Tips for not looking stupid on TV?

[genesiswave at gmail.com (James Costello)]

So now you are "literally" a hacker -
http://www.youtube.com/watch?v=RAIww1VRY7Y - literally

On Fri, Apr 30, 2010 at 3:21 AM, Adrian Crenshaw <irongeek at irongeek.com>wrote:

> Well, they took very little of what I said, and played up the voyeur aspect
> (I told them webcams were not that big a worry, but drive by bot installs
> were). Also, I'm currently now being hired as a pentester, so the part about
> me being hired to break into other boxes is not quite accurate. Still, it
> could have been worse:
>
>
> http://www.whas11.com/home/Eyes-on-you-Beware-Internet-hackers-on-your-webcam-92464624.html
>
>
>
> Thanks,
> Adrian
>
>
>
> On Sun, Mar 28, 2010 at 7:00 PM, Adrian Crenshaw <irongeek at irongeek.com>wrote:
>
> > Mick and Robin, Thanks. Russ, I'm looking into Espia now.
> >
> >
> > Adrian
> >
> >   On Sat, Mar 27, 2010 at 1:43 PM, Butturini, Russell <
> > Russell.Butturini at healthways.com> wrote:
> >
> > >   Meterpreter plus the espia plugins would probably make for a good
> > > demo.
> > >
> > >  ------------------------------
> > > *From*: pauldotcom-bounces at mail.pauldotcom.com <
> > > pauldotcom-bounces at mail.pauldotcom.com>
> > > *To*: PaulDotCom Security Weekly Mailing List <
> > > pauldotcom at mail.pauldotcom.com>
> > > *Sent*: Sat Mar 27 09:14:54 2010
> > > *Subject*: [Pauldotcom] Tips for not looking stupid on TV?
> > >
> > >         I'm guessing the reported just did a Google search for
> > > Louisville and hacking and came up with me. He basically asked " I?m writing
> > > to see if you would like to help me with a story we?re doing. It is about a
> > > hole in Microsoft security in Internet Explorer that allows hackers to spy
> > > on people through their webcams.  Is it possible? How does it work? And can
> > > you show us for the purposes of a story?" I was not aware of anything
> > > specific to webcams and IE, but he sent me a clipping and I think he was
> > > basing it on this:
> > >
> > > http://www.youtube.com/user/MichaelSias#p/u/11/8DtgG58aIBw
> > >
> > > I told him:
> > >
> > > 1. Looks like they are relating it to Operation Aurora.
> > >
> > > 2. It's not really Web cam specific, any vulnerability that say it allows
> > > for "arbitrary code execution" could do the same thing.
> > >
> > > 3. Most of the buzz seems to be talking about IE 6, which it pretty out
> > > of date. However, some corporations still run int because it it what their
> > > webapps support.
> > >
> > > 4. The specific vulnerability is CVE-2010-0249 and code for the exploit
> > > can be found here:
> > > http://www.exploit-db.com/exploits/11167
> > >
> > > 5. Microsoft has release a patch for it:
> > > http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx
> > >
> > > 6. If a user is silly enough to run a random exe a website/email/p2p
> > > network gives them, they will likely get "owned" regardless of the whither
> > > on not there is an exploit.
> > >
> > > 7. There are programs out their that can be used to monitor others. An
> > > exploit that allows for "arbitrary code execution" can install one in
> > > theory, but so could a snooping significant other.
> > >
> > > 8. Google hacking/Google dorks are always fun. Basically, people put
> > > devices on an Internet facing LAN that should not. Beside webcams, you can
> > > also fine printers and other devices. Try these Google searches:
> > >
> > > intitle:"Live View / ? AXIS"
> > > inurl:/cgi/ieng
> > > inurl:hp/device/this.LCDispatcher
> > >
> > > Or a big list from here:
> > > http://www.hackersforcharity.org/ghdb/?function=summary&cat=18
> > >
> > >
> > > Any tips on how to best deal with the media? Is there a webcam related IE
> > > exploit out there I'm not aware of, or is is just a case of "one of the
> > > things people can do with arbitrary code execution"?
> > >
> > > Thanks,
> > > Adrian
> > >
> > >
> > >
> > > ******************************************************************************
> > > This email contains confidential and proprietary information and is not to be used or disclosed to anyone other 
> > > than the named recipient of this email,
> > > and is to be used only for the intended purpose of this communication.
> > > ******************************************************************************
> > >
> > >
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100430/260688c9/attachment.htm