So now you are "literally" a hacker - http://www.youtube.com/watch?v=RAIww1VRY7Y - literally
On Fri, Apr 30, 2010 at 3:21 AM, Adrian Crenshaw <[email protected]>wrote: > Well, they took very little of what I said, and played up the voyeur aspect > (I told them webcams were not that big a worry, but drive by bot installs > were). Also, I'm currently now being hired as a pentester, so the part about > me being hired to break into other boxes is not quite accurate. Still, it > could have been worse: > > > http://www.whas11.com/home/Eyes-on-you-Beware-Internet-hackers-on-your-webcam-92464624.html > > > > Thanks, > Adrian > > > > On Sun, Mar 28, 2010 at 7:00 PM, Adrian Crenshaw <[email protected]>wrote: > >> Mick and Robin, Thanks. Russ, I'm looking into Espia now. >> >> >> Adrian >> >> On Sat, Mar 27, 2010 at 1:43 PM, Butturini, Russell < >> [email protected]> wrote: >> >>> Meterpreter plus the espia plugins would probably make for a good >>> demo. >>> >>> ------------------------------ >>> *From*: [email protected] < >>> [email protected]> >>> *To*: PaulDotCom Security Weekly Mailing List < >>> [email protected]> >>> *Sent*: Sat Mar 27 09:14:54 2010 >>> *Subject*: [Pauldotcom] Tips for not looking stupid on TV? >>> >>> I'm guessing the reported just did a Google search for >>> Louisville and hacking and came up with me. He basically asked " I’m writing >>> to see if you would like to help me with a story we’re doing. It is about a >>> hole in Microsoft security in Internet Explorer that allows hackers to spy >>> on people through their webcams. Is it possible? How does it work? And can >>> you show us for the purposes of a story?" I was not aware of anything >>> specific to webcams and IE, but he sent me a clipping and I think he was >>> basing it on this: >>> >>> http://www.youtube.com/user/MichaelSias#p/u/11/8DtgG58aIBw >>> >>> I told him: >>> >>> 1. Looks like they are relating it to Operation Aurora. >>> >>> 2. It's not really Web cam specific, any vulnerability that say it allows >>> for "arbitrary code execution" could do the same thing. >>> >>> 3. Most of the buzz seems to be talking about IE 6, which it pretty out >>> of date. However, some corporations still run int because it it what their >>> webapps support. >>> >>> 4. The specific vulnerability is CVE-2010-0249 and code for the exploit >>> can be found here: >>> http://www.exploit-db.com/exploits/11167 >>> >>> 5. Microsoft has release a patch for it: >>> http://www.microsoft.com/technet/security/bulletin/ms10-002.mspx >>> >>> 6. If a user is silly enough to run a random exe a website/email/p2p >>> network gives them, they will likely get "owned" regardless of the whither >>> on not there is an exploit. >>> >>> 7. There are programs out their that can be used to monitor others. An >>> exploit that allows for "arbitrary code execution" can install one in >>> theory, but so could a snooping significant other. >>> >>> 8. Google hacking/Google dorks are always fun. Basically, people put >>> devices on an Internet facing LAN that should not. Beside webcams, you can >>> also fine printers and other devices. Try these Google searches: >>> >>> intitle:"Live View / – AXIS" >>> inurl:/cgi/ieng >>> inurl:hp/device/this.LCDispatcher >>> >>> Or a big list from here: >>> http://www.hackersforcharity.org/ghdb/?function=summary&cat=18 >>> >>> >>> Any tips on how to best deal with the media? Is there a webcam related IE >>> exploit out there I'm not aware of, or is is just a case of "one of the >>> things people can do with arbitrary code execution"? >>> >>> Thanks, >>> Adrian >>> >>> >>> >>> ****************************************************************************** >>> This email contains confidential and proprietary information and is not to >>> be used or disclosed to anyone other than the named recipient of this email, >>> and is to be used only for the intended purpose of this communication. >>> ****************************************************************************** >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
