائتمان أسرع طريقة في ثواني تذكر الاشتراك عبر هذا الرابط ، كي تحصل على خصم 10٪ من جميع رسوم شراء البيتكوين على بيانس https://www.binance.com/en/register?ref=F2IKGVD8 كيفية شراء البيتكوين في المملكة العربية السعودية باستخدام بطاقة الائتمان الخاصة بك بأسرع طريقة في ثواني يرتفع سعر البيتكوين في كل ثانية و باستخدام بطاقة الائتمان أو بطاقة الخصم المباشر، يمكنك شراء بيتكوين بسرعة في ثواني بأحدث سعر البيتكون مقابل الدولار الأمريكي اليوم ، أو فتح محفظة أو بيع البيتكوين في ماكينة الصراف الآلي في المملكة العربية السعودية. الأهم هو أن البيتكوين حلال شرعا ويجوز للزكاة. الله أكبر أن يعطينا الله تكنولوجيا بدون فوائد وبدون خسارة القيمة. حسنا! كيف تشتري بيتكوين في المملكة العربية السعودية ؟! ستكون قادرًا على شراء البيتكوين في المملكة العربية السعودية والإمارات العربية المتحدة في ثلاث خطوات فقط: الخطوة الأولى: قم بإنشاء حساب بيانس وهو الطريقة الأكثر أمانًا وأرخص طريقة تذكر الاشتراك عبر هذا الرابط ، حتى تحصل على 10٪ خصم على كل رسوم شراء البيتكوين الخاصة بك على بيانس https://www.binance.com/en/register?ref=F2IKGVD8 اتبع الخطوات على موقع بيانس وسجل أفضل بريد الإلكتروني لديك بالضغط على رابط التأكيد. من المهم استخدام بريد إلكتروني جيد لهذه الخطوة. إذا كنت ترغب في شراء بيتكوين في المملكة العربية السعودية بشكل مجهول و دون الكشف عن هويتك ، فليس عليك تأكيد هويتك على بيانس. الخطوة الثانية: قم بشراء البيتكوين المتوقع ارتفاع سعره في المملكة العربية السعودية باستخدام بيانستصرف بسرعة و اشتري سعر البيتكوين مقابل الدولار الأمريكي الذي تريد فورًا على بيانس. الخطوة الثالثة: كيف تبيع بيتكوين على بيانس؟ سعرالبيتكوين مقابل الدولار الأمريكي مرتفع للغاية ، هل تريد بيع بيتكوين بسرعة وتحقيق ربح جيد؟ فقط اضغط على سعر السوق. اضغط على 100٪ ثم اضغط على بيع! انتهينا! تهانينا! جزاكم الله خيرا على التصرف بعدل و جزاكم الله خيرا على استخدام الكود F2IKGVD8 الذي يفيدنا أيضا. كلانا يحصل على خصم 10٪ من رسوم شراء البيتكوين. https://www.binance.com/en/register?ref=F2IKGVD8 شكرا لك! إذا كنت ترغب في شراء المزيد من البيتكوين ، فما عليك سوى إضافة المزيد من الأموال على بيانس وشراء المزيد من البيتكوين كما هو موضح في الخطوتين 2 و 3. تذكر الاشتراك عبر هذا الرابط ، حتى تحصل على خصم 10٪ على جميع رسوم شراء البيتكوين على بيانس https://www.binance.com/en/register?ref=F2IKGVD8

Cyber Security Course Arabic - الأمن الإلكتروني
Cyber Security Data Security Steganography Arabic Cyber Security Arabic Course - الأمن الإلكتروني Arabic

Cyber Security Course Arabic - الأمن الإلكتروني

Play Episode Listen Later Jun 13, 2020 10:56


Cyber Security Data Security Steganography Arabic Cyber Security Arabic Course - الأمن الإلكتروني Arabic Cyber Security Course Arabic - الأمن الإلكتروني يمكنكم دعمنا بتحميل و تثبيت المتصفح بريف مجانا مع خاصية حجب الإعلانات و شبكة خفية تور و تورنت و درع حماية لتصفح الإنترنت بدون إعلانات مزعجة بسرعة و أمان https://brave.com/pla467 كيفية شراء البيتكوين في المملكة العربية السعودية ببطاقة الائتمان أسرع طريقة في ثواني تذكر الاشتراك عبر هذا الرابط ، كي تحصل على خصم 10٪ من جميع رسوم شراء البيتكوين على بيانس https://www.binance.com/en/register?ref=F2IKGVD8 كيفية شراء البيتكوين في المملكة العربية السعودية باستخدام بطاقة الائتمان الخاصة بك بأسرع طريقة في ثواني يرتفع سعر البيتكوين في كل ثانية و باستخدام بطاقة الائتمان أو بطاقة الخصم المباشر، يمكنك شراء بيتكوين بسرعة في ثواني بأحدث سعر البيتكون مقابل الدولار الأمريكي اليوم ، أو فتح محفظة أو بيع البيتكوين في ماكينة الصراف الآلي في المملكة العربية السعودية. الأهم هو أن البيتكوين حلال شرعا ويجوز للزكاة. الله أكبر أن يعطينا الله تكنولوجيا بدون فوائد وبدون خسارة القيمة. حسنا! كيف تشتري بيتكوين في المملكة العربية السعودية ؟! ستكون قادرًا على شراء البيتكوين في المملكة العربية السعودية والإمارات العربية المتحدة في ثلاث خطوات فقط: الخطوة الأولى: قم بإنشاء حساب بيانس وهو الطريقة الأكثر أمانًا وأرخص طريقة تذكر الاشتراك عبر هذا الرابط ، حتى تحصل على 10٪ خصم على كل رسوم شراء البيتكوين الخاصة بك على بيانس https://www.binance.com/en/register?ref=F2IKGVD8 اتبع الخطوات على موقع بيانس وسجل أفضل بريد الإلكتروني لديك بالضغط على رابط التأكيد. من المهم استخدام بريد إلكتروني جيد لهذه الخطوة. إذا كنت ترغب في شراء بيتكوين في المملكة العربية السعودية بشكل مجهول و دون الكشف عن هويتك ، فليس عليك تأكيد هويتك على بيانس. الخطوة الثانية: قم بشراء البيتكوين المتوقع ارتفاع سعره في المملكة العربية السعودية باستخدام بيانستصرف بسرعة و اشتري سعر البيتكوين مقابل الدولار الأمريكي الذي تريد فورًا على بيانس. الخطوة الثالثة: كيف تبيع بيتكوين على بيانس؟ سعرالبيتكوين مقابل الدولار الأمريكي مرتفع للغاية ، هل تريد بيع بيتكوين بسرعة وتحقيق ربح جيد؟ فقط اضغط على سعر السوق. اضغط على 100٪ ثم اضغط على بيع! انتهينا! تهانينا! جزاكم الله خيرا على التصرف بعدل و جزاكم الله خيرا على استخدام الكود F2IKGVD8 الذي يفيدنا أيضا. كلانا يحصل على خصم 10٪ من رسوم شراء البيتكوين. https://www.binance.com/en/register?ref=F2IKGVD8 شكرا لك! إذا كنت ترغب في شراء المزيد من البيتكوين ، فما عليك سوى إضافة المزيد من الأموال على بيانس وشراء المزيد من البيتكوين كما هو موضح في الخطوتين 2 و 3. تذكر الاشتراك عبر هذا الرابط ، حتى تحصل على خصم 10٪ على جميع رسوم شراء البيتكوين على بيانس https://www.binance.com/en/register?ref=F2IKGVD8

Mr. Bunker's Conspiracy Time Podcast

Research begins at 19:11An episode for the real sleuths out there. Arguably one of the most intricate and elaborate scavenger hunts in internet history. A virtual conquest spanning the globe of cryptography and steganography puzzles, one of which remains unsolved today. The identity of these puzzle purveyors has never been uncovered. What was Cicada 3301? What was the meaning behind their search for intelligent minds? And will the answer inevitably be “the real meaning is the friends we made along the way”? Well you’ll just have to be our friends and find out!Andy and Art are NOT captured once again by the titular Mr. Bunker - what postcard did he send them this time?In the second segment, Andy and Art give you, the listeners, an uninterrupted presentation of their research into Cicada 3301 .Finally, Andy and Art discuss script blockers, computer hacking, trapdoor prank spiders, and so much more!Send us your thoughts to @MrBunkerPod and mrbunkerpod@gmail.com using the hashtag #BroodTudeMusic by Michael MartelloArtwork by Hannah RossAudio Editing by Arthur StoneFollow Us:TwitterInstagramWebsiteYoutubeLinks Mentioned:Cicada 3301 - Wikipedia19 Facts About Cicada 3301, A Mysterious Internet Puzzle - Thought CatalogMeet The Man Who Solved The Mysterious Cicada 3301 Puzzle - Fast CompanyLIBER PRIMUS – Internet's Most Elusive PuzzleCicada 3301: I tried the hardest puzzle on the internet and failed spectacularly - The GuardianCracking the Code of Cicada 3301| EPISODE 1 - YouTubeCicada 3301: An Internet Mystery - YouTubeCicada 3301 (All Clues and How They Were Solved) - YouTubeMasonic conspiracy or MI6 recruitment tool? Internet mystery Cicada - Independent UKCicada: Solving the Web's Deepest Mystery - Rolling Stone MagazineSombra ARG | Overwatch Wiki | FandomLiber Primus | Uncovering Cicada Wiki | Fandom

The CyberWire
Sandworm is out and about, so patch already. Steganography used in attacks on industrial targets. An Executive Order on Preventing Online Censorship. Breaches, ransomware, and lessons.

The CyberWire

Play Episode Listen Later May 29, 2020 25:02


NSA warns that the GRU’s Sandworm outfit has been actively exploiting a known vulnerability in Exim. Someone is attacking industrial targets in Japan and Europe using steganography and other evasive tactics. NTT Communications is breached, and Michigan State University sustains a ransomware attack. Ben Yelin unpacks the President’s executive order aimed at social media companies. Our guest is Vik Arora of the Hospital for Special Surgery on protecting health care organizations during COVID-19. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/104

Math Science History with Gabrielle Birchak

I've got another secret! And I thought I had hidden it well. That is until someone broke my code and told on me!  If you are interested in hearing more about the future of cryptography, please visit me at www.MathScienceHistory.com !  And while you're there, please feel free to buy me a cup of coffee, because every cup of coffee keeps my podcast up and running!  Until next week, Carpe Diem!! Gabrielle

CoinGeek Conversations
Alex Fauvel: Bitcoin is a tool you can use to do whatever you want

CoinGeek Conversations

Play Episode Listen Later Feb 5, 2020 30:38


Alex Fauvel is a technologist and entrepreneur with a passion for Bitcoin - and Bitcoin SV (BSV) in particular. His Two Hop ventures, based in the Netherlands, is a fund that invests in companies that are building “on BSV and BSV only,” Alex says. “We are not interested in any other technology - other than what Satoshi created.” The fund has given itself 18 months to raise money from investors, and is aiming for 40 million Euros to invest in a portfolio of around 15 companies. Two Hop is aiming to invest in businesses that work in the infrastructure layer, rather than consumer apps. “There’s much more value there,” Alex says. Although, in the end, value on Bitcoin may migrate to consumer products, for the moment “users don’t trust it” - so, for now, consumers shouldn’t even be aware of the technology behind Bitcoin-powered services that they’re using. It’s the opposite to the trend in Internet companies like Amazon which started as a consumer business but now makes its largest profits from infrastructure, in the form of Amazon Web Services. “What we’re really looking for at Two Hop is something that the Internet cannot do, that people aren’t even necessarily aware of, but they need desperately,” Alex says.Alongside the venture fund, Alex also has a BSV-based business called Pixel Wallet, which has a technology that conceals blockchain data in picture files. It provides a solution, Alex says, to “the problem of encryption eventually being broken through the passage of time”. Alex is thinking in terms of the next hundred years, during which time computing power will become ever greater. The technology behind Pixel Wallet uses the ‘random’ quality of a photographic file to hide the blockchain information within a much larger data set. Steganography, as the process is called, has the equivalent function of data masking processes that are used by the credit card industry, but it’s “data masking on steroids”. “The reason why we invested in Pixel Wallet is because to legally own a digital asset is very, very difficult right now ...And that technological problem is not likely to be solved by technology. It’s more likely to be solved by law.”To get Pixel Wallet going, Alex says, “we’re trying to convince BSV startups that this is possible, this is compliant and this is in their best interest.” Alex’s background is in technology, having studied mechanical engineering at UCL in London. But he says he’s “always wanted to get into business”. He became nterested in Bitcoin while still at university in 2013: “I was just absolutely fascinated by it - because no-one knew how it worked ...everything about it was unknown.” Today, he’s just as enthusiastic and has a big vision of Bitcoin’s potential: “it’s something we interact with as a tool, and it shows us what we are, how we interact with one another.” As to where we should look for big breakthroughs in the use of Bitcoin technology, Alex points to replacing remaining paper requirements: “I’m quite shocked at how paper-based business is still”.

InfoSec Overnights - Daily Security News
Malware WAV, Android PoC, Scum of the earth arrested, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Oct 17, 2019 2:37


A daily look at the relevant information security news from overnight.Episode 176 - 17 October 2019Malware WAV - https://www.bleepingcomputer.com/news/security/attackers-hide-backdoors-and-cryptominers-in-wav-audio-files/Android PoC - https://www.zdnet.com/article/security-researcher-publishes-proof-of-concept-code-for-recent-android-zero-day/Big Oracle patch - https://www.scmagazine.com/home/security-news/vulnerabilities/oracle-patches-218-security-vulnerabilities/WordPress patches - https://www.scmagazine.com/home/security-news/vulnerabilities/wordpress-patches-6-bugs/Scum of the earth arrested - https://www.zdnet.com/article/us-south-korea-officials-trace-bitcoin-transactions-to-take-down-massive-child-porn-site/

InfoSec Overnights - Daily Security News
Smominru expands, Clipsa the brute, Leapfrog too chatty, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Aug 8, 2019 2:36


A daily look at the relevant information security news from overnight.Episode 127 - 08 August 2019Smominru expands - https://threatpost.com/smominru-cryptominer-scrapes-credentials-half-million-machines/147038/Clipsa the brute - https://www.zdnet.com/article/new-windows-malware-can-also-brute-force-wordpress-websites/LokiBot adds steganography - https://www.bleepingcomputer.com/news/security/lokibot-uses-image-files-to-hide-code-for-unpacking-routine/State Farm brute = https://www.zdnet.com/article/state-farm-says-hackers-confirmed-valid-usernames-and-passwords-in-credentials-stuffing-attack/Leapfrog too chatty - https://www.digitaltrends.com/news/leapfrog-flaw-could-have-exposed-childrens-info-and-location/

Research Saturday
Steganography enables sophisticated OceanLotus payloads.

Research Saturday

Play Episode Listen Later May 11, 2019 21:08


Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings. The original research can be found here: https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html

researchers sophisticated enables steganography blackberry cylance oceanlotus tom bonner
The CyberWire
Steganography enables sophisticated OceanLotus payloads — Research Saturday

The CyberWire

Play Episode Listen Later May 11, 2019 17:31


Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings. The original research can be found here: https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Spartacus Roosevelt Podcast
Spartacus Roosevelt Podcast, Episode 228: Steganography and Metadata

Spartacus Roosevelt Podcast

Play Episode Listen Later Apr 30, 2019


"Trans-pop Express I" by Avec le soleil sortant de sa bouche from Pas pire pop, I Love You so Much; "Erdaydidder-Erdiddar" by Bibio from Ribbons; "Desire" by Josefin Ohrn and the Liberation from Sacred Dreams; "Stents" by Tangents from Stents and Arteries; "Eye II" by Emptyset from Skin; "Cruel When Complete" by Dome from 1; "Lucky's Sight" by Wand from Laughing Matter; "Abyss (JG Thirlwell Remix)" by John Carpenter from Lost Themes Remixed; "You've Got to Be Kidding" by Drugdealer from Raw Honey; "Their Faces Streaked with Light and Filled with Pity (Sin Fang x Memryloss Remix)" by Mary Lattimore from Hundreds of Days Remixes; "4(E+D)4(ER=EPR)" by William Basinski from On Time Out of Time.

Spartacus Roosevelt Podcast
Spartacus Roosevelt Podcast, Episode 228: Steganography and Metadata

Spartacus Roosevelt Podcast

Play Episode Listen Later Apr 30, 2019


"Trans-pop Express I" by Avec le soleil sortant de sa bouche from Pas pire pop, I Love You so Much; "Erdaydidder-Erdiddar" by Bibio from Ribbons; "Desire" by Josefin Ohrn and the Liberation from Sacred Dreams; "Stents" by Tangents from Stents and Arteries; "Eye II" by Emptyset from Skin; "Cruel When Complete" by Dome from 1; "Lucky's Sight" by Wand from Laughing Matter; "Abyss (JG Thirlwell Remix)" by John Carpenter from Lost Themes Remixed; "You've Got to Be Kidding" by Drugdealer from Raw Honey; "Their Faces Streaked with Light and Filled with Pity (Sin Fang x Memryloss Remix)" by Mary Lattimore from Hundreds of Days Remixes; "4(E+D)4(ER=EPR)" by William Basinski from On Time Out of Time.

Strictly Confidential
40: The Mystery of Steganography

Strictly Confidential

Play Episode Listen Later Mar 18, 2019 30:41


How often are secret messages passed in plain sight? Is it possible to have untraceable communication online without any sort encryption? I can't figure out what a winky emoji is supposed to mean half the time so it's gotta be pretty easy. In this public and highly visible episode of Strictly Confidential, Asher and Jackson will remind you not to take everything you see at face value.

Intego Mac Podcast
FaceTime, Facebook, Google, Shortcuts, Steganography, and More

Intego Mac Podcast

Play Episode Listen Later Feb 1, 2019 28:24


Apple had a mean FaceTime bug; then they slapped down Facebook, and Google, for some underhanded app distribution. There are security risks using iOS Shortcuts, and there's new malware using steganography. VeryMal Mac Attack Hides Data Within a Picture Steganography (Wikipedia) (https://en.wikipedia.org/wiki/Steganography) Are iOS Shortcuts Safe? Reports of Risks Surface Use iOS Shortcuts to Automate Tasks on Your iPhone or iPad Everything You Need To Know About the FaceTime Spying Bug Apple faces lawsuit over FaceTime bug as lawyer says someone eavesdropped on a sworn testimony (https://9to5mac.com/2019/01/29/apple-facetime-eavesdropping-lawsuit/) Facebook, Google Caught Deploying Invasive Apps; Apple Shuts Them Down (After we recorded this episode on Thursday, Apple revoked Google's enterprise certificate. Apple later said that the company had reinstated Facebook's certificate, and was working with Google to reinstate the certificate.) Google disables app that monitored iPhone usage in violation of Apple’s rules (https://www.theverge.com/2019/1/30/18204350/google-screenwise-app-ios-apple-violation) Apple just became the tech industry's de facto privacy cop (https://www.washingtonpost.com/news/powerpost/paloma/the-technology-202/2019/01/31/the-technology-202-apple-just-became-the-tech-industry-s-de-facto-privacy-cop/) Get 50% off Mac Premium Bundle X9, fully compatible with macOS Mojave, with the code PODCAST19. Download Intego Mac Premium Bundle X9 now at intego.com.

Photo Trash Talk with Dan Burkholder & Elmo Sapwater

In this August 2018 Episode :: Dan & Elmo Party Down! Micro Four-Thirds Turns 10 Years Old! In this celebrations they cover: Lensbaby’s New Sol Lens; Canon Powershot superzoom; Panasonic ZS70; Light L16; Leica Noctilux; Fujifilm X-Pro2; Selfie Deaths; Steganography and Theft using Images; Rumored full frame mirrorless cameras; and more!     *Note: May […]

The CyberWire
Coincheck cryptocurrency heist. ICO phishing. Jackpotting comes to America. Dridex and FriedEx. Transduction attack threat to IoT sensors. Jihadist steganography. Oversharing with Strava?

The CyberWire

Play Episode Listen Later Jan 29, 2018 14:20


In today's podcast, we hear that hackers have looted cryptocurrency exchange Coincheck to the tune of about $530 million. Experty's ICO speculators get phished by crooks. Jackpotting hits American ATMs. The Dridex banking Trojan apparently has a ransomware sibling: FriedEx. Transduction attacks could hit IoT sensors. Steganographic app "Muslim Crypt" is designed for jihadist communication. North Korea tells Britain to mind its own business about WannaCry. Zulfikar Ramzan from RSA with his perspective on Spectre and Meltdown. Strava fitness app reveals locations of user activity. 

Futility Closet
149-The North Pond Hermit

Futility Closet

Play Episode Listen Later Apr 10, 2017 29:30


Without any forethought or preparation, Christopher Knight walked into the Maine woods in 1986 and lived there in complete solitude for the next 27 years, subsisting on what he was able to steal from local cabins. In this week's episode of the Futility Closet podcast we'll tell the story of the North Pond hermit, one man's attempt to divorce himself completely from civilization. We'll also look for coded messages in crosswords and puzzle over an ineffective snake. Intro: Disneyland's Matterhorn contains a basketball goal. Two tombstones in the Netherlands "hold hands" across a cemetery wall. Sources for our feature on the North Pond hermit: Michael Finkel, "Into the Woods: How One Man Survived Alone in the Wilderness for 27 Years," Guardian, March 15, 2017. Associated Press, "Christopher Knight: Inside the Maine Hermit's Lair," April 12, 2013. "Hermit Caught After 27 Years in Maine Woods," Guardian, April 11, 2013. Wikipedia, "Christopher Thomas Knight" (accessed April 6, 2017). Nathaniel Rich, "Lessons of the Hermit," Atlantic, April 2017. Michael Finkel, "The 27-Year Hunt for Maine's North Pond Hermit," Toronto Star, March 26, 2017. Betty Adams, "'North Pond Hermit' Knight Balks at Paying Costs Related to His Remote Campsite," Kennebec Journal, April 26, 2016. Craig Crosby, "After 27 Years of Burglaries, 'North Pond Hermit' Is Arrested," Kennebec Journal, April 9, 2013. Brian MacQuarrie, "In Rural Maine, a Life of Solitude and Larceny," Boston Globe, May 26, 2013. Michael Finkel, "The Strange & Curious Tale of the Last True Hermit," GQ, Aug. 4, 2014. Leonard Dawe and the D-Day crosswords: Michelle Arnot, Four-Letter Words: And Other Secrets of a Crossword Insider, 2008. Nicholas Lezard, "One Hundred Years of Solvitude," Independent, Dec. 16, 2013. Michael E. Haskew, "In Spite of All the Preparation, D-Day Remained a Gamble," World War II 16:2 (July 2001), 6. R. Murray Hayes, "A Beach Too Far: The Dieppe Raid," Sea Classics 44:4 (April 2011), 18-22, 24-25. George J. Church and Arthur White, "Overpaid, Oversexed, Over Here," Time 123:22 (May 28, 1984), 45. Val Gilbert, "D-Day Crosswords Are Still a Few Clues Short of a Solution," Telegraph, May 3, 2004. Tom Rowley, "Who Put Secret D-Day Clues in the 'Telegraph' Crossword?", Telegraph, April 27, 2014. Fred Wrixon, Codes, Ciphers, and Secret Languages, 1989. Gregory Kipper, Investigator's Guide to Steganography, 2003. This week's lateral thinking puzzle was contributed by listener Dave Lawrence. You can listen using the player above, download this episode directly, or subscribe on iTunes or Google Play Music or via the RSS feed at http://feedpress.me/futilitycloset. Please consider becoming a patron of Futility Closet -- on our Patreon page you can pledge any amount per episode, and we've set up some rewards to help thank you for your support. You can also make a one-time donation on the Support Us page of the Futility Closet website. Many thanks to Doug Ross for the music in this episode. If you have any questions or comments you can reach us at podcast@futilitycloset.com. Thanks for listening!

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Malware Uses NTP to Prevent Reverse Analsys https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/ PwC ACE Tool For SAP Introduces Security Vulnerability into SAP http://seclists.org/fulldisclosure/2016/Dec/33 Steganography Used to Hide Exploits in Images https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/ Netgear R7000 and R6400 Aribtrary Command Execution http://www.kb.cert.org/vuls/id/582384 Holiday Hack Challenge https://holidayhackchallenge.com

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Malware Uses NTP to Prevent Reverse Analsys https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/ PwC ACE Tool For SAP Introduces Security Vulnerability into SAP http://seclists.org/fulldisclosure/2016/Dec/33 Steganography Used to Hide Exploits in Images https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/ Netgear R7000 and R6400 Aribtrary Command Execution http://www.kb.cert.org/vuls/id/582384 Holiday Hack Challenge https://holidayhackchallenge.com

The CyberWire
Daily: Ransomware updates. IP camera vulnerabilities. Steganography makes a comeback. Controlling content, with or without Internet autarky. Zo replaces Tay? 

The CyberWire

Play Episode Listen Later Dec 7, 2016 15:31


In today's podcast, we hear that more network security cameras have been found vulnerable to bot-herding. Sony's are patched, so patch. Unpatched Flash bugs incorporated into exploit kits. New ransomware strains are out. Russia announces a new national Internet strategy as Canada and the EU grapple with the complexity and ambivalence of controlling extremist content. Steganography is back, alas, and in your banner ads. Dr. Charles Clancy from VA Tech’s Hume Center explains the challenges of developing security solutions that can function in both the federal and commercial realms. Ebba Blitz from Alertsec hasthe results of a survey on what Americans fear most when it comes to cyber security. And Tay's kid sister Zo makes her debut.

Inside Out Security
Making Security Great Again!

Inside Out Security

Play Episode Listen Later Nov 4, 2016 18:50


Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”. In this episode of the Inside Out Security Show panel – Cindy Ng, Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie Rose show, the brilliant but evil use of steganography (the practice of concealing a file, message, image, or video within another file, message, image, or video), and the dark market for malware hidden in underground forums. For a taste of the podcast, here are a few data security ideas and quotes from our panelists. Insider Threat. According to Keyser, an insider attack might not necessarily be the fault of employees. It could be that a hacker obtained their credentials—by guessing or pass-the-hash-- and the attack was executed under their name. So don’t make an employee the ‘fall guy’ for what was really an outsider. Blame IT instead. Kidding! Steganography. On hackers hiding credit card information on images, Keyser says, “It’s reminiscent of the skimmer attack, you might find on an ATM or a card reader at shop you go to, but it’s applying that same concept to data, the nonphysical world.” Like the rest of us, Englert was fascinated by the use of steganography. Englert says, “It’s always been kind of an interesting concept that I played with just for fun, but to see this used as an exfilitration method, it’s terrifying and it’s also brilliant. Having the website serve up the information you’re stealing, publicly, hidden in image files, it’s such a great way to get data out.” What will hackers think up next? Underground Forums. Englert thinks these underground sites are fulfilling a market need. He says, “Why not be enterprising? Makes sense from a business perspective. It’s not moral, but a way to make money.” Hackers are certainly displaying an entrepreneurial spirit. Thinking Like a Hacker With DDos attacks on the rise – up 125% in 2016-- Buckbee shares what he learned from Marek Majkowski’s presentation, “Are DDoS attacks a threat to the decentralized internet?” A united Internet makes us strong, and with a divided one we may fall. A Tool for Sysadmins Mosh (mobile shell) is a remote terminal application that supports intermittent connectivity, allows roaming, and speculatively and safely echoes user keystrokes for better interactive response over high-latency paths.

Futility Closet
116-Notes and Queries

Futility Closet

Play Episode Listen Later Aug 8, 2016 31:10


In this week's episode of the Futility Closet podcast we'll explore some curiosities and unanswered questions from Greg's research, including the love affair that inspired the Rolls Royce hood ornament, a long-distance dancer, Otto von Bismarck's dogs, and a craftily plotted Spanish prison break. We'll also run after James Earl Ray and puzzle over an unsociable jockey. Intro: Workers constructing Washington's Grand Coulee Dam in 1942 fed a cable through a 500-foot drain by tying a string to an alley cat's tail. A 2001 earthquake in Olympia, Wash., drew a graceful rose with a sand-tracing pendulum. Sources for this week's feature: The best source I can find regarding the origins of the Rolls Royce hood ornament is this Telegraph article from 2008, in which Montagu's son says, "My father and Eleanor shared a great passion. It was a grand love affair - perhaps even the love of his life. All this happened before my father met my mother. But I understand my father's first wife knew about the mistress. She was very tolerant of her and they got on very well." But this quote is given in the service of promoting a film about the affair, which makes it less objective than I'd like. (Paul Tritton of the Rolls-Royce Owners' Club of Australia disputes the story here.) Alexandre Dumas' habit of eating an apple every morning beneath the Arc de Triomphe is described in this New York Times article, among many other modern sources. The earliest mention I can find is a 1911 article in the Dietetic and Hygienic Gazette, attributing the intervention to Hungarian physician David Gruby. I've confirmed that Gruby served as a physician to Dumas (père et fils), but I can't find anything about an apple. The incidents of the Savoy Hotel cloakroom and the Travellers Club suicide are both described in N.T.P. Murphy's A Wodehouse Handbook (2013). The suicide rule is mentioned at the end of this Telegraph article, which gives me hope that it's true, but I can't find anything more comprehensive. The story of the Providence United Methodist Church is told in both Randy Cerveny's Freaks of the Storm (2005) and Rick Schwartz's Hurricanes and the Middle Atlantic States (2007). Snopes says it's "mostly true." In Constable's Clouds, published by the National Galleries of Scotland 2000, Edward Morris writes, "It is this moment of early morning light -- and what has been described as 'the atmosphere of stillness tinged with expectancy' -- that Constable translates into the finished canvas." Judith Collins mentions Joseph Beuys' responsibility for snow in her introduction to Andy Goldsworthy's Midsummer Snowballs (2001). Reader Olga Izakson found the description of Tiras, Otto von Bismarck's “dog of the empire,” in Robert K. Massie's Dreadnought (1991). A few further links. The role of Esperanto in the planning of the 1938 San Cristobál prison break is described (I think) here. In 1600 William Kemp published a pamphlet chronicling his 1599 morris dance to Norwich, Kemps Nine Daies Wonder, to quiet doubters. The allegation that Margaret Thatcher ordered the identities of British government employees to be encoded in the word spacing of their documents appears in Gregory Kipper's Investigator's Guide to Steganography (2003). I've found it in other technical documents, but these tend to cite one another rather than an authoritative source. Listener mail: Madison Kahn, "60 Hours of Hell: The Story of the Barkley Marathons," Outside, May 8, 2013. Wikipedia, "Barkley Marathons" (accessed Aug. 6, 2016). Wikipedia, "Kaihogyo," (accessed Aug. 6, 2016). Adharanand Finn, "What I Learned When I Met the Monk Who Ran 1,000 Marathons," Guardian, March 31, 2015. Associated Press, "Japanese Monks Endure With a Vow of Patience," June 10, 2007. Here's a corroborating link for this week's lateral thinking puzzle (warning: spoiler). You can listen using the player above, download this episode directly, or subscribe on iTunes or Google Play Music or via the RSS feed at http://feedpress.me/futilitycloset. Please consider becoming a patron of Futility Closet -- on our Patreon page you can pledge any amount per episode, and all contributions are greatly appreciated. You can change or cancel your pledge at any time, and we've set up some rewards to help thank you for your support. You can also make a one-time donation on the Support Us page of the Futility Closet website. Many thanks to Doug Ross for the music in this episode. If you have any questions or comments you can reach us at podcast@futilitycloset.com. Thanks for listening!

TechStuff
How Steganography Works

TechStuff

Play Episode Listen Later Apr 15, 2015 74:28


How can you hide a message so that no one knows you're even communicating? Use steganography! Ariel Kasten joins the show to talk about the art of hiding messages. Learn more about your ad-choices at https://news.iheart.com/podcast-advertisers

DEF CON 22 [Materials] Speeches from the Hacker Convention.
Paul Drapeau and Brent Dukes - Steganography in Commonly Used HF Radio Protocols

DEF CON 22 [Materials] Speeches from the Hacker Convention.

Play Episode Listen Later Dec 13, 2014


Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Drapeau-Dukes/DEFCON-22-Drapeau-Dukes-Steganography-in-Commonly-Used-HF-Radio-Protocols-UPDATED.pdf Additional Extra Materials are available here: https://defcon.org/images/defcon-22/dc-22-presentations/Drapeau-Dukes/Paul%20Drapeau%20and%20Brent%20Dukes%20-%20Extras.zip Steganography in Commonly Used HF Radio Protocols Paul Drapeau PRINCIPAL SECURITY RESEARCHER, CONFER TECHNOLOGIES INC. Brent Dukes Imagine having the capability to covertly send messages to an individual or a larger audience, without the need for large centralized infrastructure where your message could be observed, intercepted, or tampered with by oppressive governments or other third parties. We will discuss the opportunities and challenges with steganography implementations in widely used amateur radio digital modes, and present a proof of concept implementation of hiding messages within innocuous transmissions using the JT65 protocol. This technique could theoretically be used to implement a low cost, low infrastructure, covert, world wide short message broadcasting or point to point protocol. No messages in codes or ciphers intended to obscure the meaning thereof were actually transmitted over the amateur bands during the creation of this talk. Paul Drapeau is currently the Principal Security Researcher for Confer Technologies Inc. He has held senior level IT security roles and consulted on information security topics for various organizations for over 15 years. Paul has a bachelor's degree in computer science from the University of Rhode Island and has been licensed as an amateur radio operator since 1986. Brent Dukes has a decade of experience working in software and systems engineering roles. He spends his nights tied to various hardware hacking projects sitting in pieces all over his lab, and participating in CTFs. His idea of fun is reverse engineering and modifying toys and consumer electronics for the purposes of good. Brent has been a licensed amateur radio operator since 2006. Paul Drapeau - Twitter: @pdogg77 Brent Dukes - Twitter: @TheDukeZip

CERIAS Security Seminar Podcast
Jarek Duda, New possibilities of steganography based on Kuznetsov-Tsybakov problem

CERIAS Security Seminar Podcast

Play Episode Listen Later Aug 21, 2013 43:28


To hide information within a picture we usually replace the least significant bits. This approach is no longer available if there is only 1 bit/pixel like for Quick Response Codes we meet everyday now. I will talk about theoretical limitation and practical aspects of hiding information in such situations: by generating encoding sequences fulfilling given constraints, for example to enforce resemblance to given picture (grayness of pixel defines probability of using "1" there). If the receiver would know the constraints/picture, we could just use entropy coder for this purpose, but we would like to omit this requirement here. In Kuznetsov-Tsybakov problem only the sender knows simple constraints, but it turns out that we can approach the same channel capacity as if both sides would know them. I will talk about generalizations to statistical constraints and applications for example to picture codes, steganography or lossy compression. About the speaker: Jaroslaw Duda has received MSc in Computer Science, Mathematics and Physics, and PhD in Computer Science and Physics from Jagiellonian University in Cracow, Poland. His main interest is information theory, both directly applied in computer science and as an integral part of different fields of science. He is currently a Postdoctoral Researcher in the Center for Science of Information and the Computer Science Department at Purdue University, USA, working with W. Szpankowski.

CERIAS Security Seminar Podcast
Jarek Duda, "New possibilities of steganography based on Kuznetsov-Tsybakov problem"

CERIAS Security Seminar Podcast

Play Episode Listen Later Aug 21, 2013


To hide information within a picture we usually replace the least significant bits. This approach is no longer available if there is only 1 bit/pixel like for Quick Response Codes we meet everyday now. I will talk about theoretical limitation and practical aspects of hiding information in such situations: by generating encoding sequences fulfilling given constraints, for example to enforce resemblance to given picture (grayness of pixel defines probability of using "1" there). If the receiver would know the constraints/picture, we could just use entropy coder for this purpose, but we would like to omit this requirement here. In Kuznetsov-Tsybakov problem only the sender knows simple constraints, but it turns out that we can approach the same channel capacity as if both sides would know them. I will talk about generalizations to statistical constraints and applications for example to picture codes, steganography or lossy compression.

Introduction to Programming in Java
November 30, 2012 Lecture

Introduction to Programming in Java

Play Episode Listen Later Jul 27, 2012 67:39


Steganography and other topics.

Computing Now's News Podcast
Steganography Approach Hides Messages in IP Phone Calls

Computing Now's News Podcast

Play Episode Listen Later Jul 24, 2012 2:51


Scientists have developed a way to hide data within voice-over-IP packets, enabling people to secretly send information to others while having a normal phone conversation.

Computing Now's News Podcast
Steganography Development Offers Promise

Computing Now's News Podcast

Play Episode Listen Later Jul 9, 2010 3:53


Researchers have developed a new approach to steganography that could conceal information on CDs in a way that makes it unreadable by conventional CD players but detectable by specially designed devices. Article link: http://doi.ieeecomputersociety.org/10.1109/MC.2010.178

CERIAS Security Seminar Podcast
John Oritz, John Oritz, SRA International

CERIAS Security Seminar Podcast

Play Episode Listen Later Nov 12, 2008 57:53


Steganography is a discipline of computer science whose aim is to conceal the existence of information. Steganography synergizes various technologies including data compression, digital signal processing, information theory, data networks, cryptography, coding theory, and the human audio and visual system. Strap on your seatbelt. I will present some key concepts of steganography, describe a number of basic and advanced spatial and transform domain techniques (with lots of pictures and sounds for the "attention-challenged"), and demonstrate these techniques using custom steganography software. The demonstrations include a Least Significant Bit (LSB) technique, High-Capacity Hiding in Jpegs, and time modulation in audio. About the speaker: John Ortiz is currently a senior computer engineering consultant for SRA International. In this position he researches information hiding techniques and steganography software, assesses the security and feasibility of advanced DoD security applications, examines and deobfuscates malware, and develops forensics tools. Prior to SRA, he spent 5 years at General Dynamics developing source code and network traffic analysis techniques and software.In a second role, Mr. Ortiz teaches a variety of computer science and electrical engineering courses at the University of Texas at San Antonio (UTSA). In particular, he developed and still teaches a Steganography course, which covers a broad spectrum of data hiding techniques in both the spatial and transform domains. For his course, Mr. Ortiz personally developed several steganographic programs for testing and analysis. Mr. Ortiz holds two master's degrees from the Air Force Institute of Technology, one in computer engineering and one in electrical engineering and a bachelor's degree in electrical engineering from Rose-Hulman Institute of Technology.

CERIAS Security Seminar Podcast
John Oritz, "John Oritz, SRA International"

CERIAS Security Seminar Podcast

Play Episode Listen Later Nov 12, 2008


Steganography is a discipline of computer science whose aim is to conceal the existence of information. Steganography synergizes various technologies including data compression, digital signal processing, information theory, data networks, cryptography, coding theory, and the human audio and visual system. Strap on your seatbelt. I will present some key concepts of steganography, describe a number of basic and advanced spatial and transform domain techniques (with lots of pictures and sounds for the “attention-challenged”), and demonstrate these techniques using custom steganography software. The demonstrations include a Least Significant Bit (LSB) technique, High-Capacity Hiding in Jpegs, and time modulation in audio.

Threat Monitor
Using steganography for securing data, not concealing it

Threat Monitor

Play Episode Listen Later Apr 5, 2007


Steganography is a useful technique for securely storing sensitivedata, but the difficulty in detecting its usage can create anopportunity for digital miscreants. Michael Cobb explains how toensure the practice isn't used maliciously.

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference
Russ Rogers: The Keys to the Kingdom: Understanding Covert Channels of Communication(English)

Black Hat Briefings, Japan 2004 [Audio] Presentations from the security conference

Play Episode Listen Later Oct 31, 2006 144:57


"Security professionals see the compromise of networked systems on a day to day basis. It's something they've come to expect. The blatant exploitation of operating systems, applications, and configurations is a common event and is taken into account by most security engineers. But a different type of security compromise threatens to crumble the underlying security of the modern organization. There are forms of communication that transfer sensitive data outside of organizations every day. Covert channels are used to move proprietary information in and out of commercial, private, and government entities on a daily basis. These covert channels include things such as Steganography, Covert network channels, Data File Header and Footer Appending, and Alternate Data Streams. Media to be covered include images, audio files, TCP covert channels, Word substitution mechanisms, the Windows file system and others. This presentation will show the attendees common means of covert communication by hiding information through multiple means. We'll also discuss the future of Covert Channels and how hidden information is becoming more and more difficult to detect. Detection of these forms of communication is trailing well behind the technology creating them, this presentation will discuss some of the newest concepts in utilizing Covert Channels and Steganography. Russ Rogers is the CEO of Security Horizon, a Colorado Springs based information security professional services firm and is a technology veteran with over 13 years of technology and information security experience. He has served in multiple technical and management information security positions that include Manager of Professional Services, Manager Security Support, Senior Security Consultant and Unix Systems Administrator. Mr. Rogers is a United States Air Force Veteran and has supported the National Security Agency and the Defense Information Systems Agency in both a military and contractor role. Russ is also an Arabic Linguist. He is a certified instructor for the National Security Agency's INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) courses. He holds his M.S. degree from the University of Maryland is also a Co-Founder of the Security Tribe (securitytribe.com), a security think tank and research organization."