11 comments

[ 3.6 ms ] story [ 32.6 ms ] thread
(comment deleted)
Can someone edit the submission to say "steganography"?
I kind of like the idea of having a person typing encrypted strings REALLY FAST
Beyond an approach based on steganography and on obfuscating the traffic, re-using and extending the work developed to harden botnet command and control channels would seem a good model for robust communications.

If this re-use has not already been deployed.

For comparison, I recently released Plainsight, a textual steganography tool: http://github.com/rw/plainsight.

(Video link in the project desc.)

You mean all this time what I thought was spam was actually someone sending me encrypted messages?

Or, less humorously: this will turn your encrypted message from "suspicious" into "spam."

Yes. Making your data look like the haystack.
This reminds me of blue boxing; the initial decoy https connection is the equivalent of dialing an 800 number, during which the switch is commandeered with the proper tones and the hacker can dial out to wherever he wants. to the telco it looks like he just made a 3 hour call to an 800.
That depends on HTTPS not being somehow blocked, impeded or stripped. Is this a good enough assumption? (Honestly curious.)