PaulDotCom mailing list archives
Tips for not looking stupid on TV?
From: dninja at gmail.com (Robin Wood)
Date: Sat, 27 Mar 2010 16:24:56 +0000
I can never remember the url but there is the great old image from back orifice (I think) of the kid on the bed with his girlfriend behind him and the caption something like "why you on the pc with her behind you". Robin On 27 March 2010 14:14, Adrian Crenshaw <irongeek at irongeek.com> wrote:
????? I'm guessing the reported just did a Google search for Louisville and hacking and came up with me. He basically asked " I?m writing to see if you would like to help me with a story we?re doing. It is about a hole in Microsoft security in Internet Explorer that allows hackers to spy on people through their webcams.? Is it possible? How does it work? And can you show us for the purposes of a story?" I was not aware of anything specific to webcams and IE, but he sent me a clipping and I think he was basing it on this: http://www.youtube.com/user/MichaelSias#p/u/11/8DtgG58aIBw I told him: 1. Looks like they are relating it to Operation Aurora. 2. It's not really Web cam specific, any vulnerability that say it allows for "arbitrary code execution" could do the same thing. 3. Most of the buzz seems to be talking about IE 6, which it pretty out of date. However, some corporations still run int because it it what their webapps support. 4. The specific vulnerability is CVE-2010-0249 and code for the exploit can be found here: http://www.exploit-db.com/exploits/11167 5. Microsoft has release a patch for it: http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx 6. If a user is silly enough to run a random exe a website/email/p2p network gives them, they will likely get "owned" regardless of the whither on not there is an exploit. 7. There are programs out their that can be used to monitor others. An exploit that allows for "arbitrary code execution" can install one in theory, but so could a snooping significant other. 8. Google hacking/Google dorks are always fun. Basically, people put devices on an Internet facing LAN that should not. Beside webcams, you can also fine printers and other devices. Try these Google searches: intitle:"Live View / ? AXIS" inurl:/cgi/ieng inurl:hp/device/this.LCDispatcher Or a big list from here: http://www.hackersforcharity.org/ghdb/?function=summary&cat=18 Any tips on how to best deal with the media? Is there a webcam related IE exploit out there I'm not aware of, or is is just a case of "one of the things people can do with arbitrary code execution"? Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Tips for not looking stupid on TV? Adrian Crenshaw (Mar 27)
- Tips for not looking stupid on TV? Robin Wood (Mar 27)
- Tips for not looking stupid on TV? Butturini, Russell (Mar 27)
- Tips for not looking stupid on TV? Adrian Crenshaw (Mar 28)
- Tips for not looking stupid on TV? Michael Douglas (Mar 28)