# CONTEST: Are those puppies I see?

#### John Cuzzola, October 23, 2023

Imagine you're a child and you have a secret message you want to share with a friend, but you don't want anyone else to know about it. Instead of handing your friend a note with the message (which could be easily found), you decide to write it in invisible ink on a regular drawing. To anyone else, it looks like a normal drawing. But you and your friend know the secret, so with a special light, you can read the message.

In Cybersecurity, this technique is called steganography. It is commonly used for adversaries to “smuggle” information out of an organization in seemingly innocent ways (like through a picture of cute puppies); or for secret communication between parties by hiding the message in clear sight. Steganography comes from the two Greek words: "steganos" which means "covered" or "concealed", and "graphein" which means "to write".

Least Significant Bit (LSB) Encoding:

This might sound like magic, but it's actually quite simple when you understand how pictures are stored in computers. Every digital photo is made up of tiny dots called pixels. Each pixel has a color, and this color is represented by a set of numbers in the computer usually red, green, and blue often referred to as RGB. Each set has a range between zero (0) and 255. To keep things simple, let's consider only the blue set. A blue pixel value of zero means very very dark blue – actually the color is so dark it’s black. A blue value of 255 is a very bright shade of blue and a value of 128 is a shade somewhere in between these extremes. The human eye can differentiate approximately 10 million colors. Suppose you have a pixel with blue color code 86. Do you think your eye can distinguish the shade of blue represented by 85 or 87 as a different shade to 86?

In reality, this difference of 1 is indistinguishable to your eye so the picture you are seeing looks just fine. However, a computer can tell the difference, and it’s this 1-bit difference (also known as least significant bit), that a message can be embedded in the image simply by manipulating these color shades by a small value. So here's the trick: instead of using the true color code shade of a pixel, we can swap it out for a value slightly larger or smaller that maps to one bit from our secret message (either a binary 0 or 1). Because it's such a tiny change, our eyes can't see the difference, but the message is hidden right there in plain sight! By doing this with many pixels in the photo, bit by bit, we can hide a whole message. Only someone who knows the trick (like you and your friend) can extract the secret message from the picture.

Try it for Yourself

This blog started with a picture of a cute trio of puppies, but as the Transformers would say “there’s more than meets the eye”. Follow these steps:

1. Right-click on the puppies, and select “SAVE IMAGE AS” or similar option. The goal is to save a copy of the image to your hard drive. Do not change the file type or any other settings.
2. Go to this site: https://stegtool.net/
3. Select the DECODE tab, upload your puppy image from step 1, and press the DECODE IMAGE button. If you followed these steps accurately, the message hidden inside the image will be revealed.
4. Follow the instructions given by the secret message to enter a draw for a prize!!!

# Week 1 of Cybersecurity Awareness Month

## Blocking Spam and Protecting Your University Inbox: The Power of Microsoft Spam Filtering and DMARC

##### Obiora Akachukwu, Oct 3, 2023

Today, let’s chat about something that's both annoying and potentially harmful: spam emails.

In June of 2023, the Information Technology Services implemented Microsoft's advanced spam filtering technology and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to make our university email experience way safer and smoother. Let's dive into the world of these new email standards and see how they're protecting our inboxes.

#### 1. Microsoft Spam Filtering: Your Email Bouncer

You know those pesky spam emails that clutter your inbox? They're like party crashers at your favorite hangout. Microsoft's spam filtering technology is like the bouncer who keeps the undesirables out. It uses smart algorithms to spot spammy emails and sends them straight to the digital trash bin. No more sifting through shady promotions or suspicious offers.

#### 2. DMARC: The Ultimate Identity Checker

DMARC is like the digital passport control at the airport but for emails. It helps ensure that the emails you receive are from who they claim to be from. Cybercriminals often try to impersonate trusted sources, like your employer, to trick you into revealing sensitive information. DMARC verifies the authenticity of the sender's domain, making it much harder for email scammers to sneak in.

#### 3. Reduced Phishing Risks

Phishing attacks are like digital fishing expeditions where scammers try to hook you with fake emails. These can be seriously dangerous, especially for students and faculty dealing with academic and personal data. Microsoft's spam filtering and DMARC combo work together to spot phishing emails and protect your personal info and login credentials.

#### 4. Enhanced Email Security

In the age of cyber threats, keeping your email secure is a top priority. Microsoft's robust spam filtering technology and DMARC help guard our university communications like a fortress. You can collaborate, share research, and communicate without worrying about email security breaches.

So, there you have it, folks. Microsoft's spam filtering technology and DMARC are like the dynamic duo of email security, making sure your university inbox is clean, safe, and hassle-free. You can focus on your studies, research, and teaching without spending as much time worrying about the distraction of spam or the fear of email scams. It's like having a digital guardian for your university email, which is a great perk.

## ChatGPT - Protecting your Privacy

##### Kevin Zhong, Oct 3, 2023

Is using ChatGPT private? The answer is no, ChatGPT is not private. Information entered into ChatGPT is stored on OpenAI’s servers and used to further train the AI tool. Users should exercise caution and not enter confidential or personal information into ChatGPT. According to OpenAI’s privacy policy, collected personal information related to you includes:

• Account and Communication Information: OpenAI collects your name, contact information, payment card information, and transaction history from your user account. If you communicate with OpenAI about any issue, they also collect the contents of any messages you send to them.
• User Content: When you use OpenAI Services, they collect personal information that is included in the input, file uploads, or feedback that you provide.
• Social Media Information: When you interact with OpenAI social media pages on popular social media platforms, such as Instagram, Facebook, Twitter, they will collect personal information that you elect to provide to them.

OpenAI also automatically collects personal information from your use of their services, when you visit, use or interact with the OpenAI services, including:
• Log Data: Information that your browser automatically sends when you use OpenAI Services. Log data includes your Internet Protocol address, browser type and settings, the date and time of your request, and how you interact with their website.
• Usage Data: ChatGPT may automatically collect information about your use of the Services, such as the types of content that you view or engage with, the features you use and the actions you take, as well as your time zone, country, the dates and times of access, user agent and version, type of computer or mobile device, and your computer connection.
• Device Information: This can include the name of the device, the operating system, device identifiers, and the browser you are using.
• Cookies and Analytics: OpenAI uses a variety of online analytics products that use cookies to help them analyze how you use their services.

So, how should you protect your privacy when using ChatGPT?

• Don’t share sensitive information: confidential information should not be entered into ChatGPT.
• Use a VPN to increase your anonymity.
• Disabling your chat history through your account settings does not prevent the use of your data in training ChatGPT. However, you can fill out the OpenAI “User Content Opt Out Request” Google form to opt out of having your data used to improve their language models.

Search To Top