On 1/31/15, Benjamin Brewer wrote:

... Pardon my ignorance about this, and I will do my own research, but do these hidden formattings/stego/call-home functions disappear, get mutilated, become broken when ‘converting’ such PDF documents to other document types

we can wax lyrical about all the ways to sanitize a boundary through constraint, perhaps twice over, to be sure? that said, consider a Qubes OS setup where conversion between formats (app domains) was always to least complicated, most easy to verify well formed, even constraint through omission type simplifications, then a PDF to plain-text 80 column by 42 lines per page fixed width ASCII printable only could probably be interpreted into sentences that would be a way to collaborate separately without excessively leaking information among participants, maybe. in other words, PDFs and similar rich, obfuscated types are the adversaries playground. does this mean all PDFs are compromised? Of course not. But if you're a target, a specific PDF of specific structure could very well be an effective honey token and target you precisely.

... via use of many ‘conversion’ tools (Calibre comes to mind instantly) or are these embedded organisms a persistent across any automated conversion routine?

consider a watermark, that resized half, still persists. this is the kind of meta leval manipulation of structure you may see in a rich document (PDF) that could still persist in some transformations. in other words, it depends on your threat model - who is tainting your documents in-line, silently, without your awares, and how complicated the formats and resulting transformations. as another example, this is why referencing even simplified subsets of text by a self certifying identifier, like afb1e384e450d644703ad96cdfe9f728be509854388687eb65b7c622e2f798a9 , e.g. bigsundaawafn36e.onion/shid/afb/1e3/afb1e384e450d644..5b7c622e2f798a9 , or http://sunshineeevvocqr.onion/bigsun/raw/afb1e384e450d644..5b7c622e2f798a9 which is the same paragraph in ascii no matter PDF or Word or HTML origin simplified to text paragraph. then, mutually un-trusting individuals collaborating from a distance, can use this shared address space as the base for cooperation. if that doesn't make sense, i will explain it better, later, :) best regards,

On Sat, Jan 31, 2015 at 04:06:13PM -0800, coderman wrote:

...

via use of many ‘conversion’ tools (Calibre comes to mind instantly) or are these embedded organisms a persistent across any automated conversion routine?

consider a watermark, that resized half, still persists. this is the kind of meta leval manipulation of structure you may see in a rich document (PDF) that could still persist in some transformations.

there was this laywer in .no who lost his license because he leaked photos of anders behring brevik to the press. and police watermarked a set of bait-photos and gave it to the laywers of the families with dead kids. the press made a photo of the pictures, printed the photo in a test news paper, took a photo again, and printed that. so a lot of adc-dac conversions in betweeen. the size also got significantly smaller. yet the watermark was clearly identifiable. it turned out later, that this was some kind of photoshop plugin, which is "primarily for tracking copyright violations" -- otr fp: https://www.ctrlc.hu/~stef/otr.txt

On 1/31/15, coderman wrote:

... as another example, this is why referencing even simplified subsets of text by a self certifying identifier, like afb1e384e450d644703ad96cdfe9f728be509854388687eb65b7c622e2f798a9 , e.g. bigsundaawafn36e.onion/shid/afb/1e3/afb1e384e450d644..5b7c622e2f798a9 , or http://sunshineeevvocqr.onion/bigsun/raw/afb1e384e450d644..5b7c622e2f798a9 which is the same paragraph in ascii no matter PDF or Word or HTML origin simplified to text paragraph.

this text is: And I'll go one further. Everything's secret. I mean, I got an e-mail saying, "Merry Christmas." It carried a Top Secret NSA classification marking. The easy option is to classify everything. This is an Agency that for the most of its existence was well served by not having a public image. When the nation felt its existence was threatened, it was willing to cut agencies like NSA quite a bit of slack. But as that threat perception decreases, there is a natural tendency to say, "Now, tell me again what those guys do?" And, therefore, the absence of a public image seems to be less useful today than it was 25 years ago. I don't think we can survive without a public image. (U//FOUO) is should have included at first, as odd, opaque links without context a entropy prank. [ https://twitter.com/nickm_tor/status/549651166834225153 :P ]

| Depends on the converter, whether it keeps the Adobe spying | features witting or unwitting -- which it may be aware of or not. | And whether it has a deal with Adobe to retain disguised. | ... John, you know this I'm sure, but for the record the highest security places use sacrificial machines to receive e-mail and the like, to print said transmissions to paper, and then those (sacrificial) machines are sacrificed, which is to say they are reloaded/rebooted. Per message. The printed forms then cross an air gap and those are scanned before transmission to a final destination on networks of a highly controlled sort. I suspect, but do not know, that the sacrificial machines are thoroughly instrumented in the countermeasure sense. For the entities of which I speak, the avoidance of silent failure is taken seriously -- which brings us 'round to your (and my) core belief: The sine qua non goal of security engineering is "No Silent Failure." --dan