Clickjacking - A very good VISUAL read

Talk about internet security, computer security, personal security, your social security number...
Post Reply
User avatar
therube
Ambassador
Posts: 7528
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Clickjacking - A very good VISUAL read

Post by therube » Fri Oct 21, 2011 2:35 pm

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:9.0a2) Gecko/20111017 Firefox/9.0a2 SeaMonkey/2.6a2

Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: Clickjacking - A very good VISUAL read

Post by Tom T. » Sat Oct 22, 2011 4:34 am

One solution is not to have a webcam. ;)

Seriously, consider putting a sticky note over it, or duct tape some paper over it, or whatever, when not in use.

There was a scandal a few months ago when a school in the US allowed students to take school laptops home. Then someone (janitor, IIRC? teacher?) remotely activated the web cams. Caught a lot of kids showering, dressing, undressing, mating...
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23

welly
Junior Member
Posts: 26
Joined: Fri Sep 10, 2010 6:19 am

Re: Clickjacking - A very good VISUAL read

Post by welly » Mon Nov 07, 2011 2:40 pm

Would the NoScript addon protect us from this?
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

welly
Junior Member
Posts: 26
Joined: Fri Sep 10, 2010 6:19 am

Re: Clickjacking - A very good VISUAL read

Post by welly » Mon Nov 07, 2011 4:39 pm

Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

User avatar
Giorgio Maone
Site Admin
Posts: 8790
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Clickjacking - A very good VISUAL read

Post by Giorgio Maone » Mon Nov 07, 2011 8:06 pm

welly wrote:Would the NoScript addon protect us from this?

Yes, of course.
welly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?

I can't tell, It depends on your cam's features :)
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

dhouwn
Bug Buster
Posts: 968
Joined: Thu Mar 19, 2009 12:51 pm

Re: Clickjacking - A very good VISUAL read

Post by dhouwn » Tue Nov 08, 2011 11:46 am

welly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?
I would guess that doing that is ingrained into the firmware of most cams.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: Clickjacking - A very good VISUAL read

Post by GµårÐïåñ » Tue Feb 07, 2012 2:45 am

Although I will not elaborate on the how, yes there is the ability and possibility to turn on the webcam WITHOUT triggering the light indicator. However, for the average consumer or the 99% of the population, not likely an option to get your hands on the tool firmware/SDK BUT you might find enough rudimentary tools on the underground sites to zombie a machine if you searched hard enough for it.

I recommend you permanently disable flash access to your webcam using the control panel tool provided in the recent flash releases that allow you to make choices that will stick regardless of LSO and in browser deletions or per site permissions. This is one of the reasons why adobe finally got off their ass provided a more robust control panel tool like java and quicktime have done for a long time. Before you could only use in browser control panel for it to set your options but depending on your browser, NS settings, next reload you were back to default. Now it sticks using the control panel. Not sure if there is a Mac equivalent for it, don't really care, but there is a Linux panel for it as well (although its community made).

Tom my friend, although I agree with you in spirit, given that 99.9% if not all laptops nowadays ship with a webcam, not having one is sometimes not really an option. And, although covering the webcam might stop the visual peaking, it does nothing for the microphone attached to it, so still can be recorded. Unless you go into your mixer or sound panel and disable the hardware (aka your mic) to be sure and if you don't use your webcam and want to make sure it NEVER becomes an issue, you can also disable the hardware permanently in the device manager.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0

Post Reply