Computer Security - REVIEW: "Hiding in Plain Sight", Eric Cole

03-04-2004, 04:21 PM

BKHDPLST.RVW 20031205

"Hiding in Plain Sight", Eric Cole, 2003, 0-471-44449-9,
U$35.00/C$53.95/UK#24.50
%A Eric Cole
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2003
%G 0-471-44449-9
%I John Wiley & Sons, Inc.
%O U$35.00/C$53.95/UK#24.50 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 335 p. + CD-ROM
%T "Hiding in Plain Sight"

Part one explores the world of covert communication. Chapter one
suggests that covert communication is all around us, but weakens its
case by providing only fictional examples. The author also states
that he has detected huge numbers of files which contain embedded
steganographic materials. He doesn't seem to understand that this
hurts his argument: what good is steganography if you can detect its
effects? There is a confused and incomplete introduction to
cryptography in chapter two. To be fair, it does make some good
practical points, such as the difference between an algorithm and an
implementation. The basics of steganography are provided in chapter
three but the explanations and examples may not make clear the
distinction between steganography and covert channels or codes. The
definition and illustration of digital watermarking, in chapter four,
does not present a rationale as to why the invisible marking data
cannot be removed. The example is confused and unconvincing.

Part two is supposed to take us into the hidden realm of
steganography. Chapter five outlines miscellaneous computer crimes
and intrusions with only the most tenuous ties to steganography,
fabricated by the author. A list of steganographic programs (almost
all of the insertion type) are provided without details in chapter
six. There are more examples of the same illustrations, a couple of
related programs, and some mislabelled figures (a graphical layout of
an IP header rather than the promised sniffer example) in chapter
seven. Cole uses an instance of hiding a virus with steganography,
but the dangers of inventing your own cases becomes evident: the
virus, as described, wouldn't work anymore.

Part three purports to show you how to make your own communications
secure. Chapter eight lists cryptanalytic and steganalytic
techniques, but does not delineate them well. A rehash of previous
ideas and weak examples substitutes for the strategy promised in
chapter nine: the main illustration has a complete failure of forward
secrecy. Chapter ten pledges that steganography will get better.

Although Cole is more entertaining than Katzenbeisser and Petitcolas
manage to be in their "Information Hiding Techniques for Steganography
and Digital Watermarking" (cf. BKIHTSDW.RVW), his information is
sketchy and suspect. In comparison, his work is little more than a
pamphlet.

copyright Robert M. Slade, 2003 BKHDPLST.RVW 20031205

--
======================

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-
or techbooks-

Rob Slade, doting grandpa of Ryan and Trevor

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
TheDigitalReview: DO YOU BELIEVE IN MIRACLES? - DVD REVIEW	Mike McGee	DVD Video	0	02-09-2004 08:15 PM
TheDigitalReview: WILLIAM GIBSON: NO MAPS FOR THESE TERRITORIES - DVD REVIEW	Mike McGee	DVD Video	0	12-08-2003 02:02 AM
TheDigitalReview: BABE SPECIAL EDITION - DVD REVIEW (User Review)	Mike McGee	DVD Video	0	12-04-2003 04:52 AM
TheDigitalReview: HUD - DVD REVIEW	Mike McGee	DVD Video	0	11-22-2003 10:34 AM
TheDigitalReview: THE JAMIE KENNEDY EXPERIMENT - COMPLETE FIRST SEASON - DVD REVIEW	Mike McGee	DVD Video	0	11-21-2003 12:07 PM

03-04-2004, 04:21 PM	#1
	REVIEW: "Hiding in Plain Sight", Eric Cole BKHDPLST.RVW 20031205 "Hiding in Plain Sight", Eric Cole, 2003, 0-471-44449-9, U$35.00/C$53.95/UK#24.50 %A Eric Cole %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2003 %G 0-471-44449-9 %I John Wiley & Sons, Inc. %O U$35.00/C$53.95/UK#24.50 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/AS...bsladesinterne http://www.amazon.co.uk/exec/obidos/...bsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20 %P 335 p. + CD-ROM %T "Hiding in Plain Sight" Part one explores the world of covert communication. Chapter one suggests that covert communication is all around us, but weakens its case by providing only fictional examples. The author also states that he has detected huge numbers of files which contain embedded steganographic materials. He doesn't seem to understand that this hurts his argument: what good is steganography if you can detect its effects? There is a confused and incomplete introduction to cryptography in chapter two. To be fair, it does make some good practical points, such as the difference between an algorithm and an implementation. The basics of steganography are provided in chapter three but the explanations and examples may not make clear the distinction between steganography and covert channels or codes. The definition and illustration of digital watermarking, in chapter four, does not present a rationale as to why the invisible marking data cannot be removed. The example is confused and unconvincing. Part two is supposed to take us into the hidden realm of steganography. Chapter five outlines miscellaneous computer crimes and intrusions with only the most tenuous ties to steganography, fabricated by the author. A list of steganographic programs (almost all of the insertion type) are provided without details in chapter six. There are more examples of the same illustrations, a couple of related programs, and some mislabelled figures (a graphical layout of an IP header rather than the promised sniffer example) in chapter seven. Cole uses an instance of hiding a virus with steganography, but the dangers of inventing your own cases becomes evident: the virus, as described, wouldn't work anymore. Part three purports to show you how to make your own communications secure. Chapter eight lists cryptanalytic and steganalytic techniques, but does not delineate them well. A rehash of previous ideas and weak examples substitutes for the strategy promised in chapter nine: the main illustration has a complete failure of forward secrecy. Chapter ten pledges that steganography will get better. Although Cole is more entertaining than Katzenbeisser and Petitcolas manage to be in their "Information Hiding Techniques for Steganography and Digital Watermarking" (cf. BKIHTSDW.RVW), his information is sketchy and suspect. In comparison, his work is little more than a pamphlet. copyright Robert M. Slade, 2003 BKHDPLST.RVW 20031205 -- ====================== "If you do buy a computer, don't turn it on." - Richards' 2nd Law ============= for back issues: [Base URL] site http://victoria.tc.ca/techrev/ or mirror http://sun.soci.niu.edu/~rslade/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Security Educ.: [Base URL]comseced.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Security Educ.: http://groups.yahoo.com/group/comseced/ Review mailing list: send mail to techbooks- or techbooks- Rob Slade, doting grandpa of Ryan and Trevor