lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0403101603370.28796@screamer.tcp-ip.info>
Date: Wed, 10 Mar 2004 16:10:20 -0500 (EST)
From: Dana Hudes <dhudes@...-ip.info>
To: bugtraq@...urityfocus.com
Subject: Re: HP printers and currency anti-copying measures


Watermarking is subject to numerous attacks.
I haven't examined this issue in detail as it applies to 
bank currency but there are some basic approaches:
- destroy the watermark so it can no longer be detected
- reverse the watermarking algorithm to restore the unwatermarked image

If you restore the unwatermarked image of course that will cause the fake
banknotes not to be accepted by vending machines which scan for it. The
trouble with that is of course legacy equipment that knows nothing of it.
Indeed, my own apartment building laundry room put up a notice that they
needed an equipment upgrade not yet available to handle the new $20 bills
in the smartcard dispenser (the washers and dryers work only off the
smartcards ) so folks have to continue using the old ones.  Of course, the
dispenser does not accept coins -- too bulky I suppose -- nor does
it accept credit cards.





On Wed, 10 Mar 2004, Dan Harkless wrote:

> 
> As a followup to the thread below, a bunch more information on this just
> came out yesterday in the Associated Press story "World Banks Working to
> Stop Counterfeiting":
> 
>     http://seattlepi.nwsource.com/business/aptech_story.asp?category=1700&slug=Banks%20Anticounterfeit
> 
> Apparently the "Group of Ten" central banks started work four years ago on
> their "counterfeit deterrence system", which "Several leading personal
> computer hardware and software manufacturers have voluntarily adopted".
> This reportedly includes ~90% of printer drivers, and soon will include
> scanner firmware as well, so at that point it will be insufficient to just
> use open source image editing software, as was suggested below.
> 
> The software is said to key off of "special coding on bank notes, which
> currently is included only on major currencies", so the workaround suggested
> below of scanning currency in multiple sections would likely be ineffective.
> 
> 
> On January 20, 2004, "mightye[removethis]" <"mightye[removethis]"@mightye.org> wrote:
> > Or use Photoshop 7, 6, 5.5, 5, etc.  I seriously doubt that there are 
> > any advancements in newer versions of Photoshop which make 
> > counterfitting significantly easier.  Scanning is scanning, and given 
> > that what you're trying to do is reproduce an existing image, not create 
> > a new one, the editing features found in new versions of Photoshop will 
> > provide very little advantage in this regard aside maybe from a little 
> > clean up of dirt on the glass of the scanner.
> > 
> > The point is, they don't really raise the bar to counterfitting, all 
> > they do is raise the bar to legitimate use.  Besides, there's always 
> > Gimp and open source software.  Building in such restrictions to that 
> > software, given that the code source is available means that any serious 
> > counterfitter will recompile with out the protections.  There'll 
> > therefore always be photo editing suites available which don't possess 
> > these limitations, and so there'll always be a way around it.  It's the 
> > wrong approach to preventing counterfitting, it's kludgey and won't ever 
> > work well. 
> > 
> > I guess though what it *will* do is prevent teenagers from printing out 
> > $5 bills and tossing them in the coin machine at the arcade, or any 
> > other electronic eye.  This is petty theft though, and it hardly seems 
> > fair to restrict legitimate consumers, costing them ultimately hundreds 
> > of hours to lost performance or costing them the fair use of money 
> > images to save $5 here and there.
> > 
> > It's the same problem as DRM enabled music.  It'll always be defeatable, 
> > and given that in that case there's the "analog hole" problem, will not 
> > ever stop someone serious about committing the crime, thus all it does 
> > is inconvenience or prohibit fair use.
> > 
> > -Eric "MightyE" Stevens
> > http://lotgd.net
> > *note* If you wish to reply, please remove my spam blocking 
> > "[removethis]" from my email address.
> > 
> > Kevin E. Casey wrote:
> > 
> > >Any decent counterfeiter would be aware of the rulesforuse.org website
> > >and could easily make a tweak to their host files... Say point
> > >rulesforuse.org to their own webserver which would then be designed to
> > >return data permitting the copying of currency images... 
> > >
> > >As for preventing image copying, it seems a half-witted attempt by
> > >bureaucrats to stop kiddyfitters... It probably wouldn't take too much
> > >to defeat it anyway (like cut the bill into thirds, then scan each third
> > >seperately and stitch it back to together).  
> > >
> > >
> > >
> > >-----Original Message-----
> > >From: Richard M. Smith [mailto:rms@...puterbytesman.com] 
> > >Sent: Saturday, January 17, 2004 12:10 PM
> > >To: BUGTRAQ@...URITYFOCUS. COM
> > >Subject: HP printers and currency anti-copying measures
> > >
> > >Hi,
> > >
> > >Last week, the Associated Press reported that Adobe has incorporated
> > >anti-copying technology in their Photoshop CS software which prevents
> > >users from opening image files of U.S. and European currency.  Here's
> > >the article:
> > >
> > >   Adobe admits to currency blocker
> > >   http://tinyurl.com/2xnno
> > > 
> > >(http://www.sanmateocountytimes.com/Stories/0,1413,87~11271~1882929,00.h
> > >tml)
> > >
> > >I did some investigating on my own computer and discovered that HP has
> > >also been shipping currency anti-copying software in their printer
> > >drives since at least the summer of 2002.  I have an HP 130 photo
> > >printer and found the string "http://www.rulesforuse.org" embedded in
> > >the driver.  
> > >
> > >According to a few newsgroup messages posted in 2002 and 2003, folks are
> > >seeing this URL printed out when they attempt to print images of certain
> > >types of bills.  An HP printer with this anti-copying technology only
> > >prints out an inch of a currency image before aborting the print job.
> > >
> > >Here is a list of HP printers which appear to have this anti-copy
> > >technology embedded in their Windows printer drivers:
> > >
> > >   HP 130
> > >   HP 230
> > >   HP 7150
> > >   HP 7345
> > >   HP 7350
> > >   HP 7550
> > >
> > >I suspect the list of affected HP printers is much longer.
> > >
> > >I located these printer drivers simply by searching all files in my
> > >Windows and Program Files directories for the string "rulesforuse".  If
> > >other folks run this same experiment, please let me know of other
> > >programs which appear to contain currency anti-copy technology.
> > >
> > >There are some unanswered questions raised by this quiet effort by U.S.
> > >and European governments to turn home computers into anti-counterfeiting
> > >"cops":
> > >
> > >   1.  Besides graphic programs and printer drivers, what
> > >       other kinds of software is this currency anti-copy
> > >       technology being embedded in?
> > >
> > >   2.  Are companies being required to include currency
> > >       anti-copying technology in their products?  If not, 
> > >       what incentives are being offered to companies to 
> > >       include the technology on a voluntary basis?
> > >
> > >   3.  Will future versions of this technology, "phone home"
> > >       to the rulesforuse.org Web site with details about
> > >       a violation of the currency copying rules?  It would
> > >       be very easy to include an email address, name of the
> > >       image file, software version number, etc. embedded in
> > >       a URL to the rulesforuse.org when a violation has been
> > >       detected.
> > >
> > >Richard M. Smith
> > >http://www.ComputerBytesMan.com
> 
> --
> Dan Harkless
> http://harkless.org/dan/
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ