Digital Watermark

Digital Watermarking describes methods and technologies that hide information, for example a number or text, in digital media, such as images, video or audio. The embedding takes place by manipulating the content of the digital data, which means the information is not embedded in the frame around the data. The hiding process has to be such that the modifications of the media are imperceptible. For images this means that the modifications of the pixel values have to be invisible. Furthermore, the watermark must be either robust or fragile, depending on the application.

By "robust" we mean the capability of the watermark to resist manipulations of the media, such as lossy compression (where compressing data and then decompressing it retrieves data that may well be different from the original, but is close enough to be useful in some way), scaling, and cropping, just to enumerate some. In some cases the watermark may need to be fragile. "Fragile" means that the watermark should not resist tampering, or would resist only up to a certain, predetermined extent.
The first applications that came to mind were related to copyright protection of digital media. In the past duplicating art work was quite complicated and required a high level of expertise for the counterfeit to look like the original. However, in the digital world this is not true. Now it is possible for almost anyone to duplicate or manipulate digital data and not lose data quality. Similar to the process when artists creatively signed their paintings with a brush to claim copyrights, artists of today can watermark their work by hiding their name within the image. Hence, the embedded watermark permits identification of the owner of the work. It is clear that this concept is also applicable to other media such as digital video and audio. Currently the unauthorized distribution of digital audio over the Internet in the MP3 format is a big problem. In this scenario digital watermarking may be useful to set up controlled audio distribution and to provide efficient means for copyright protection, usually in collaboration with international registration bodies.

There are a number of possible applications for digital watermarking technologies and this number is increasing rapidly. For example, in the field of data security, watermarks may be used for certification, authentication, and conditional access. Certification is an important issue for official documents, such as identity cards or passports.

Digital watermarking permits linking information on documents. That means that key information is written twice on the document. For instance, the name of a passport owner is normally printed in clear text. But it would also be hidden as an invisible watermark in the passport photo. If anyone tries to tamper with the passport by replacing the photo it would be possible to detect the change by scanning the passport and verifying the name hidden in the photo.

Another application is the authentication of image content. The goal of this application is to detect any alterations and modifications in an image.
Digital watermarks can also be adapted to mark white paper with the goal of authenticating the originator, verify the authenticity of the document content, or to date the document. Such applications are especially of interest for official documents, such as contracts. For example, the digital watermark can be used to embed the name of the lawyer or important information such as key monetary amounts. In the event of a dispute, the digital watermark is then read allowing authentication of key information in the contract. AlpVision developed genuine process to invisibly mark white blank paper with normal and visible ink. This patented technology is now known as Cryptoglyph.

Beside applications in the fields of copyright protection, authentication and security, digital watermarks can also serve as invisible labels and content links. For example, photo development laboratories may insert a watermark into the picture to link the print to its negative. This way is very simple to find the negative for a given print. All one has to do is scan the print and extracted the information about the negative. In a completely different scenario digital watermarks may be used as a geometrical reference which may be useful for programs such as optical character recognition (OCR) software. The embedded calibration watermark may improve the detection reliability of the OCR software since it allows the determination of translation, rotation, and scaling.

Hackers of Different Shades

There are many widely held perceptions when it comes to hackers today. Those perceptions mostly evolve around people identifying hackers with a specific color, and that very color denotes their overall posture. By posture I mean are they benevolent, are their ethics questionable at times, or are they outright malicious? Well with the popularization of the internet has come a tidal wave of publicity about it. That has come in the form of many articles from the print media and movies from Hollywood. What this media attention has resulted in, is an often times distorted reality. I sit and constantly shake my head when I read articles in my local paper about hackers and their exploits. More often then not the paper’s writer has his or her facts quite wrong. With this confusing information in mind I shall try to dispel some myths about the various types of hackers that travel the Internet today.

Of all the various types of hackers out there today the one that is oddly enough not written about very much is what’s called the “white hat” hacker. One could likely infer from the color assigned, white in this case, that this hacker is benign in nature. Well you would be correct in assuming that, for much as the color white infers purity, the white hat hacker has excellent ethics. What do ethics really mean to a hacker though? For most of us an example of ethics would be in turning in a wallet that is found, with the money, and credit cards intact. Thing is though a hacker plies their trade on the internet, and not really the physical world as such. To illustrate my point I shall describe a scenario in which a white hat hackers ethics can be highlighted.

It bears mentioning at this point that in the purest sense of the word a hacker is someone who enjoys tinkering with things. Whether that be a program or a piece of hardware, it all comes down to a mindset. The hacker just wants to explore things, and likely make it work in ways it was never meant to. For example our white hat hacker has a keen interest in computer programming, as most hackers do. Our white hat decides to take a newly released program and disassemble it. During the disassembly of the program, and over the course of days or weeks the white hat finds a flaw. When I refer to flaw I mean that the white hat has found a piece of code in the program that was not properly written. This lack of proper programming has led the white hat to identify this flaw as a place that they can overflow ie: buffer overflow.

Well this is where the ethics part of it now enters for our white hat hacker. What do they do with this newly discovered flaw in say a popular FTP server? It is very much akin to the earlier mentioned example of finding a wallet full of money and credit cards. For our white hat hacker the decision is a very simple one actually. They contact the vendor of the program in question, and detail their findings to them. What they don’t do is go ahead and release to the masses via Bugtraq. To the white hat that would be very much irresponsible. Dealing with the vendor for a fix of the flawed FTP server is rather the chosen course of action. Though making such a splashy announcement would gain the white hat a lot of attention. They are more concerned with the security of the users who are presently using what is now a flawed program. This pretty much sums up an example of what a white hat hackers ethics are like. There are in actuality quite a few white hat hackers who thankfully represent some of the top computer security talent out there today.

Many of us have an ethical standard that will and can vary depending on the situation. Hackers are no different in that aspect. Grey hat hackers just like us are not outright malicious, however they can justify their means by their own personal brand of ethics. That is very much where the grey hat hacker resides. There has been a lot of press coverage lately over the Cisco mess at the recent Blackhat convention. This recent debacle is an excellent example of grey hat hacking. If you have just read the hyperlinked page you will now understand more of what happened there. Either way, all said and done, the researcher in question should not have disclosed that information. That being said he did, and there was an ensuing legal battle.

What is different between our grey hat and our white hat is the way they go about their business. Some software manufacturers explicitly forbid reverse engineering of their products. While this would deter the white it in all likelihood will not deter the grey hat. After all there has yet to be a definitive ruling to my knowledge from the Supreme Court in the US over this issue. Furthermore, if a flaw is found, how long should a security researcher wait before disclosing the issue to the public? Many large companies are well over the sixty day limit normally given for correcting programming flaws. For grey hats the answer will vary as they very much go by their own code of ethics, which can be very different from another grey hat. So what differences between white hats and grey hats have we so far? Well reverse engineering products which explicitly state not to for one, and secondly our grey hat will not wait forever for the vendor to issue a fix. These changes may not seem like much, but once again we are talking about grey hat hackers, and the many shades of grey that represent them.

Well much like the color black and white, which represent the extremes of the color spectrum, they also represent the polar opposites in regards to hackers. We are quite often seeing in the papers, or watching on the news of a new case of identity theft. That or hearing of a new database break in, which has compromised millions of peoples personal information. That would be the handiwork of our black hat hacker. Our black hat has no personal ethics standing in their way. Being a black hat hacker does not necessarily mean either that the person is one of great skill. With the millions upon millions of computers out there, it is not a difficult task to break into the poorly secured ones. Should you doubt this then think of how worms propagate. They do so through unsecured computers. What about credit card number theft, and all of the other online scams in existence today. Once again that would fall into the realm of the black hat hacker. They simply don’t care about the every day niceties of the normal world, and consequently wreak havoc in the online one.
Well as we can see various hackers and their associated colors do have differences. Being a hacker does not mean either that you are a programming juggernaut, but rather have a combination of qualities.

Encryption

There is a fine line between individual privacy and what your employer needs to know. Should schools be able to run background checks on teachers, to verify credentials and make sure they have to past history of child abuse or molestation? Certainly. Should your insurance company be able to consider your past medical history before selling you a policy? This is not as clear. Should you be able to remain completely anonymous online, without even the government able to identify you? This would protect, for example, a homosexual sailor who would like to keep his job in the Navy but stay in touch with a boyfriend (this actually happened and the sailor lost his job, see Don't Ask, Don't AOL, by Margie Wylie). But shouldn't the government be able to trace hackers who steal important financial information from consumers at Amazon.com?

The apparent solution to the lack of privacy on the internet is a technique known as encryption. Encryption is running data through filters. One filter scrambles the message, a second unscrambles it. Anyone who picks up the information in transit would (in theory) see nothing but garbled characters. (To experience what this is like, try opening an image file in a word processor). However, such encryption would also allow people to hide far more easily online. Many hackers can also run intercepted data through filters of their own and recover the information. Business moves far more slowly than the underground community of hackers.
In 1993, the government suggested that the government should hold a key to all encryption. This way, data could only be accessed by the receiving part (who would hold a 'key') or the government. This idea was called a Clipper chip. The Clipper chip used a mathematical formula known as the SLAPJACK algorithm. Proponents argued that the Clipper chip (also referred to as "key escrow", or, later, "key recovery") would thwart hackers and that wiretapping was often vital to convicting a criminal. Opponents argued that truly clever hackers would easily find their way around the Clipper's defenses and that the SLAPJACK algorithm used in the chip had flaws. (Seeman, Outline) The Clipper chip initiative was backed by the White House, the National Security Administration (NSA), and the Attorney General's office and has been revised several times since it's advent. (EPIC, The Clipper Chip) The Commerce department shifted the focus of the Clipper to comply with European regulations and many companies expressed frustration with the Clipper initiative. The limits placed by the government on encryption levels (56-bit) have been proved ineffective and in March, 1998, internal government files were discovered by EPIC that admitted that "key recovery" was expensive and impractical (CDT, Cryptography Headlines).

In more recent events, Congress is reviewing the Security and Freedom through Encryption (SAFE) Act [full text], introduced in late February by Representatives Bob Goodlatte (R-VA) and Rep. Zoe Lofgren (D-CA). The SAFE Act ensures that US citizens may use any form of encryption, anywhere, denies the government the right to "key recovery", and creates penalties for using encryption to cover a crime, among other things. (CDT, SAFE HR 850). The House vote on SAFE will take place in September.

The Online Privacy Alliance, made up of prominent companies in communications and technology like IBM, AOL, and Time Warner, is trying to help the internet industry self-regulate encryption and other privacy topics. This may be a step in the right direction - if industry and government can work together, encryption could be regulated but commonly used. Still, this leaves out individual consumers and others whose privacy is actually what is being debated. The Online Privacy Alliance suggests a caveat emptor approach - consumers should look for privacy policies and be careful where they post their information.

Privacy

Do you have a secret? Have you ever lied? Are there certain things you don't want your parents to know? How about your friends? How would you feel if in twenty years, in the midst of a successful career, someone told your boss that once, when you were 17, you tried some pot at a party. Or that you are gay or have AIDS. What if they got this information from an e-mail that you fully expected would not go beyond yourself and the recipient, but was intercepted and posted on a web page? That would be an unfair violation of your privacy.

While the Constitution does not literally guarantee your right to privacy, over the past 223-odd years the Supreme Court has granted privacy protections under, most notably, the Fifth Amendment's protection for self-incrimination and the Fourth Amendments protection from unreasonable search and seizure (Privacy Basics) Fair Information Practices have been loosely followed by government and industry. These are not laws - they are a set of industry ethics. A generic copy of these policies states that practices should be open, individuals maintain the right to know and see what data is being collected from them, data collection should be limited, specific, and secure, and that data collectors will be responsible for the use of the information.

To discuss online privacy, there are a couple basic definitions to take into account. I'm sure that no matter how little time you have spent online, you have been asked if you would like to accept a cookie, or told that a cookie has been sent. Well, of course, you think at first. Mmmmm....cookie. Unfortunately, cookies are neither quite that tangible nor delectable. A cookie is a piece of data that a web site collects about you when you visit (Cookie Central, Cookies). The data varies with the web site - a commercial web site will collect demographics (that is, sex, age, and other advertising information) to learn more about you, while an e-mail service may collect identifying or personal (name, mailing address) information to recognize you. Cookies allow a web site to be tailor made for you as long as you stay in that domain name or each time you visit. An CGI or JavaScript code in the beginning of the web page you visit instructs you browser to send certain information to a server. If you have ever checked a box saying "Remember My Password", you have set a cookie.

There are two aspects of privacy online. One is a need for protection for yourself. Online stalking has been a problem, with people harassing new 'friends' online and sometimes even threatening them, or confronting them in person. The second is a need to protect your data from strangers. This comes not from the fear of physical, but financial harm. The first is the fear of being mugged on the way down to the mail box, and the second is the fear of being mugged on the way back, while carrying your paycheck and credit card bill.

The Communication Decency Act (CDA, see also section How Obscene!: The Plot Thickens) stated that telecommunications, meaning the internet, e-mail, chat and chat programs (including IRC, AIM, and ICQ) should not be used to purposely harass or intimidate. You cannot e-mail bomb people. Also, under the law you must identify yourself. This part of the CDA was unaffected by the Supreme Court decision regarding obscenity clauses.

There are three levels of online privacy provided by systems administrators (admin), like the guy in the back room at school or AOL monitors. (Bowman, What Is Privacy?). The first is Complete Privacy. Here, the admin agrees not to read any of your e-mail or keep track of where you go on the web in any way. This obviously allows the most privacy, but often creates a liability to admins and Internet Service Providers (ISP). The second level is Almost Complete Privacy. Here admins will look at your e-mails and chats if they suspect any sort of illegal activity. The third level is No Privacy. Here admins are allowed to look at any email you send, whether the subject is "My Plan To Plunge The Internet Into Darkness" or "My Rave With Dave".

Your privacy is protected by some laws already. The Electronic Communcations Privacy Act, created in the late 70's in response to the Watergate scandal, already protects against interception of electronically transmitted messages as well as the privacy of information stored within a private computer system (Bowman, What Is The Electronic Communications Privacy Act ("ECPA")). But in March of 1992, the FBI suggested that all communications be designed so that law enforcement agents could tap into them from afar (Cranor, Digital Liberties). This would have made e-mail, the internet, chat rooms, and even ISPs vulnerable to be intercepted at any time. Opponents claimed that the first version of the bill gave the FBI privileges it had not been afforded in older wiretapping laws. The FBI worked with Senator Patrick Leahy (D-VT) and Representative Don Edwards (D-CA) to refine a new bill (Edwards/Leahy Digital Telephony Legislation (HR 4922/S 2375)), which was passed almost unanimously into law. ISPs were now exempt from the law. Some considered this a failure, but most agreed that the protection afforded to ISPs was a victory or at least a good compromise. However, this simply makes intercepting data illegal. It does not make it impossible.

A recent survey by the Georgetown Business School states that 93% of commercial internet sites collect some sort of data that may be used to identify your (this may be your home address, you e-mail address, name, etc.) and 57% collect demographics. Over one third of these sites did not post any information that they were collecting data and/or what it would be used for. The report concluded that only 10% of the commercial web sites that collected personal or demographic information followed fair information practices in respect to notice, choice, access, security and contact information. The Center for Democracy and Technology believes that "the study shows that definite progress has been made in making many more Web sites privacy sensitive. But those numbers also show that real fair information practices are incorporated by only a small number of sites and most sites have yet to embody more than minimum disclosure of their information practices."

Why am I force to create my own blog???

Wonder why am I are forced to create a blog for myself.. when I have already have two of my own? Don't really sense that I'm being force to do so. Instead sensed that I've got myself into troubles.. again.. for messing up with the lecturer? Luckily I do have a blog readily for submission. Cheerio!!

I-N-S-O-M-N-I-A

Shutting down my lappie and off to bed at twelve midnight sharp. Put on my sweater, hugged my pillow and closed my eyes. As the clock tickled, my mind still so fresh and alert. Yet, I was tossing in my bed, from this angle to the other angle, I still can't fall asleep. Still with my eyes closed tightly, counting the jumping sheeps in my heart trying to hypnotize myself to sleep, but to no avail. I still can't fall asleep. =( Fine, rather than tossing in the bed not sleeping, better get up to online. After few attempts to connect the broadband signal, I finally got through. Since I'm just finding ways to make myself sleepy, blogging was the one thing that I could think of at this moment. Glancing at the time at my lappie, it showed te minutes to five. Guess I just have to go back to bed and try to get some sleep before the morning class at nine. Yawning in sleepiness... Nitey nite ^^

Points to Ponder

Have you ever loved someone and they had absolutely no idea what-so-ever? Or fell for your best friend in the entire world, and then sat ’round & watched him/her fall for someone else?

Have you ever denied your feelings for someone b’coz your fear of rejection was too hard to handle? We tell lies when we are afraid… afraid of what we don't know, afraid of what others will think, afraid of what will be found out ’bout us. BUT everytime we we tell a lie, the thing we fear grows stronger.

Have you ever noticed that the worst way to miss someone is when they are right beside you & yet you can never have them… when the moment you can't feel them under your fingertips you miss them?

Have you ever wondered which hurts the most: saying something & wishing you had not, or saying nothing & wishing you had? I guess the MOST important things are the HARDEST things to say. Don't be afraid to tell someone you LUV him or her. If you do, they might break your heart… but if you dont, you might break theirs.

Have you ever decided not to become a couple b’coz you were so afraid of losing what you already had with that person? Your heart decides whom it likes & whom it doesn't. You can't tell your heart what to do. It does it on its own… when you least suspect it, or even when you dont want it to.

Have you ever wanted to LUV someone with everything you had, but that other person was too afraid to let you?

Too many of us stay walled b’coz we are too afraid to care too much… for fear that the other person does not care as much, or that all LIFE is all ’bout risks & it requires you to jump. Don't be a person who has to look back & wonder what they would have, or could have had.

No one waits forever…
When the tears just wont *
Stop falling down *
I’ll be there *
So you see I’ll be there until the end *
This is a promise I can make *
If you ever need me *
Just give me a call & … *
I’ll be there… *
=) LUV, LAUGH & SMILE. Time is the BEST gift you’ll ever receive, don't take it for granted.