programmers quotes

July 11, 2010

Steganography…

Filed under: z/OS & OS390 — Tags: , , , , , , , , , , , — Trevor Eddolls @ 5:29 am

I’ve been variously involved in securing mainframe data over many years. I’ve looked at encryption of data, External Security Managers (ESMs), certificates, and public key encryption at various times. I’ve only recently become aware of steganography and how that can be used to send covert information in plain sight!

Steganography means concealed (the “stegano” bit) writing (the “graphy” bit), and there was a book about it written in 1499 by Johannes Trithemius – although not published until 1606. Trithemius was Abbot of Sponheim, but, even so, the Catholic Church banned the three volumes of his book (called Steganographia) for almost 300 years. So that must give you a clue as to how difficult it would be to control the use of hidden messages by ordinary people – you and I really!

Here’s an example – this week’s shopping list:
Allspice, lemons, bananas, avocado, peanuts, strawberry, pomegranate, sweets, anchovies.

You’d look at that and think there’s nothing hidden in that list. Now look at it again:
ALlspice, lEmon, bAnana, aVocado, pEanuts, sTrawberry, pOmegranate, sWeets, aNchovies.

It says LEAVE TOWN. Obviously more complicated messages could be included if I had a longer shopping list – but you get the idea.
But there’s an even better and more modern method of steganography – and that’s using images. You can hide messages in the least significant bit in an image. I have hidden a message in the photo below. Can you read it?

Steganography

If you want to create your own hidden message, you can have a go at http://mozaiq.org/encrypt/. You can also read hidden messages by clicking on “tools” from the menu and “decrypt”.

The pixels in 24-bit images have their colour defined using three numbers. There’s one for red, one for green, and one for blue (RGB). Making a small change to a pixel alters its colour but not so much that the human eye will detect the change. These small changes can be combined to give the ASCII code for a letter – and those letters when put together give a word, a sentence, a complete hidden message. It would be completely plausible that the images in an innocent Web site could contain messages for banned organizations. Those pictures on the MI5 Web site could actually be coded messages to UK operatives (with Internet access) across the globe. But think how many other Web sites could contain coded messages – just who could those messages be for?

Almost any message that can be send – any picture, any digital message, any written or printed message – could contain a hidden message in it.

I’m not trying to make your paranoia worse, I just thought it might be worth checking those images, or reading every second character in a list (or third or fourth!), and making sure someone isn’t sending a message from your Web site that you don’t expect.

Sleep well!

July 4, 2010

What is fair?

Filed under: z/OS & OS390 — Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , — Trevor Eddolls @ 12:57 pm

Is it fair to treat all people equally? This isn’t the start of some philosophical discussion, just the starting point for this blog. So, if you agree, it’s not fair to treat all people equally (remember how the prodigal son was treated), then can it be fair to treat all organizations equally? And, if different organizations should be treated differently, who is to decide what is fair and what criteria they should use for deciding what’s fair?

Part of the answer is that these decisions are usually left to the courts. And so, Neon Enterprise Software, which is currently embroiled in a legal dispute with IBM in the US courts, is filing a complaint with the European Commission alleging “ongoing anti-competitive and abusive conduct” by IBM.

Neon originally filed a lawsuit in December 2009 accusing IBM of intimidating potential customers away from its zPrime software. zPrime, as you’ll recall, allowed businesses to run workloads on specialty processors (zIIP and zAAP) – giving money to NEON. That saved organizations running those workloads on their central processors and the associated usage charges – money that would have gone to IBM. In January, IBM filed a countersuit against Neon, suggesting an attempt to hijack IBM’s intellectual property. They suggested it was like stealing cable TV.

The European Commission is already familiar with anti-IBM cases. T3 Technologies, which was a clone mainframe distributor, has filed a complaint in Europe. And TurboHercules, with its commercial version of the open source Hercules mainframe emulator, has similarly filed a complaint. Microsoft faced the EU from about 2003 to 2009 – you may remember suddenly having a choice of browsers being made available on your PC.

So is IBM acting fairly? Are these other organizations being fair? We’ll wait and see what the courts say, but I wonder what you think?

Interestingly this week NEON offered zPrime for IMS for just 1 dollar to customers. You can find the announcement at www.neon.com/neon/news_070110_1.shtm.

On a completely different note, IBM has a new White Paper entitled “Enterprise and Web 2.0 Application Support in a Modern Mainframe Environment”. It can be found at http://images.tmcnet.com/tmc/whitepapers/documents/whitepapers/2010/2629-enterprise-web-20-application-support-from-ibm.pdf. It discusses how IBM WebSphere Portal allows mainframers to make applications available on the Web.

IBM WebSphere Portal Enable for IBM z/OS leverages z/OS resources (eg RACF and z/OS Workload Manager technology) and the White Paper discusses how to add Web-facing workloads. By using WebSphere Portal, organizations provide added value to their customers and employees while at the same time enjoying the advantages of mainframe performance, scalability, and quality of service.

Older Posts »