Saturday, January 22, 2011

Cracking Image Verification

3 replies

Dmitry Sklyarov and his colleagues at Elcomsoft have cracked the "image verification" system in high-end Canon cameras; this system digitally signs the photos you take so any alternations, "touch ups" or other modifications can be detected. Sklyarov (who became a cause celebre when he broke the DRM on Adobe's ebooks and was thrown in jail by the FBI at Adobe's behest) and his team have a sense of humor -- they've produced correctly signed images of astronauts planting the Soviet flag on the moon and the Statue of Liberty holding a sickle, among others.

The problem is that the HMAC sits in the camera's RAM in a de-obfuscated form and can be extracted, according to Sklyarov. It is also possible to extract the HMAC from the camera's Flash ROM and manually de-obfuscate it. Canon also released a third version of ODD, which Sklyarov was also able to break and forge the ODD. Elcomsoft has written a program that can analyze a camera's processor and firmware. The problem is a design flaw and can't be fixed, according to Elcomsoft. Sklyarov said he was able to extract the HMAC keys for the following models: EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D.
The problem, of course, is that for this system to work, the camera has to keep a secret from its owner -- and if one camera owner manages to extract the secret, all cameras fall. According to NetworkWorld, Sklyarov offers a silly remedy for this: "Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker" -- that is, use DRM to control which code can run on a Canon camera (there is a thriving world of hobbyists who have improved the Canon firmware). This has multiple problems: the first one, of course, is that it has the same vulnerability as the flaw that Sklyarov just exploited; that is, his solution for making the camera better at hiding a secret from its owner is to hide another secret in the camera to control the bootloader. The scoreboard on device jailbreaking is basically Jailbreakers: Infinity, Firmware: 0. All that adding another secret to the camera will accomplish is to put people who crack it at risk of being punished under the DMCA, the same law that saw Sklyarov imprisoned. Presumably, he doesn't advocate this.
It's perfectly plausible to think that you might hide a key inside a device so well that most of its users will never be able to extract it (for example, it'd be pretty easy to hide a key inside my laptop or camera such that I couldn't get at it). But for this kind of adversarial computing to work, you need to be able to embed a key in a device so perfectly that no one, anywhere, can extract it (because once the key is extracted, I can just download it from the Internet, rather than steaming open my camera's sealed envelope and getting at its secrets). This is just silly, and no one should rely upon any system that is grounded in it.

Thursday, January 20, 2011

Not a Shoop II

0 replies

The Krzywy Domek (Crooked House) is part of a shopping center in Sopot, Poland. The 2004 structure looks like a set from Das Kabinett des Doktor Caligari, but according to Wikipedia, it was "designed by SzotyƄscy & Zaleski who were inspired by the fairytale illustrations and drawings of Jan Marcin Szancer and Per Dahlberg."

Tuesday, January 18, 2011

Talkin' bout Pixels

1 replies

Brazilian photographer Diego Kuffer - "Photography only lets you capture instants (even long exposures are only blurred instants). So, I hacked the idea of photography, mixing together many photos of the same scene into a single one, slicing and dicing the images and putting them back together, chronologically. I call the grammar behind it 'chrono cubism.'"

Sunday, January 16, 2011

Not a Shoop

2 replies

Morten Traavik was commissioned by the The Norwegian Armed Forces Museum to create contemporary art for them.  The result - a skin covered machine gun.

Jared Loughner Mugshot Manipulation

0 replies
Ok, do this:

1 - google image search
2 - "Jared Loughner mugshot"
3 - In the results do not look at his face, only look at the wall in the background.

How many different colors do you see?  In the first 12 results I can count atleast 4 different versions where the wall has been darkened to different degrees.  That is just with my eye, there could be even more manipulations.

Here are a few images questioning the level of manipulation, but first an image from Time that they credit as an illustration that I find pretty offensive:

Friday, January 14, 2011

April Fools

1 replies

Under the headline "Rove personally connected to email scandal", this photo of presidential adviser Karl Rove, was said to provide evidence that the White House had created an independent e-mail system for communicating outside of the White House's email system, which is automatically archived for record-keeping. The doctored photo, however, was part of an April Fool's joke, and marketing campaign by the Internet design company Coptix. "We watched the misinformation filter upward and outward," said a Coptix spokesman. "This has driven tens of thousands of visitors to our Web site. ... We consider our Web marketing experiment a success."

Wednesday, January 12, 2011

Can't Even Escape Photoshop if you are Dead!

1 replies

This image of former U.S. President Ronald Reagan appeared on the cover of Time magazine under the headline "How the Right Went Wrong". The image was doctored to include a tear on Reagan's face. Time issued a statement saying it regularly runs what it calls "conceptual covers." They said: "This week's cover image is clearly credited on the table of contents page, naming both the photographer of the Reagan photo and the illustrator of the tear."

Monday, January 10, 2011

Riding Arnold's Coat-tails

3 replies

The campaign of Tung Nguyen (second from left) for Orange County supervisorial candidate doctored a photo placing Nguyen close to Governor Schwarzenegger. The photo appeared in two Vietnamese-language daily newspapers. Although Nguyen attended the event with Schwarzenegger, he was not standing next to him. Instead, Nguyen's head was spliced onto another person's body. Nguyen's campaign first blamed the alteration on an advertising company and then on a campaign volunteer.

Saturday, January 8, 2011

Because that is Totally the Face she would be making....

0 replies

This photo of ABC News' Elizabeth Vargas breastfeeding her baby while at her anchor desk accompanied an article with Vargas about balancing work and motherhood. The image was created by digitally combining a head shot of Vargas with another image.  A spokesperson for Marie Claire Magazine called Vargas "a great journalist," and added that "We do not believe anyone seriously thought she would nurse and report the news at the same time!"

Thursday, January 6, 2011

Bunny Ears and Diapers on a Senator

2 replies

In 2006 an Ohio Republican Party news release attacked Democratic Rep. Sherrod Brown for enlisting the support of comedian Al Franken. The news release was accompanied by a photograph, showing Franken dressed up like a baby bunny, wearing adult diapers and clutching a fluffy white teddy bear. Andy Barr, director of Franken's Midwest Values PAC, confirmed, "The picture is a fake." The Ohio Republican Party used a 2004 photo of Franken for the doctored image. In 2009 shortly after Senator Al Franken was seated in the U.S. Senate, Cincinnati Enquirer columnist Peter Bronson re-published this doctored photo under the heading "Is this who you want making decisions about your health care?" In his retraction, Bronson wrote "Last week I posted a blog about comedian Al Franken joining the Senate, including a picture of Franken wearing bunny ears and a diaper. Franken did many things on Saturday Night Live that could be embarrassing to a Senator. But apparently, that was not one of them. It turns out the picture was photoshopped. We don't knowingly run false pictures, so I took it down and replaced it with another goofy picture of Sen. Franken."

Tuesday, January 4, 2011

Shut Up and Sing

1 replies

This movie poster for Shut Up and Sing (a film about the criticism of the musical group Dixie Chicks that followed lead singer Natalie Maines' comments about being ashamed that President Bush was from her home state of Texas) was doctored from its original. In this doctored version, sheets were added to the members so as to be less revealing.

Sunday, January 2, 2011

Elin Nordegren - Pre Clubbing of Tiger Woods

1 replies
FROM 2006:
The Dubliner apologized for a story depicting the wife of famed golfer Tiger Woods in doctored pornographic images. The article read, in part, "Most American golfers are married to women who cannot keep their clothes on in public. Is it too much to ask that they leave them at home for the Ryder Cup? Consider the evidence - Tiger Woods' wife Elin Nordegren can be found in a variety of sweaty poses on porn sites across the Web.". After Woods publicly denounced the story, the magazine apologized: "The publisher and staff acknowledge that the satirical article was inappropriate. We wish to sincerely apologise to Tiger Woods, his wife Elin Nordegren and other Ryder Cup players and their families for any offence they may have taken to it. The article was written as a satirical piece and, in the context of the entire article, the publishers believed the readers would not be left with the impression that there was any truth in the assertions, it being an absurd parody of inaccurate tabloid publishing generally. If any contrary impression was given it certainly was not intended and for this the publishers unreservedly apologise"

Saturday, January 1, 2011

Joseph Liberman has no Photoshop Skills

0 replies

This image was posted on, a website supporting Senate Democrat Joseph Lieberman. In reference to Lieberman's opponent, the accompanying caption read "Four out of Five Terrorists Agree Ted Lamont for Senate". "As soon as we saw it, we immediately pulled it down," Lieberman campaign spokeswoman Tammy Sun said. "We condemn things like this. It has no place in our political discourse or on our web site."