Page 455 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 455
security enhancements and was eventually adopted as a replacement
for SSL in most applications. Early versions of TLS supported
downgrading communications to SSL v3.0 when both parties did not
support TLS. However, in 2011, TLS v1.2 dropped this backward
compatibility.
In 2014, an attack known as the Padding Oracle On Downgraded
Legacy Encryption (POODLE) demonstrated a significant flaw in the
SSL 3.0 fallback mechanism of TLS. In an effort to remediate this
vulnerability, many organizations completely dropped SSL support
and now rely solely on TLS security.
Even though TLS has been in existence for more than a
decade, many people still mistakenly call it SSL. For this reason,
TLS has gained the nickname SSL 3.1.
Steganography and Watermarking
Steganography is the art of using cryptographic techniques to embed
secret messages within another message. Steganographic algorithms
work by making alterations to the least significant bits of the many bits
that make up image files. The changes are so minor that there is no
appreciable effect on the viewed image. This technique allows
communicating parties to hide messages in plain sight—for example,
they might embed a secret message within an illustration on an
otherwise innocent web page.
Steganographers often embed their secret messages within images or
WAV files because these files are often so large that the secret message
would easily be missed by even the most observant inspector.
Steganography techniques are often used for illegal or questionable
activities, such as espionage and child pornography.
Steganography can also be used for legitimate purposes, however.
Adding digital watermarks to documents to protect intellectual
property is accomplished by means of steganography. The hidden
information is known only to the file’s creator. If someone later creates
an unauthorized copy of the content, the watermark can be used to
