Aero Theme and Generic Semi-Transparency Info Leakages
36 posts left, and counting…
If I had more time on my hands this would have been a fun one to play with. Although OWASP has dropped information leakage from their list of top 10, it’s still a fun puzzle to put together if you can gather tidbits of info. Johnny Long specializes in piecing together small seemingly inconsequential pieces of info against a target. I wish I could find the paper on it, but many years ago there was a paper describing one technique to unblur text in an image. The basic technique, if memory serves, was that you could take each character in the font in question, blur that font and see what it ended up looking like. By comparing the blur your just created with the blur in the image you could figure out each character.
When Vista came out it shipped with a default theme called Aero, which made semi-transparent windows. The semi-transparency uses both an overlay of a dithered color scheme as well as blur. The dither may be the harder of the two to overcome because it’s dithered based on the width of the window itself and it changes depending on the focus of the window in question. The blur, however, is probably the easiest. Windows uses a default font for most applications. Therefore it should be fairly easy to de-obfuscate text that is behind screen-shots of the Aero theme.
There are obviously problems with this - the first one being that it’s not the whole window that’s transparent, only a slice on the top, but I’ve found some vaguely interesting things that were definitely not meant to be in scope of the screenshot through the Aero transparency. The second problem is that this only really helps if the thing behind the screenshot is actually of interest. But, let’s assume that those issues are met. The nice thing is the kind of people who tend to post screenshots are experts in their field. They’re often public speakers, analysts, or people who are giving instructions on how to use something. So there could be quite a bit of sensitive information in those screenshots. I only spent an hour or so trolling screenshots one day and found a few vaguely interesting peices of info.
I have sat on this concept for a few years, hoping someone would come out with it first, but I haven’t seen anything written on it, so here it is. Either way, it’s probably a minor in reality, but I recommend turning off Aero and all transparency when possible - especially if you’re like me and have to give a lot of presentations that include screen-shots of desktop applications (E.g. browsers).
August 11th, 2010 at 7:22 am
I think they were referring more to error messages, log files, and such. Not DLP type which is what this seems to be referring to.
August 11th, 2010 at 7:54 am
@AppSec - I’m sure they were. DLP is just another area of information leakage that could include those same things, depending on what we’re talking about.
August 11th, 2010 at 10:37 am
Yeah, I just wasn’t sure if you were implying it shouldn’t have been dropped. It is definitely an interesting find and those little breadcrumbs that lead to the loaf.. They can be quite tasty!
August 12th, 2010 at 8:51 pm
Another interesting application for this is cases where people have blurred “private” information in photos, thinking it can’t be reversed. I don’t think I’ve ever found private-looking information in an Aero screenshot, but people do this all the time.
August 13th, 2010 at 4:36 pm
It’s possible with an inverse Fourier transform on blurred images. I’ve toyed with this a couple times, and always recommend NOT to blur images if you are trying to hide something, because it can be reversed to a great degree, especially if you use motion blur and even on a Gaussian blur.