鞈�閮���梯��撌亙�瑁�� Flickr 霈����蝺�銝�瑼�獢����隞賭葉敹�嚗�

The Digital Photography Weblog ��其��憭拙����箔��蝭������箝��鞈�閮���勗�踵����� Flickr ���������蝡�嚗����霈����隞�蝝嫣��鞈�閮���梯�� (Steganography) ������敺���文��������隞�撠望�������梯��閮���舀��銵�嚗�隞亙��雿����憒�雿���拍�典極��瑁��擃�撠�瑼�獢������� JPEG ������瑼�獢�鋆∩��敺����銝� Flickr嚗�隞仿����唳��獢����隞賜����桃�����

憒����������頞����閰衣��������嚗�擐������典��������敺� Sourceforge 銝�頛�銝���������� Steghide���撠�撌亙�瘀����亥����曆����������������舫�單��瑼�獢�嚗�撠勗�臭誑���憪���脰��瑼�獢���梯�����撌乩�������望�� Flickr ��� Pro 撣唾�����靘�鈭���⊿�����瑼�獢���脣��蝛粹��嚗����隢�銝� Flickr ���雿輻�刻��蝣箏祕��舀����航�賢�� Flickr 頧�霈����銝����撱���寧��銝�瑼�獢����隞賭葉敹����

The Original Source
Steganography with Flickr
Posted Jul 29, 2005, 3:36 PM ET by Keith McDuffee

I���ve recently purchased a Pro account over on Flickr. Since I���m moving to a new place in a few weeks, paranoia has set in over possibly losing all of my digital photos due to a dropped computer, lost backup DVDs and CDs, or simply stolen equipment. What���s great about Flickr is the sorting capabilities and, most importantly, unlimited storage. Surely they must have something in place to avoid taking too much advantage of that unlimitedness? Actually, it seems they don���t.

Steganography is a way of embedding just about any kind of file or data within another ���cover��� file, though not noticably altering the cover file���s content. Usually this embedded content is encrypted with a passphrase of some sort, only extractable via special programs. So should you embed a file within a JPEG image, for example, the casual observer would only see the image and perhaps only notice something odd due to the image���s file size.

I decided to give steganography a try on Flickr���s system, wondering if they somehow sensed altered images and stripped the extra or raised a red flag of some sort. Since I���m primarily a Linux user, I opted for the Steghide utility, though there are several freeware Windows applications available that do the same. Steghide allows you to embed any data within JPEG, BMP, WAV and AU files, encrypting, passwording and compressing the content if you wish.

After installing the program on my Fedora Core 4 system, the procedure was rather simple. I decided to use a nice B&W photo of my dog, Guinness, as the cover file (image links to Flickr location):



Next I picked a basic PDF file as the embedded document. I just picked a PDF job application form from my old school.

$ steghide embed -ef JobApp.pdf -cf guinness.jpg -p testing123 -sf guinness-steg.jpg
embedding ���JobApp.pdf��� in ���guinness.jpg���... done%
writing stego file ���guinness-steg.jpg���... done
$ ls -g
total 3416
-rw-r���r��� 1 admin 1709600 Jul 29 13:39 guinness.jpg
-rw-r���r��� 1 admin 1696487 Jul 29 14:25 guinness-steg.jpg
-rw-r���r��� 1 admin 73255 Jun 30 14:09 JobApp.pdf

As you can see, the compression did a pretty good job ��� the image containing the PDF is actually smaller than the original! Do they look any different? Nope.

Now let���s get some info on the file:

$ steghide info guinness-steg.jpg
���guinness-steg.jpg���:
format: jpeg
capacity: 104.6 KB
Try to get information about embedded data ? (y/n) y
Enter passphrase:
embedded file ���JobApp.pdf���:
size: 71.5 KB
encrypted: rijndael-128, cbc
compressed: yes

And to extract the embeded file:

$ steghide extract -sf guinness-steg.jpg -p testing123 -xf JobApp2.pdf
wrote extracted data to ���JobApp2.pdf���.
[keithm@daedalus]$ ls -g
total 3492
-rw-r���r��� 1 admin 1709600 Jul 29 13:39 guinness.jpg
-rw-r���r��� 1 admin 1696487 Jul 29 14:25 guinness-steg.jpg
-rw-r���r��� 1 admin 73255 Jul 29 14:30
rw-r���r��� 1 admin 73255 Jun 30 14:09 JobApp.pdf

I���ve tested uploading the ���guinness-steg.jpg��� to Flickr and then downloading it again, and the embedded PDF file stays intact. Check it for yourself.

So basically Flickr can be used as a personal off-site backup system for all of your documents, not just images. Steganographied images can be shared with Flickr friends to pass on documents or other files. Honestly, though, I feel Flickr is an amazing service that I���d rather not see abused and lead to limit Pro account sizes. I���d rather see them figure out a way to stop such a thing from being possible or else let it be known such a practice is OK or not in their eyes.