[17180] in cryptography@c2.net mail archive
RE: aid worker stego
daemon@ATHENA.MIT.EDU (Ben Nagy)
Tue Mar 29 23:02:16 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Ben Nagy" <ben@iagu.net>
To: "'Peter Fairbrother'" <zenadsl6186@zen.co.uk>,
<cryptography@metzdowd.com>
Date: Tue, 29 Mar 2005 16:04:05 +0200
In-Reply-To: <BE6EC620.974E1%zenadsl6186@zen.co.uk>
My response is totally off topic, but this stinks.
This is exactly why workers from reputable aid agencies operate under
pre-agreed legal status agreements with the country concerned. These
agreements cover, among other things, telecommunications infrastructure and
legal immunities. Aid agencies that _don't_ do that are part of the reason
why the more paranoid governments are reluctant to allow any foreign aid,
and I feel somewhat ashamed that people are apparently involved in looking
for ways to secretly transmit information without the knowledge and accord
of the host state.
Every aid worker operating in 'difficult' countries has potential issues
with how much they can communicate - both internally to their organisation
and externally, but to attempt to communicate in this fashion amounts, quite
simply (and probably in legal terms), to espionage.
I would suggest that you advise your correspondant to discontinue this line
of enquiry - for their own good and that of the aid community at large. "Not
getting caught" is a derivation of "the ends justify the means".
ben
> -----Original Message-----
> From: owner-cryptography@metzdowd.com
> [mailto:owner-cryptography@metzdowd.com] On Behalf Of Peter
> Fairbrother
> Sent: Tuesday, March 29, 2005 9:45 AM
> To: cryptography@metzdowd.com
> Subject: aid worker stego
>
> I've been asked to advise an aid worker about stego. Potential major
> government attacker.
>
> I don't think there is much danger of severe torture, but I
> don't think
> "innocent-until-proven-guilty" applies either, and suspicion should be
> minimised or avoided.
>
>
>
> I though about recommending Best/Drive -Crypt as they are supposedly
> general-purpose encryption programs which can also do
> encrypted containers
> which are undetectable, but I don't know if that's actually
> so, or which to
> choose.
>
> If he's using Windows will they clean up the temp and swap files?
>
>
>
> An alternative is a stego program to hide data in eg images.
> I don't know
> which are the better ones now available, can anyone advise?
>
> The other point is that the stego program itself will be
> visible on disk. Is
> there a small stego program that you could eg hide in an
> image and somehow
> bootstrap from something totally innocuous?
>
>
>
>
> Any other ideas?
>
>
> --
> Peter Fairbrother
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo@metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
