Clickjacking - A very good VISUAL read.
Flash Bug Allows Miscreants to Remotely Operate Your Web Cam
Clickjacking - A very good VISUAL read
Clickjacking - A very good VISUAL read
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:9.0a2) Gecko/20111017 Firefox/9.0a2 SeaMonkey/2.6a2
Re: Clickjacking - A very good VISUAL read
One solution is not to have a webcam. 
Seriously, consider putting a sticky note over it, or duct tape some paper over it, or whatever, when not in use.
There was a scandal a few months ago when a school in the US allowed students to take school laptops home. Then someone (janitor, IIRC? teacher?) remotely activated the web cams. Caught a lot of kids showering, dressing, undressing, mating...
Seriously, consider putting a sticky note over it, or duct tape some paper over it, or whatever, when not in use.
There was a scandal a few months ago when a school in the US allowed students to take school laptops home. Then someone (janitor, IIRC? teacher?) remotely activated the web cams. Caught a lot of kids showering, dressing, undressing, mating...
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23
Re: Clickjacking - A very good VISUAL read
Would the NoScript addon protect us from this?
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Re: Clickjacking - A very good VISUAL read
Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?
Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
-
Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Clickjacking - A very good VISUAL read
Yes, of course.welly wrote:Would the NoScript addon protect us from this?
I can't tell, It depends on your cam's featureswelly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?
Mozilla/5.0 (Windows NT 5.2; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Re: Clickjacking - A very good VISUAL read
I would guess that doing that is ingrained into the firmware of most cams.welly wrote:Also: Wouldn't turning on the cam like explained above also turn on my cam's indicator light?
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
-
GµårÐïåñ
- Lieutenant Colonel
- Posts: 3365
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: Clickjacking - A very good VISUAL read
Although I will not elaborate on the how, yes there is the ability and possibility to turn on the webcam WITHOUT triggering the light indicator. However, for the average consumer or the 99% of the population, not likely an option to get your hands on the tool firmware/SDK BUT you might find enough rudimentary tools on the underground sites to zombie a machine if you searched hard enough for it.
I recommend you permanently disable flash access to your webcam using the control panel tool provided in the recent flash releases that allow you to make choices that will stick regardless of LSO and in browser deletions or per site permissions. This is one of the reasons why adobe finally got off their ass provided a more robust control panel tool like java and quicktime have done for a long time. Before you could only use in browser control panel for it to set your options but depending on your browser, NS settings, next reload you were back to default. Now it sticks using the control panel. Not sure if there is a Mac equivalent for it, don't really care, but there is a Linux panel for it as well (although its community made).
Tom my friend, although I agree with you in spirit, given that 99.9% if not all laptops nowadays ship with a webcam, not having one is sometimes not really an option. And, although covering the webcam might stop the visual peaking, it does nothing for the microphone attached to it, so still can be recorded. Unless you go into your mixer or sound panel and disable the hardware (aka your mic) to be sure and if you don't use your webcam and want to make sure it NEVER becomes an issue, you can also disable the hardware permanently in the device manager.
I recommend you permanently disable flash access to your webcam using the control panel tool provided in the recent flash releases that allow you to make choices that will stick regardless of LSO and in browser deletions or per site permissions. This is one of the reasons why adobe finally got off their ass provided a more robust control panel tool like java and quicktime have done for a long time. Before you could only use in browser control panel for it to set your options but depending on your browser, NS settings, next reload you were back to default. Now it sticks using the control panel. Not sure if there is a Mac equivalent for it, don't really care, but there is a Linux panel for it as well (although its community made).
Tom my friend, although I agree with you in spirit, given that 99.9% if not all laptops nowadays ship with a webcam, not having one is sometimes not really an option. And, although covering the webcam might stop the visual peaking, it does nothing for the microphone attached to it, so still can be recorded. Unless you go into your mixer or sound panel and disable the hardware (aka your mic) to be sure and if you don't use your webcam and want to make sure it NEVER becomes an issue, you can also disable the hardware permanently in the device manager.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0