Mick and Robin, Thanks. Russ, I'm looking into Espia now.
Adrian On Sat, Mar 27, 2010 at 1:43 PM, Butturini, Russell < [email protected]> wrote: > Meterpreter plus the espia plugins would probably make for a good demo. > > ------------------------------ > *From*: [email protected] < > [email protected]> > *To*: PaulDotCom Security Weekly Mailing List < > [email protected]> > *Sent*: Sat Mar 27 09:14:54 2010 > *Subject*: [Pauldotcom] Tips for not looking stupid on TV? > > I'm guessing the reported just did a Google search for Louisville and > hacking and came up with me. He basically asked " I’m writing to see if you > would like to help me with a story we’re doing. It is about a hole in > Microsoft security in Internet Explorer that allows hackers to spy on people > through their webcams. Is it possible? How does it work? And can you show > us for the purposes of a story?" I was not aware of anything specific to > webcams and IE, but he sent me a clipping and I think he was basing it on > this: > > http://www.youtube.com/user/MichaelSias#p/u/11/8DtgG58aIBw > > I told him: > > 1. Looks like they are relating it to Operation Aurora. > > 2. It's not really Web cam specific, any vulnerability that say it allows > for "arbitrary code execution" could do the same thing. > > 3. Most of the buzz seems to be talking about IE 6, which it pretty out of > date. However, some corporations still run int because it it what their > webapps support. > > 4. The specific vulnerability is CVE-2010-0249 and code for the exploit can > be found here: > http://www.exploit-db.com/exploits/11167 > > 5. Microsoft has release a patch for it: > http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx > > 6. If a user is silly enough to run a random exe a website/email/p2p > network gives them, they will likely get "owned" regardless of the whither > on not there is an exploit. > > 7. There are programs out their that can be used to monitor others. An > exploit that allows for "arbitrary code execution" can install one in > theory, but so could a snooping significant other. > > 8. Google hacking/Google dorks are always fun. Basically, people put > devices on an Internet facing LAN that should not. Beside webcams, you can > also fine printers and other devices. Try these Google searches: > > intitle:"Live View / – AXIS" > inurl:/cgi/ieng > inurl:hp/device/this.LCDispatcher > > Or a big list from here: > http://www.hackersforcharity.org/ghdb/?function=summary&cat=18 > > > Any tips on how to best deal with the media? Is there a webcam related IE > exploit out there I'm not aware of, or is is just a case of "one of the > things people can do with arbitrary code execution"? > > Thanks, > Adrian > > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
