Hi Orna, First, I'd like to make sure I understand the question. I normally do it by rephrasing...
You have some human-readable, non-obfuscated plain text files you wish to write to a CD and take the CD outside of some secure location. You have 2 concerns: 1) Something else may be written onto the CD and taken outside of the secure location unnoticed. 2) Somehow a text file (with the right magic number, etc.) may be faked in such a way that it will be presented to a human reader as expected in a variety of tools (editors, pagers, etc.) but in fact will contain something else in addition to the expected information. In either case "something else" is not necessarily malicious, just something that is not supposed to be there. It is also not necessarily a lot of information - it is important, not large. If the above is correct then it looks to me like you have devoted some thought to concern #1 and somewhat less thought to concern #2. Let's have a quick look at some possibilities. I am sure more sophisticated attacks can be invented. Problem #2 sounds to me like textual steganography. If all you rely upon is a person reading the text verifying that the text is what it is intended to be start asking questions like: a) Will he/she be able to verify the original text including typos, punctuation, etc.? If not, subtle changes may be used to convey information. b) Will he/she be able to discover hidden whitespace, e.g., added to the ends of lines? Adding tabs and spaces (or not adding tabs and spaces) to ends of lines may be used to convey hidden information. One tool that does that is SNOW, http://www.darkside.com.au/snow/index.html, I am sure there are many others. c) Will he/she notice subtle changes in phrasing? Tools like TextHide (http://www.compris.com/TextHide/en/) may be used to hide information in plain sight while preserving the overall meaning of the text. Obviously, I assume here that malware can be created to introduce such changes into text files. This does not seem a big stretch of imagination in the light of the original machine being arbitrarily infected by assumption. I am sure there are other ideas that will be harder to protect against. Oh, obviously the references above are intended just as examples of some things that can be done, not as specific dangers/ As far as concern #1 goes you must not use your (presumably) infected machine to burn your CD. What if it indeed creates, e.g., an ISO9660-like FS that looks just like ISO9660 but has some extra hidden data? -- Oleg Goldshmidt | p...@goldshmidt.org _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
