It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
I can watch you on your built in webcam if you come to my website!!!
page: 10share:
Originally posted by james404
So "I can put some code on a web page and record you without you knowing" is true to the same extent as "I can put some code on a web page and gain control of your whole computer."
Indeed - spot on. Although the OP seemed to be suggesting that there was some particular vulnerability relating to webcams - all he would have to do would be to run some code on his website and he could control your webcam and turn off the LED.
This isn't true, and he couldn't run the code on your computer unless it was compromised in some way. In which case someone controlling the webcam LED would be the least of your worries...
Originally posted by DyingBreed
reply to post by ommadawn
See my post on page 7
www.abovetopsecret.com...
Also like I said, I think a simple clickjack over the permission dialog would hide it and therefor you would grant access and not even know it. That's if you can have flash set in a website to automatically try to access your cam.
OK Dyingbreed - that could work.
A pretty simple way to get around the permissions.
I always have popups disabled however.
Big However......
So What?
People get to see you sitting at your computer.
How long before they get bored?
Ya, I hear ya, most people do have a popup blocker, and use safe browsing habits.
I was just giving my opinion on how it 'might' be possible. But clickjacking is very popular so people must be roaming around the net, clicking banners and popups without a care in the world. lol
I was just giving my opinion on how it 'might' be possible. But clickjacking is very popular so people must be roaming around the net, clicking banners and popups without a care in the world. lol
reply to post by Nventual
reply to post by theregonnakillme
what world are you livin in.ill join you?
reply to post by theregonnakillme
what world are you livin in.ill join you?
I didn't reall all the previous pages, but I work in info security. I actually teach a class at a local college on it. Real simple-- it doesn't
require permissions to turn on a camera or a microphone. IF you use linux, it is a bit harder to do but it can be done. if your camera is plugged in,
it can be turned on. and most cameras have built in mics.
Can I do it? I haven't tried. yet.
Can I do it? I haven't tried. yet.
Originally posted by joesomebody
I am a computer expert. I am well versed in various computer related items of interest. and have been building kernels, editing kernel code, etc for years. Furthermore, I have been published twice in 2600: The Hacker Quarterly...
On top of that, if you run behind a linux based router such as Untangle, and have it setup right, insecurities are moot when it comes to having attacks happen from the internet.
Ok..so you build Kernals, rather than modify existing ones.... unlikely...but ok... you then suggest using a software based firewall??
Mods, can we please have a face palm icon??
..Ex
Originally posted by Aristophrenia
I build websites - this is absolutely normal - how the hell do you think Augmented Reality works ? How do you think ChatRoulette works ? Web cams on line ? My god - i can't believe you think that it is even remotely strange - its like saying OH MY GOD a web site can accesss my mouse data !! How else do you think you click on stuff ?!
The UK has laws which specifically allow mi5 and mi6 to go into your computer, turn on your web cam, and access any files they want to remotely if it is connected to the net - anything.
Facebook is a data harvesting and behavioral pattern recognition tool for tracking people - not a secret, not a conspiracy a well known fact. It was originally built by QinetiQ - the research and development arm of the CIA.
If you are on the net - you are being watched - if not by the government then by someone with WIRESHARK or CHARLES - it is standard - I use both ALL THE TIME.
So you use both WIRESHARK and CHARLES "ALL THE TIME" uh???
So would you wouldn't care explaining me how you "manage" to use a tool that use MITM through ARP Poisonning "over the internet" when ARP is a LAN side protocol??? Ur telling me your using MAC address spoofing to sniff data over the net when MAC address is not used on the net but only on your own LAN side which is the network between your ISP modem and your PC ONLY! Looks like your not exactly familiar with TCP/ipv4 and the OSI Model my friend. I don't want to be an arse but what your saying just doesn't make sense AT ALL...
BTW I don't use my built-in cam on my laptop so I just don't install the driver... Try spying me now big brother... whoever's worried just go uninstall the driver if you don't use it... if you don't know how PM me i'll help you out.
Originally posted by v3_exceed
Originally posted by joesomebody
I am a computer expert. I am well versed in various computer related items of interest. and have been building kernels, editing kernel code, etc for years. Furthermore, I have been published twice in 2600: The Hacker Quarterly...
On top of that, if you run behind a linux based router such as Untangle, and have it setup right, insecurities are moot when it comes to having attacks happen from the internet.
Ok..so you build Kernals, rather than modify existing ones.... unlikely...but ok... you then suggest using a software based firewall??
Mods, can we please have a face palm icon??
..Ex
Actually hardware based firewalls are fundamentally software at their core, in the firmware they have embedded inside them.
The difference is that a hardware firewall is slightly more secure due to the firmware nature of the system in place however that is a moot point imo as a well built *nix system with a properly configured firewall layer will be more than secure.
Heck a skilled admin can configure iptables to do a pretty admiral job, the average Joey won't be able to get in and for the most part that's all the security you need.
If someone wants to get in, has enough resources and the hardware & software, they will get in period - the only real way would be to have a segregated system that took snapshots of data overnight for you to then muse through the next day, much like news feeds only actual internet content but I am digressing here.
In essence modern operating systems, namely Windows 7, Apple OS etc have certain features built in to allow security interests the 'opportunity' to get in and at the end of the day, what is stopping them injecting data on your drive as well as taking it?
I have configured my Windows 7 firewall fairly well and I have the necessary hardware firewall in place to give me additional security but I know I can't really stop certain people and organisations from snooping in so I don't try to otherwise I would be suggesting I have something to hide.
My real work happens on my Linux boxes
Some people are debating how people would do this or that, how a web cam could be switched on and the truth is through ignorance on the end users
part.
Most people using computers and surfing the net these days have a passing interest in actual computing and the related technology. Computers (and IT as a whole) have become tools that can be used to access services, we live in a world of service provision and consumption.
It is not difficult to dupe the average user, a well configured scam will have even the most cautious users fooled (and most consumers don't look at a website source and do things like taking apart any underlying script code). All it takes is one person to be fooled and hey presto some malicious software has been installed on the users computer allowing access to things like their web cam.
The trick is not in doing something clever but doing something elaborate - I came across a similar thing a while back, a very well constructed banking site, almost had me fooled until I ran through my usual routine of inspecting links, underlying html, email headers, dns addresses, networking monitoring etc etc - youu get the picture, that lot alone is usually enough to inform any geek that something is not right.
This particular site was quite good as it exploited some features inside MS Windows to take a snapshot of what the person was doing and post the information back to a secure ftp site.
You get the idea, it's actually pretty trivial when criminals know they can prey on stupidity and ignorance that is common place.
The responsibility should be on computer hardware and software manufacturers to inform the public on how to use common sense, to educate people a little instead of worrying about profits.
Most people using computers and surfing the net these days have a passing interest in actual computing and the related technology. Computers (and IT as a whole) have become tools that can be used to access services, we live in a world of service provision and consumption.
It is not difficult to dupe the average user, a well configured scam will have even the most cautious users fooled (and most consumers don't look at a website source and do things like taking apart any underlying script code). All it takes is one person to be fooled and hey presto some malicious software has been installed on the users computer allowing access to things like their web cam.
The trick is not in doing something clever but doing something elaborate - I came across a similar thing a while back, a very well constructed banking site, almost had me fooled until I ran through my usual routine of inspecting links, underlying html, email headers, dns addresses, networking monitoring etc etc - youu get the picture, that lot alone is usually enough to inform any geek that something is not right.
This particular site was quite good as it exploited some features inside MS Windows to take a snapshot of what the person was doing and post the information back to a secure ftp site.
You get the idea, it's actually pretty trivial when criminals know they can prey on stupidity and ignorance that is common place.
The responsibility should be on computer hardware and software manufacturers to inform the public on how to use common sense, to educate people a little instead of worrying about profits.
edit on 14-11-2010 by old_god because: typo
I also wanted to add to the above post, that if you have this setting enabled it can be exploited.
If you own the site you can embed flash player code; Without having a video, or flash content. Giving the site builder access to your audio and web cam data.
If you own the site you can embed flash player code; Without having a video, or flash content. Giving the site builder access to your audio and web cam data.
Originally posted by theregonnakillme
reply to post by madmangunradio
It is possible to deactivate the light yes; it is as simple as ( variable=0 ) zero being off
This is completely wrong and very misleading.
-Controlling the webcam is possible.
-Controlling the webcam without activating the activity light is impossible. The light is controlled electronically: if there is power going to the cam then the light is going to be on. The only way to disable this is via hardware.
so much peoples here posting about how awsome they're with computers its getting hilarious
most of thems here dont know a damn about a single code line , seriously, stop stroking your E-go before lookin like E-diots
most of thems here dont know a damn about a single code line , seriously, stop stroking your E-go before lookin like E-diots
Originally posted by secretstoshadow111
I don't know if this was already posted, if you go to any adobe flash player video
Right click on the video>>
Go to settings>>>>
Go to privacy settings>>
It will ask you if you want to let thesiteyouraccessing.com to access your audio and web cam.
The issue being addressed here is that of using .css to 'hide' said 'confirmation' screen, making the link you're clicking on actually Affirming/Allowing access surreptitiously all the while.
readily doable .. and still not Completely ruled out in Flash 10.0 either ... but they're getting there.
Originally posted by ralphthedog
I didn't reall all the previous pages, but I work in info security. I actually teach a class at a local college on it. Real simple-- it doesn't require permissions to turn on a camera or a microphone. IF you use linux, it is a bit harder to do but it can be done. if your camera is plugged in, it can be turned on. and most cameras have built in mics.
Can I do it? I haven't tried. yet.
wow i wonder how that works? given that in order to do this you have to compromise the computer or get permission from the user to do so.
i seriously doubt you work in info security or you wouldn't make such vague and misleading statements. unix/linux are designed to work with permissions on all levels, from the user space to the kernel space. the only way to do what you are claiming is through permissions!
you can't just flip a switch here, the user has to allow it on linux, the only other way is through standard hacking, which really is control of the pc anyway.
lol a bit harder? the way windows and linux work are totally different, not withstanding how flash works on unix/linux verses windows.
I find this whole thing intriging. However, i doubt theres as much to concern yourself about in practice. TPTB might be able to hack your webcam,BUT
they would have a whole bunch of other methods. I had a white van parked outside my house on and off for a year several years ago. When it left they
sent an 'email' to my head saying that i was really boring.
Point is, there are lots of other ways to get the same data. For example, free things in the post. Sometimes I get free stuff in the post, items, and I keep them. I was looking at one once and figured that that would be a great way to get a mic or cam into my home.
Neighbours property. I have often felt that i was being watched. In fact, i have been at war with my neigbours for years. one of them has a loud computer game like a war game and its bas iss so loud that things vibrate and i can feel it on my anus when sat in my chair and it makes me really mad. Its when im mad that i start to think of ways to kill him like getting a cross bow, airgun or machette etc, but i have also been driven to recording it, to put it on my blog to proove what was happeneing, but regular mics dont pick it up so i started to look into survelience stuff, mics that can hear through walls. It was when i realised that i could happily sit here all day, as i do in silence with the sounds from his home amplified for me to hear. Then i realised it would easily be done the other way. But during all that i found loads of covert cams etc that used mobile phones and wifi networks. pans, plugs, alsorts. putting a cam into someones life is not that hard if you are TPTB.
So hacking your laptop has to be taken into context. It is a lot of hassle as its quite limited. Not everyone is a laptop vegetable like me. Some people go outside. Some people find it hard to turn their laptops on even. People have several laptops, they reinstall operating systems. Youd be better off have a throught the wall infrared camera or something, or a load of disposable cameras.
Im sure that hacking cams would be handled at an operational level too, so you would have other methods working on you. A cam pointing at your front door. CCTV interception with number plate traacing, mobile phone tracking. Remember, cams are limited to light, if you dont have the light on other than the screen then they cant see anything, if you have the lid up they cant. Its all too random to worry about.
To conclude, if they want to stare at your ugly face, they will, and your laptop will be a convenient method if its easy, but not essential to them developing a profile on you
Point is, there are lots of other ways to get the same data. For example, free things in the post. Sometimes I get free stuff in the post, items, and I keep them. I was looking at one once and figured that that would be a great way to get a mic or cam into my home.
Neighbours property. I have often felt that i was being watched. In fact, i have been at war with my neigbours for years. one of them has a loud computer game like a war game and its bas iss so loud that things vibrate and i can feel it on my anus when sat in my chair and it makes me really mad. Its when im mad that i start to think of ways to kill him like getting a cross bow, airgun or machette etc, but i have also been driven to recording it, to put it on my blog to proove what was happeneing, but regular mics dont pick it up so i started to look into survelience stuff, mics that can hear through walls. It was when i realised that i could happily sit here all day, as i do in silence with the sounds from his home amplified for me to hear. Then i realised it would easily be done the other way. But during all that i found loads of covert cams etc that used mobile phones and wifi networks. pans, plugs, alsorts. putting a cam into someones life is not that hard if you are TPTB.
So hacking your laptop has to be taken into context. It is a lot of hassle as its quite limited. Not everyone is a laptop vegetable like me. Some people go outside. Some people find it hard to turn their laptops on even. People have several laptops, they reinstall operating systems. Youd be better off have a throught the wall infrared camera or something, or a load of disposable cameras.
Im sure that hacking cams would be handled at an operational level too, so you would have other methods working on you. A cam pointing at your front door. CCTV interception with number plate traacing, mobile phone tracking. Remember, cams are limited to light, if you dont have the light on other than the screen then they cant see anything, if you have the lid up they cant. Its all too random to worry about.
To conclude, if they want to stare at your ugly face, they will, and your laptop will be a convenient method if its easy, but not essential to them developing a profile on you
Originally posted by OTTOKARMA
so much peoples here posting about how awsome they're with computers its getting hilarious
most of thems here dont know a damn about a single code line , seriously, stop stroking your E-go before lookin like E-diots
what the OP implies is totally impossible, computer software is not designed to do what he claims at all, now maybe some OSes have been written with special backdoors for the government agencies to gain access to pcs with cams, but that is built in, in that case.
so i wonder how the OPs magical website would work? he doesn't say "i have code that will exploit something installed and run on your pc!!" this isn't new or news, there are tons of things like that, in fact people really should stop using IE7 because of the pdf exploit.
the OP is nothing but scaremongering, you have to compromise the pc to be able to do what he claims, this means exploit! like the IE7 exploit, it exploited a flaw in adobe acrobat to do what it did. this isn't new at all, posting this stupidity as though it is a new dangerous thing just scares the less knowledgeable.
i repeat, what he is claiming is impossible without compromising the pc, this means exploiting a flaw in the browser or flash, or activex or any other piece of software. or the most common way:the user.
clickjacking works, or spyware or social engineering, which is the easiest.
this is the type of stuff that angers me. it scares the more luddite sort of people and makes them distrust modern tech for no reason
Originally posted by old_god
It is not difficult to dupe the average user, a well configured scam will have even the most cautious users fooled (and most consumers don't look at a website source and do things like taking apart any underlying script code). All it takes is one person to be fooled and hey presto some malicious software has been installed on the users computer allowing access to things like their web cam.
this is so true.
i do it for stupid people and its amazing the things they do. ive watched them read every bit og mail, including spam. Personally i wizz through my emails deleting all spam quickly and efficiently, but this old guy would open every email slowly and read it, and even after what seemed like years he hadnt spotted it was spam. And then he starts clicking on things. Its like watching a woman trying to park. You just have to bear with it. I was in an empty carpark once, and i parked up in a free space. There was a lane in front of me and then more parking spaces in which there was a guy in his car. As I was shutting off my car I noticed he was reversing and chuckled to myself that if he kept on like that he would hit me, but the idea was too incredulous. Netherless, he kept reversing, very slowly and eventually hit me. After I figured that it was me that was the idiot because i saw it all happening in slow motion and didnt drive away. i just couldnt believe it was possible. And its the same with spam mail and trojans. People read them, and press buttons and everything. I go into offices and they have all sorts of weird toolbars and photo applications and you ask, did you download that from the internet, and they say they dont know. Its crazy.
So for random things its possible.
i visit tons of porn sites. i do it all on my other computer, but i know after a month or so it will require restoring to factory state. Maybe someone has a nice hour long video of me having fun? I find the worst ones are the farm animal sites,the er... lolita sites, not that i look at those of course, and theother bizarre sites like shemale, rape, and fetish sites. it tend to wonder from standard lesboaction from time to time and generally suffer for it.
Originally posted by demongoat
what the OP implies is totally impossible, computer software is not designed to do what he claims at all, now maybe some OSes have been written with special backdoors for the government agencies to gain access to pcs with cams, but that is built in, in that case.
so i wonder how the OPs magical website would work? he doesn't say "i have code that will exploit something installed and run on your pc!!" this isn't new or news, there are tons of things like that, in fact people really should stop using IE7 because of the pdf exploit.
i think he is saying that the CSS on the div containing the accept webcam code is set to transparent and so you click on the accept button without knowing. I find that hard to believe, but at the same time quite plausable. A bit like having white text on a white background thats a link thats ontop of something less mundane like a graapic. Seems doable. But thats not really new and not really web cam specific. You caould be activating anything including invisible flash buttons and script downloads.
One way, Its Click Jacking , a well know Flash Bug that come out Early this year. If you click the hidden button it will activate your webcam. Google
for Click Jacking Flash Bug , Or POC if you want the code.
Well if you program your flash code to record video , it can easily record too to the server.
Another way is to exploit Those hundreads of Browser flaws , most browser are already fixed if u update frequently (not IE tho lol) . That way can get total control over the PC. They are harder then Flash bug tho.
For Flash Click Jacking bug , it works on all OS that have can run Flash.
No way to block using firewalls, Install flash blocker addon for firefox.
Well if you program your flash code to record video , it can easily record too to the server.
Another way is to exploit Those hundreads of Browser flaws , most browser are already fixed if u update frequently (not IE tho lol) . That way can get total control over the PC. They are harder then Flash bug tho.
For Flash Click Jacking bug , it works on all OS that have can run Flash.
No way to block using firewalls, Install flash blocker addon for firefox.
new topics
-
The Future of fashion .
Social Issues and Civil Unrest: 1 minutes ago -
Bin Cyber Junk…
Short Stories: 40 minutes ago -
The Undertones - Teenage Kicks
Music: 1 hours ago -
Volcano Watch 2025
Fragile Earth: 1 hours ago -
Judge rules president-elect Donald Trump must be sentenced in 'hush money' trial
US Political Madness: 10 hours ago -
Farmers wife
Music: 11 hours ago
top topics
-
New Jersey-Teachers Can Now Be Certified Without Passing Basic Reading Writing Math Testing
Education and Media: 15 hours ago, 8 flags -
NJ Drones tied to Tesla explosion at Trump Las vegas
General Conspiracies: 12 hours ago, 8 flags -
Judge rules president-elect Donald Trump must be sentenced in 'hush money' trial
US Political Madness: 10 hours ago, 3 flags -
Farmers wife
Music: 11 hours ago, 2 flags -
Volcano Watch 2025
Fragile Earth: 1 hours ago, 1 flags -
The Undertones - Teenage Kicks
Music: 1 hours ago, 1 flags -
Bin Cyber Junk…
Short Stories: 40 minutes ago, 1 flags -
The Future of fashion .
Social Issues and Civil Unrest: 1 minutes ago, 0 flags
active topics
-
Judge rules president-elect Donald Trump must be sentenced in 'hush money' trial
US Political Madness • 9 • : xuenchen -
The Future of fashion .
Social Issues and Civil Unrest • 0 • : Ravenwatcher -
Petition Calling for General Election at 564,016 and rising Fast
Political Issues • 221 • : AdultMaleHumanUK -
Labour's Anti-Corruption Minister Named in Bangladesh Corruption Court Papers
Regional Politics • 7 • : gortex -
New Jersey-Teachers Can Now Be Certified Without Passing Basic Reading Writing Math Testing
Education and Media • 13 • : xuenchen -
Orbs Appear And Form Triangle On Live Cam.
Aliens and UFOs • 21 • : alldaylong -
NJ Drones tied to Tesla explosion at Trump Las vegas
General Conspiracies • 11 • : worldstarcountry -
Bin Cyber Junk…
Short Stories • 0 • : JJproductions -
Mood Music Part VI
Music • 3777 • : Skinnerbot -
Matthew Livelsberger said he was being followed by FBI
Political Conspiracies • 66 • : xuenchen