Do computers leave behind a digital fingerprint on files?

[Paul R]

In that way they can be hacked, but I'm not sure it would help in the situation where you are wanting to verify a photo is untampered with (we are / were discussing forensics).

 

If the hack alters the data stream from the device, you can do *almost* anything with it. In the old days (what, 10 years ago?) ROM BIOS hacks were a true PITA.

 

-Paul

[mansr]

Micro SD cards can definitely be hacked. They have an 8051 style microprocessor in them.

 

They're more powerful than that. Someone has even managed to run Linux on an SD card controller.

 

I suspect the same applies to USB sticks. It is possible to use this capability to hide all kinds of malware in these devices. I've seen some discussion on how this can be done. In particular, it would be possible, in principle, to program these devices so that they output one set of data when the controlling computer is calculating an MD5 checksum and different data when playing music. Just saying. I doubt anyone would do this kind of flim-flam for a $1000 challenge, but if it were a $1,000,000 challenge that might be different. :-)

 

It doesn't matter if the card presents you with fake data. You copy the file, or whatever the evil card gives you in place of the file, to trusted storage and then verify the signature. If the card altered the data, the signature won't match. If done right, the signing key is unique to each camera and stored such that it can't even be read other than by a dedicated microcontroller that handles signing. The data flow through the camera should look something like this:

 

[sensor] -> [image processing] -> [JPEG encoding] -> [cryptographic signing] -> [sD card]

 

Everything prior to the signing can be hardwired such that no other data source than the sensor is physically possible. You could still take the camera apart and feed fake data into the sensor interface, but a tamper-evident seal on the camera body will let you know if that has been done (in which case every image taken by that camera must be distrusted).

[Tony Lauck]

They're more powerful than that. Someone has even managed to run Linux on an SD card controller.

 

 

 

It doesn't matter if the card presents you with fake data. You copy the file, or whatever the evil card gives you in place of the file, to trusted storage and then verify the signature. If the card altered the data, the signature won't match. If done right, the signing key is unique to each camera and stored such that it can't even be read other than by a dedicated microcontroller that handles signing. The data flow through the camera should look something like this:

 

[sensor] -> [image processing] -> [JPEG encoding] -> [cryptographic signing] -> [sD card]

 

Everything prior to the signing can be hardwired such that no other data source than the sensor is physically possible. You could still take the camera apart and feed fake data into the sensor interface, but a tamper-evident seal on the camera body will let you know if that has been done (in which case every image taken by that camera must be distrusted).

 

Back in the 1990's I worked on the security design of a GPS flight data recorder used to authenticate sport aviation records and competition performances. There were device specific keys and a tamper resistant box and the keys were zeroized in the event that tampering was detected. The threat model wasn't too severe, not suitable for forensics work, let alone national security. I suspect it would have been possible to extract the signing keys by side channel attacks, such as power draw or EMI. However, the security was good enough for the product to be accepted by the sanctioning authorities and used in the World Gliding Championship in 1995.

 

None of this is more than peripherally related to this thread, but unfortunately it is easy to get side-tracked on issues of security. There is some technological commonality involved, however, because of the connection with information leakage.

[tne]

Here's why this would be relevant.....

 

Thanks for the PEAR link. I will have a close look soon. I am an experimentalist by training, profession, and basic personal inclination, but still fail to see the actionable benefits of the specific tests being proposed. There is no scam that Alex or others are attempting to perpetrate here, whether he is right or wrong. There are much bigger scams that deserve careful study, but there is nothing that will change my listening experience one way or the other regarding this specific issue.

 

Maybe this effort should be spent looking into quantum tunneling, Shakti stones, etc.

[wgscott]

I have rejected unnecessary interactions with angry, disputatious people, especially when I see little chance of anything profitable coming therefrom.

 

I have much to learn from people like this.

[Tony Lauck]

Thanks for the PEAR link. I will have a close look soon. I am an experimentalist by training, profession, and basic personal inclination, but still fail to see the actionable benefits of the specific tests being proposed. There is no scam that Alex or others are attempting to perpetrate here, whether he is right or wrong. There are much bigger scams that deserve careful study, but there is nothing that will change my listening experience one way or the other regarding this specific issue.

 

Maybe this effort should be spent looking into quantum tunneling, Shakti stones, etc.

 

I came across the PEAR people by chance. I was sitting in coach in a 747 from BOS to SFO back in the 80's and was sitting next to this guy who ran the project. After some discussion, he gave me a bunch of papers to read. I have always been open minded to "BS" theories that come backed with plausible evidence and this was one of them. I've also been tasked on several occasions to evaluation various questionable inventions, such as a theory of modulation that was being peddled as requiring no side bands, etc... I was given these tasks because my management realized that I was smart enough and open minded enough to separate goats from sheep correctly.

 

This is the paper I started with: Robert G. Jahn. (1982). The Persistent Paradox of Psychic Phenomena: An Engineering Perspective. Proceedings of the IEEE. Volume 70: 136-170.

[plissken]

Assuming the firmware is already set up to obtain a valid certificate, why would you not hack the piece of the firmware that governs the criteria under which it will obtain that certificate?

 

Because you always should have a way to validate the client side certificate. That's how it works and is supposed to work.

 

Next time you are on a shopping cart site click the lock icon on the URL and drill down.

 

[sullis02]

 

Alex these two files have a nearly 3 db difference in loudness. No surprise they will sound different. They also are equalized differently up until about 5 khz. And there is a small speed difference. I doubt they are the same master.

 

 

 

Best laugh of the day, even if it is a few months late for me. Thanks :>

[sullis02]

She also is subject to the same issues as any human. Hear something once, attribute that to something and it can build in your mind to color your perception even with great hearing ability and experience working on recordings. None of that holds much value to me when such a person begins claiming the impossible to highly highly improbable. Also doesn't keep her recordings from sounding great.

 

What some people also don't get is that audio 'engineers' like Cookie Marenco and Barry Diament and Steve Hoffman can hold all sorts of dubious beliefs about audio, and 'believe' in stuff that really doesn't make a difference, yet still make great recordings/masterings, because in the course of their work they make choices that really undeniably *do* make an audible difference (e.g., choosing sources, setting levels and EQ, cleaning up artifacts, keeping noise levels down, using tube gear of not...). If they have good ears for those choices, their work sounds good. But that's a little boring for some of them I guess, so they have to have a lucky rabbit's foot too, some secret sauce, that they can claim gives them an edge. In the end it does no harm to their work if they think that rubbing the rabbit's foot makes a difference.

 

There's an old recording studio trick for satisfying annoying kibitzers who claim to have 'great ears' and have made 'great recordings'...it involves adjusting a knob or flicking a switch that's not connected to anything. You adjust the knob or flick the switch and ask 'does it sound better now?" until the kibitzer goes 'ahh, that's it! NOW it sounds right!".

 

I wonder how Cookie and Barry would do in a phantom switch test?

[徐中銳]

Speaking of recording engineers, am reminded of Andrew Scheps, it seems a recent 95min talk, from a couple months back, is :

« A Grammy winner for his work with Red Hot Chili Peppers, Adele and Ziggy Marley, Andrew Scheps has had an extensive career behind the boards engineering and mixing records for some of the world’s biggest rock bands, including Metallica, Red Hot Chili Peppers, Green Day and U2. A former employee of Synclavier, Scheps spent time on the road with a pair of certifiable legends, touring as Stevie Wonder’s keyboard tech and mixing live sound for Michael Jackson before working on Jackson’s HIStory. Scheps currently runs his own studio Punkerpad West as well as the Tonequake record label, and came to Paris for a lecture that imparted decades of recording knowledge to eager participants. »

 

And, if the above is long, recalling RR :

[video=youtube;IBHADseIs-w]

[Tony Lauck]

What some people also don't get is that audio 'engineers' like Cookie Marenco and Barry Diament and Steve Hoffman can hold all sorts of dubious beliefs about audio, and 'believe' in stuff that really doesn't make a difference, yet still make great recordings/masterings, because in the course of their work they make choices that really undeniably *do* make an audible difference (e.g., choosing sources, setting levels and EQ, cleaning up artifacts, keeping noise levels down, using tube gear of not...). If they have good ears for those choices, their work sounds good. But that's a little boring for some of them I guess, so they have to have a lucky rabbit's foot too, some secret sauce, that they can claim gives them an edge. In the end it does no harm to their work if they think that rubbing the rabbit's foot makes a difference.

 

There's an old recording studio trick for satisfying annoying kibitzers who claim to have 'great ears' and have made 'great recordings'...it involves adjusting a knob or flicking a switch that's not connected to anything. You adjust the knob or flick the switch and ask 'does it sound better now?" until the kibitzer goes 'ahh, that's it! NOW it sounds right!".

 

I wonder how Cookie and Barry would do in a phantom switch test?

 

They are experts in hearing differences and artists in choosing which ones are best. This does not make them experts at getting to the root causes of the differences. If they can find a way to get good results by bypassing various detours they don't have to isolate exactly where on the detour things went wrong.

 

Other recording engineers go by numbers and theory and produce good recordings on occasion when things they can't hear don't go wrong. But without the talent to hear the significant differences they don't recognize when something is screwed up and therefore are unable to produce consistent high quality. Some other people of similar ilk suffer from having a low budget and select low priced components that measure OK but don't sound good and, as a result, produce consistently mediocre recordings.