Help Irongeek.com pay for bandwidth and research equipment:
WHAS 11 Webcam Exploit (Hacking Illustrated Series InfoSec Tutorial
Videos)
WHAS 11 Webcam Exploit
Below is a segment I did an
interview for. They took very little of what I said, and played up the voyeur
aspect (I told them webcams were not that big a worry, but drive by bot installs
were).
They were asking about a specific vulnerability, and sent me
some links. I told them:
1. Looks like they are relating it to Operation Aurora.
2. It's not really webcam specific, any vulnerability that say it allows for
"arbitrary code execution" could do the same thing.
3. Most of the buzz seems to be talking about IE 6, which it pretty out of
date. However, some corporations still run it because it it what their
webapps support.
6. If a user is silly enough to run a random exe a website/email/p2p network
gives them, they will likely get "owned" regardless of the whither on not
there is an exploit.
7. There are programs out there that can be used to monitor others. An
exploit that allows for "arbitrary code execution" can install one in
theory, but so could a snooping significant other.
8. Google hacking/Google dorks are always fun. Basically, people put devices
on an Internet facing LAN that should not. Beside webcams, you can also fine
printers and other devices. Try these Google searches:
Printable version of this article