Glassworm Returns: Invisible Unicode Malware Found in 150+ GitHub Repositories
TLDR: invisible Unicode characters in Javascript string literals, translated to Latin-1 and passed to eval().
Text
14 Best Free and Open Source Steganography Tools - LinuxLinks
14 Best Free and Open Source Steganography Tools
Text
Hidden In Plain Site: Steganography
“For deeper thoughts on AI, Creativity, and Change, visit That Things Depart.”Joseph K
A fun question to ask yourself if you’ve made it this far. How many of these images I created and used have Stenography imbeds? 🙂
Steganography: The Art of Concealment in Plain Sight — josephkravis.com
Steganography: The Art of Concealment in Plain Sight
josephkravis.com // Cybersecurity Education Series //…
Text
Malware Hidden in Plain Sight Inside Browser Icons
A rogue Firefox extension used image steganography to smuggle malware past security reviews, quietly infecting users who trusted the browser’s extension store.
Source: LayerX Security
Read more: CyberSecBrief
Text
dunno that I ever talked about it here, but in the spirit of beginning as you mean to go on, I finished that first warp and cut it free from the loom just before the move.
11m of cotton warp and a whole bunch of twill sampling in mostly cotton, some rug wool, and one textured sparkly acrylic bit.
it’s hemstitched at the beginning and end of every single piece and I think I want to cut it apart before the gentle cycle in the washing machine, and probably separate the wool rugs from the cotton fabric for lint’s sake if nothing else. I have seen arguments for both cutting them apart and not…any one have thoughts?
glamour shots of unbathed beauty off the loom below the cut (worth clicking through on mobile, they are much better focused than the scrolling display).
[[MORE]]
ALT
ALT
ALT
ALT
ALT
ALT
ALT
ALT
ALTText
i sure wonder why i swapped my signature pencil brush for this one! surely it’s not to do with the on-the-nose joke here…
[[MORE]]tumblr compression may make this one unsolveable here so check it out on my toyhouse i promise this one will take like. 30 minutes maximum
i really need to get into hobbies that involve the outdoors
Text
Me realising free will means actually kissing boys not just blogging about it on tumblr like a loser… what a genius revelation! 😝
Text
Is the only way for me to understand image steganography methods is to study the source code…? Or am I simply not looking hard enough
Text
Dear fic author: While knitting secret information into scarves is a classic and clever trope, you really don’t want to use dropped stitches as part of the code. At all.
Text
Secret Chinese research institute tied to cyber-espionage operations
Investigators uncovered that Beijing’s BIETA lab, posing as a civilian tech institute, is almost certainly run by China’s Ministry of State Security — building tools for covert communications, malware delivery, and intelligence gathering.
Source: Recorded Future | Insikt Group PDF Report
Read more: CyberSecBrief
Text
SCRIPT
Trained apes bang out genius bars. We cannot relpace your human
story, so waivers signed and tailored to match the exposition yo
u fed to them.Unit’s upon round number units behed by churning m
echanistic numbers. A mistake is the sign of the man made it em.
Text
CANDID
Dimly met one happenstance a pallid hearh evident. Two adrift be
rive to subdue another twixt flames. Soft must omit hardness,
senses melt fable now. Do bruises truth attest? Must heresy arm
falsehood? But Isink alone grasping; stark unmasked evidence smo
ke-bit. Lesions as cinder gilded him, fire erupt heedless of the
m. Cease gentler uneasily. When seam & stitch slip, atop twilitl
air does still a nested divine. So ignite fray cloth thy bare fi
ngers recant, exposed the glow nowhere nadirs. Gone below for ev
er half exiled two coupled.
Text
VOCAL
Flow bodies marching- up a street bent into full halcyon course. A Parade, brought tension to awe humble martyrs choir-Exalt! Arise, conquer dread caution’s noose. Exclaim it a mouth which usher tears. Begone soft red naysayers! Good drowns your pleas a way
Text
Your Printer is (Probably) a Snitch
In these bewildering times you might want to put up flyers or posters around a neighborhood, or mail a strongly-worded letter to someone. You might be scared of reprisals and wish to do that sort of thing anonymously, but it turns out that governments would prefer that they be able to track you down anyway.
In the early 2010s, a few different innovations were making their way into high-end scanners and printers. One was the EURION constellation, a set of dots that you’ll recognize in the constellations on Euro notes or in the distribution of the little numeral 20 speckled around the back of a twenty-dollar bill. Scanners are programmed to look for dots in exactly that pattern and refuse to scan the paper that those dots are on. Can’t make a copy of it! Can’t scan it in. We’ll get back to that.
The other innovation are **tracking dots**. The Electronic Frontier Foundation (EFF) estimates that in 2025, basically every color laser printer on the market embeds a barely-visible forensic code on each of its printouts, which encodes information about the printer and its serial number. (Maybe more data too - I don’t have all the details.)
Maybe you remember Reality Winner, who leaked classified intelligence to journalists? They received high quality copies (maybe originals) of the documents that were leaked. When officials were able to examine them, they were able to combine regular IT forensics (“how many users printed documents on these dates, to printers of this make & model”) and work backwards from the other end, to get a narrow list of suspects.
To defeat those signatures, you either need to use a printer that doesn’t embed those features (Challenging! The EFF says basically all printers do this now) or you need to be careful to employ countermeasures like this Python tool. The tool can spray lots of nonsense codes into a PDF that make forensic extraction harder (or impossible).
What does this have to do with the EURion constellation? Well, before anyone can even start to extract little invisible yellow dots from your poster… they have to scan it into their system. And their very law-abiding scanner – unless it’s owned by an agency that fights counterfeiting like the Secret Service does – probably doesn’t have its EURion brainwashing disabled. So when they go to scan your poster or strongly-worded letter, the EURion constellation on it probably stops them from doing it.
Text
I’m not allowed to work on Remnants ciphers after I’ve taken my sleeping meds anymore… I just found a note file on my phone with something that almost makes sense with no recollection whatsoever of what I did to get there, if it was something I later realized was based on a typo on my part, and nothing in the note indicating where it came from.