I can watch you on your built in webcam if you come to my website!!!

Originally posted by porschedrifter
you guys are all paranoid. Putting tape over your cam? LOL

Just go into device manager and disable your webcam with a right click. - No messy residue! hahahah

there are more reasons for doing this than just "TPTB". I have had customer's enable the web cams on LiveMeeting.. lucky for me I had the paper over the camera or they would have seen me in my PJs..lol

I do occasionally use the cams, though, so it is simpler to remove the tape than enable in Dev Man

reply to post by abecedarian

You're very right - RDP (Remote Desktop Protocol) can be tough to get working out-of-the-box for most end users and most of the desktop varieties of Windows do not enable Remote Assitance by default. Also, as you pointed out, many Windows versions do not even include Remote Desktop. However, I can think of at least a few ways to make use of RDP even if it is disabled... would just take some time focusing on click-jacking and ActiveX... assuming you can find someone running IE6/7 Would be tough, but can be done.

If you can just trick the user into clicking the right thing, you can do a WHOLE LOT.

Web-delivered threats and exploits are a real problem. This is why most server OSs have web browsing disabled by default. Windows Server 2K3/2K8 require you to do ALL SORTS OF CRAP in order to get the "internet" (web browsing) to work. Most Linux Server distros take this one step further and don't even come with a graphical interface! Just text!

There is a reason why the big boys at Microsoft and the GNU code monkeys of 'Nix OSs don't allow for web browsing by default on servers or other mission-critical machines. Its a HUGE risk!

ive thought about this.

But wouldnt the webcam light turn on if anyone started capturing your video?

Or is there a way around that, too?

reply to post by demonseed


Yes, there are ways around that.

Most webcams have settings that allow you to enable/disable the LED when the cam is in use. So there is already a variable on your computer somewhere (registry, or cam .dll files) that can be set to turn the LED off. All it would take is a Flash/Java/ActiveX script to re-set that variable, and you can get that script delivered and executed on their computer by means of click-jacking or Trojans, etc.

You can do just about anything if you can dupe the user into clicking what you want them to. The WWW is a secretly scary place.

reply to post by ANNED



The reason the hackers don't do that is because no one would care about those videos. Online there are tons of sties out there where people get naked on cam for free. They like to show off on cam, either their big tatas or their big... you get the idea. Go into any yahoo webcam chatroom and you'll find tons of people showing off on there. Other people record themselves for fun having sex and post it on xtube.com. People can find webcam nudity (and sex) online way too easily to waste time hacking a webcam. Imagine how boring it must be to hack someones webcam. 99% of the time it would be boring. The odds of the person getting naked on accident right in front of the webcam is extremely small, and if they did catch someone, it would likely be a blurry pic that's taken from a distance.

What's a real problem is people that secretly videotape people having sex. Now that is very common. I know quite a few guys that secretly videotape everyone they have sex with. They have time to position the HD camera in just the right position, and then they do the girl in the right spot to make it look like a professional porno. Hiding the camera is easy, they just need to put some stuff around it to hide it a bit.

There are exploits and always will be ones that we do not know about. No one is ever really safe on the internet. I do not doubt one bit that a person's webcam can be turned on by the right people who know how without much trouble. I know it has been done before, and know it continues to be done.

I have a webcam but have it disconnected at all times as well as my microphone (many webcams also have built in microphones, and you can use a headphone as a microphone as well, just plug it into the microphone jack instead of the headphone jack) because I know I can be spied on. This is not paranoia, because I am not a paranoid type of person. But I would never think that using the internet is going to be safe all the time.

Also as a rule of thumb I always try and use a proxy server, or a VPN (virtual private network). It's really funny when someone is trying to pid me. One that I've used for a long time is at hidemynet.com. I'm not advertising for them, just find them very useful.

Also as another rule of thumb, I reinstall my OS every three months. I figure after that amount of time I have to have some type of virus on my system I am not aware of. And always reformat HDD before reinstalling.

I just finished reinstalling my OS today actually.

Cheers.

reply to post by davespanners


mi5 and mi6 have the ability to access any connected computer at any time in the UK - WITHOUT A WARRANT. Thats a fact. Not sure what they use or how they do it - but they can and do - it was all over the news about two years ago.

reply to post by pianopraze


Never said it was coded by the CIA -

www.abovetopsecret.com...


One of my masters was in International Relations - worked specifically on Peter Singer - Wired for War where he discusses the Iron Triangle with CIA funded venture capital groups.

Originally posted by Aristophrenia
reply to post by davespanners

 

mi5 and mi6 have the ability to access any connected computer at any time in the UK - WITHOUT A WARRANT. Thats a fact. Not sure what they use or how they do it - but they can and do - it was all over the news about two years ago.

There are physical blocks that you can put in place to stop the inbound connections. A router is one excellent step to stop people from trolling your system, simply disable upnp and not allow any port forwarding. Unless you make a connection outbound there can be no connection inbound.

A good example is if you have 3 computers sharing an internet connection via a router. Until one of those computers makes an outbound connection how is an unsolicited inbound connection to know where those computers are on the network? Once one of the computers makes an outbound request, the router negotiates the connection back to that computer. As the router controls 2 physical Ethernet cards an unsolicited inbound connection reaches a physical block at the router and is stopped.

It is possible that software to force a port forward, or to force unwanted outbound connections have been built into the router/operating system on systems sole in the UK, but I'd have to see one to be sure.

..Ex

I'm sure this happens more than most expect and I keep having to remind myself not to pick my nose in front of my computer but it's hard, lol. Who can be worried about webcams though when satellites can see through your ceiling?

Don't get me started on the remote viewing crap. I'm aware, I just had to decide not to care.

I don't believe MI5 or whatever have the capability to hack any pc they wanted. Some people are much smarter than some government goon.

I seriously doubt it's possible on most peoples private pc's without their knowledge.

Originally posted by ChaosMagician
I'm sure this happens more than most expect and I keep having to remind myself not to pick my nose in front of my computer but it's hard, lol. Who can be worried about webcams though when satellites can see through your ceiling?

Don't get me started on the remote viewing crap. I'm aware, I just had to decide not to care.

Yep! and don't forget about ceiling cat!!!!

[atsimg]http://files.abovetopsecret.com/images/member/da5e62944a64.jpg[/atsimg]

He sees everything

This is pure BS.
Firstly if the government really wanted to track your knowhows and whereabouts they would monitor your phone calls, survey your house, and trail you about town. There's a reason they only reserve this activity for terrorists and criminals. Now before anyone says "But Kryyptyk, they can get financial info, personal files, and blah blah blah off your computer..", NO they can't. If you have even a basic firewall and anti-virus you've got nothing to worry about as long as they're constant and updated. Besides, it would be a waste of time collecting so much bunk data. Who cares if you shop online? Who cares if you watch porn? Who cares about your TAXES? >_<

Second, everyone who has said you need permission to access computer hardware is correct. Those protocols have been in place since the internet has been open to the public. The only way to access your webcam/mic without your knowledge is if you've previously OK'd the IP and saved the certificate of said IP to allow non-permissible access, or if you previously downloaded a virus ridden package containing a Trojan. This is basic, basic stuff people.

So in conclusion, if you don't have a constant net connection, have antivirus/firewall protection, and watch what you access on the net, you have nothing to worry about. =)

(btw check your background processes, some of those Trojans I mentioned can pose as almost anything so keep watch and if anything fishy pops up one day, kill it. Problem solved.)

You have a great post here! making people aware of these issues. Check out how schools already monitor kids and also how they due it when students are at home.



Also check this one out



One day you will see on your home phones, car phone systems, home TV’s and computers, integrate a system like the iphone 4 face time program. This will just add to the toolbox of big brothers surveillance grid.

reply to post by theregonnakillme

send me the code via U2U so I can experiment with it and see if I can verify your claim.

I love how these threads bring out the 'experts' who have computer science degrees and use "nix". 99% of the posts by these so called gurus are absolute garbage.

reply to post by theregonnakillme


You claim to know a lot but by reading your posts you have proven how naive you are.

Just because you claim you went to college and are a professional, doesn't make it so.

It is a reality for sure.

I refuse to have a webcam or mic on/in my computers. lol
unless there is a hidden built in mic im unaware of. [wouldnt surprise me].
lol

But i wont buy a laptop, no matter how much i want it,
if it has a built in webcam. lol

Originally posted by madmangunradio
DONT USE WINDOWS. I hate all caps but damnit. Someone has to lay down reality.

i would just like to point you here

The report found that the most vulnerable operating system in the world is ... Apple's OS X Server. This OS accounted for 14.3 percent of all vulnerability disclosures last year, followed closely by Apple's OS X desktop software, also with 14.3 percent. Next up was ... the Linux kernel, with 10.9 percent, followed by Sun's Solaris with 7.3 percent. It's only then that Microsoft gets a look-in with Windows XP (5.5 percent), Server 2003 (5.2 percent), Vista (5.1 percent), 2000 (4.8 percent), and Server 2008 (4.1 percent). IBM's AIX brought up the rear with a paltry 3.7 percent.

www.serverwatch.com...

and here

It is of the opinion of Charlie Miller, a well known Mac security guru, that even Snow Leopard, the latest version of Mac OS X, isn't as safe as Windows.

www.tomshardware.com...

and also here

You should not switch from Windows to Unix because it is theoretically more secure. The fact is that if your administrators know how to secure Windows the best, your organization's Windows systems will be infinitely more secure than any Unix implementation they come up with. They can know the general concepts of security, but they will not be familiar with the intricacies of Unix security. This creates more vulnerabilities. Even when Windows was theoretically at its worst with regards to security, there were many skilled Windows administrators who maintained their systems more securely than most Unix systems.

searchsecurity.techtarget.com...

and this

Massive Mac OS X Update Shatters Illusion of Security

www.pcworld.com...

with all that said the weakest link in the chain is not the OS but the user... and with windows having like 90% market share you can bet there will be alot of weak links using windows

I am a computer expert. I am well versed in various computer related items of interest. I use Linux and Windows both on a daily basis, and have been building kernels, editing kernel code, etc for years. Furthermore, I have been published twice in 2600: The Hacker Quarterly...

In the case of this article, it is probable that there could be some sort of extremely low level way of accessing the webcam, perhaps on a bios level. That being said, I highly doubt that such a thing is going on with any of our computers. This sort of vector would be extremely complex. It'd be more cost effective to build a webcam attached arduino into a laptop and wire it passively to the webcam and network adapters.

This leaves only a few options of getting in - one would be a backdoor in the operating system. In the case of Macintosh and Windows users, this is a concern because they are closed source, meaning that there is the potential for built in government (or whoever else - pervs at Microsoft or Apple, for instance...or those with even more nefarious ideas) back doors.

Otherwise, the only vector would be via spyware. Unless you have a security vulnerability, or someone has physical access to your machine through whatever way, you will be the one installing this, most likely by accident or by opening some email file attachment, or by visiting porn sites. This still will be 99.9% focused attacks for Windows and Macintosh.

That all said, only the second option is a possible entry point in Linux, which I run on my main machines. It is doubtful I will ever install anything that can access my webcam, aside from flash, but flash requires access privileges. Furthermore, the /dev/video0 device (the software side of the camera) is set to be inaccessible by anyone but the root user. So unless there is a kernel code that is bad (impossible, the Linux community sees all kernel code and ousts anything that is suspect), or a proprietary app installed, or a poorly researched opensource app installed, the only other way would be through a kernel exploit. In the case of 'nix, all this is very unlikely, due to the small marketshare, though the tools do probably exist...

In reality, though, crapware, virii, and physical access to the machine are the most pressing threats. Otherwise, don't use OSX or Windows.

As for the petty arguments above, that study only accounts for servers, who rarely get their software or kernels updated. If you run bleeding edge kernels, you are extremely secure. On top of that, if you run behind a linux based router such as Untangle, and have it setup right, insecurities are moot when it comes to having attacks happen from the internet.

Windows would maybe be more secure as argued, except for the fact it has NSA back doors installed. No person has proved this, but it has been long suspected.