Good paper (PDF) from Maarten Van Horenbeeck at the School of Computer and Information Science at Edith Cowan University. Discusses IP Header Tunneling, DNS Tunneling, HTTP Entity Tag Tunneling, Covert encoding or steganography, and the Microsoft GDI+ exploit in 2004. Not a bad read.
The concept of covert channels has been visited frequently by academia in a quest to analyse their occurrence and prevention in trusted systems. This has lead to a wide variety of approaches being developed to prevent and identify such channels and implement applicable countermeasures. However, little of this research has actually trickled down into the field of operational security management and risk analysis. Quite recently a number of covert channels and enabling tools have appeared that did have a significant impact on the operational security of organizations. This paper identifies a number of those channels and shows the relative ease with which new ones can be devised. It identifies how risk management processes do not take this upcoming threat into account and suggests where improvements would be helpful.