Hide data in files with easy steganography tools

Remember those invisible ink kits from when you were a kid? You'd write a secret message that no one could see unless they had a black light or the decoder marker. The digital equivalent of invisible ink issteganography software, apps that embed files and data inside other files, hidden from everyone who doesn't know any better.

You don't have to be a trained spy plotting international espionage to put steganography to good use. With some free tools for both the Mac and PC, you can embed secret information in image, PDF, HTML and MP3 files for fun or profit.

Why stego?

Unlike encryption, which obscures data in such a way that it's obvious someone's keeping something from listeners-in (and therefore heightens interest in that info), stego techniques offer no hint to the outsider that there's any private data contained within the visible file. Like hiding your valuables from burglars in an empty cereal box in your kitchen cabinet, steganography keeps the existence of the secret item from everyone but those in the know.

In fact, right here in this Lifehacker logo image, there's a message hidden for you:

Full size

Here's how to go about decoding it.

Hide in Picture (Windows)

The free Hide in Picture (Windows only) embeds files into GIF or BMP images, and lets you set a password to retrieve the hidden file. The Hide in Picture interface is barebones, as you can see:

Full size

Use Hide in Picture to decode the message hidden in the image above. (Hint: the password is lhacker.)

Other free Windows tools offer more filetype support. wbStego can encode and decode files in PDF's, HTML files or bitmaps. mp3stegoembeds text inside MP3 files (command lineand GUI interface available.) Here are more Windows stego software options [viaWebby's World]. Be warned: while all of these tools work, none of them will win awards for being good-looking.

Pict Encrypt (Mac)

Similarly, the free Pict Encrypt (Mac only, thanks, Mirko!) adds text to GIF, JPEG, TIFF, PNG and MacPICT images, locks it with a password, and saves the file with hidden data as a PICT file. Its interface is a simple, barebones wizard that leads you through the encrypt and decrypt process. One difference between Pict Encrypt and Hide in Picture is that you don't embed another file; you actually enter your secret text into the Pict Encrypt wizard, as shown.

Full size

Pict Encrypt's text editor is pretty low level; some text navigation keys like Cmd-right arrow don't work, so be prepared.

Command line - cat your gif and zip

Finally, for those of you comfortable on the command line, reader Jason H. writes in with a nifty stego trick using built-in tools. The premise of this technique is to append a .zip file to the end of a .gif file, resulting in a file which is readable by both .gif programs and .zip programs.

Jason explains why this works (with the help, he says, from a long-lost thread at Something Awful):

It works because .gif files keep all of their information in the headers, while .zip files keep them in the footer. Since that's the case, .gif viewers read from the front of the file, while .zip readers read from the end.

Here's how to combine your .gif and .zip. At the Windows prompt use this command:

copy /B source.gif+source.zip target.gif

Or in Linux/Mac:

cat somefile.zip >> somefile.gif

The problem with this method is that not all zip programs can extract the resulting file. When I tried, both 7-Zip and Windows built-in extraction failed, but WinRAR handled it just fine. Still, that's something the intended recipient should know.

For double super-duper security, password the zip file that you hide inside the image. WinRAR and 7-Zip both let you add passwords to a zip archive.

Uses for stego

So now that you know how to hide files in files, why would you do it? Here are a few uses for stego:

• You suspect someone's illegally distributing your copyrighted PDF's or images, so you add hidden copyright information in them using stego tools to double-check.
• You want to exchange information like passwords or sensitive images over an insecure transmission protocol, like email.
• You want to embed secret files available only to a select few in a public forum.
• You want to impress your friends and co-workers with your sneaky ways.

Source : Lifehacker

How to Hide a Secret Code in an Audio File

If you've heard about the recent viral stunt put on the web site for the latest Batman film, you know it's possible to hide codes in an audio file. But did you know it's actually really easy to do? Here's how.

To encode, you're going to need Coagula(Windows-only), and to decode you'll needSonic Visualizer (Windows/Mac OS X/Linux). You can watch the video above for a visual walkthrough, but here are the steps you need to follow:

1. Create an image you want to encode. White text on a black background works well, and it helps to have a small image without too much empty space. Save it out as a JPEG or BMP.
2. Open the image in Coagula and click the setting for "Render Image as Audio Without Blue/Noise." Be sure to choose this option as the other rendering option will not work.
3. When you're done a new audio file entitled "Coagula.wav" will be in the same folder as the Coagula application. You can either go grab that file or you can save it out to a location of your choice by choosing "Save Audio File" as from the file menu. That's it. Message encoded!
4. To decode the message, open it in Sonic Visualizer. You'll see the audio spectrum but not the message. To view the message, go to the Layout menu and choose "Add Spectrogram" (any of the options in the submenu should be fine). You may need to adjust the way you're viewing it, but you should now be able to see your hidden message.

Pretty cool! For more neat ways to hide secret messages in your files, check out our steganography guide.

P.S. If you know any cross-platform tools for encoding the image as an audio file, please let us know in the comments.

Source : Lifehacker

Use Virtual Credit Card Numbers to Shop Safely Online, Keeping in Mind the Downsides

Virtual credit card numbers (or single-use credit cards) offer a layer of protection when shopping online, but many people aren't aware of these services and not all banks offer them. Here are a few tips on safely using a virtual credit card number.

We've mentioned virtual credit cards before as a way of thwarting identity thieves, but since then, a few programs like PayPal have shut down their service. Bank of America, Citibank, andDiscover remain the major US institutions that offer virtual numbers, through a company calledOrbiscom (you may find smaller or international financial institutions that offer virtual numbers from the company's clients list or from this Slashdot thread).

All of these services are designed to protect your real account number from identity thieves by generating a virtual one—usually with a dollar amount and timeframe you set yourself, for those cases when you buy things online from an unfamiliar website or want to set a spending limit. In Bank of America's ShopSafe program, for example, you can set the maximum spending amount to $1 and the virtual number to only be valid for 2 months.

This offers peace of mind and may also help prevent recurring or unwanted charges (I use a ShopSafe virtual card for my iTunes account to help prevent surprise charges from too many toddler app downloads). DailyFinance, however, warns that using a virtual card number comes with some downsides or risks:

• Virtual card numbers can't be used when you need to show a physical card as proof, such as at the car rental or to pick up tickets at a theater.
• It isn't 100% foolproof: some transactions over the maximum spending limit or the expiration date might still go through.

Definitely pay close attention to your credit card statements, whether you use a virtual credit card number or not, especially when shopping online.

Source : LifeHacker