[SecurityRatty] tag: reconsider

Leave Your Webcam On 24/7? Might Want To Reconsider...

Mon, 01 Sep 2008 11:46:09 +0000

It's nothing new that many hackers use programs that allow them to "spy" on their victims once they've compromised the PC (as long as they have a webcam switched on, of course). Similarly, hacking culture has always had a fascination for memes, incorporating them into part of the design of their latest DDoS tools.

However, the strange obsession with shock memes has now spilled into a "fun" game currently doing the rounds on various hacking sites and forums.

What this involves is hackers compromising a PC, ensuring the victim has a webcam switched on then opening up shock meme websites at the most inopportune moment, recording the moment of impact with the webcam feed. Or, as one guy put it:

If you don't know what Meatspin is, you can probably count yourself lucky. If you still want to know, click here (for an explanation. Not Meatspin itself, though the explanation might be classed NSFW anyway).

Here's a real life example of one such incident, taken from a message board:

Click to Enlarge

Typically, the shock meme website is opened up at full blast, which startles the victim (most sites of this nature loop a piece of music in the background while the, er, action takes place on screen). The bigger the shock, the better. Here's one guy who sounds like he shot about six feet in the air when the meme site fired up in his browser:

Click to Enlarge

This might all sound like fun and games - sort of - but note that the above individual did try to grab the victims credit card details.

Generally, the attacker doesn't interact with the victim (because they want friends, relatives or others to think the victim actually brought the site up themselves) but here's a little trash talk anyway:

At this point, the attacker may or may not grab a screenshot for posterity. I've seen quite a few galleries on sites comprised of people looking shocked at Tubgirl, or being spun round baby right round by Meatspin, and there's no doubt countless others out there floating around. Of course, not everybody is shocked (or indeed impressed) by a shockmeme site popping up on their computer. As an example of that, take this guy:

Full credit to anyone that counters a shockmeme site appearing on their desktop by picking their nose for five minutes. At any rate, the golden rule with this is that the hackers only bother doing this when a webcam is present and left switched on. If there's no webcam, there's no point trying to elicit a response (because for all they know they're popping open 2 Girls and 1 Cup to an empty server room).

Webcams can be a fun tool, but remember to switch them off every now and again or they could come back to haunt you. Of course, depending on the shock meme site deployed (and who happens to be in the room with you at the time), that could be the least of your worries...

Stopbadware Scolds Apple Over Safari Carpet Bomb

Fri, 23 May 2008 14:11:43 +0000

From Network World:

An antimalware organization has called on Apple to beef up its Safari Web browser to protect users from exploits that could let attackers download malicious code to a Mac or Windows user’s desktop.

Stopbadware.org, a group founded by Google, Chinese computer maker Lenovo Group and Sun, on Monday asked Apple to reconsider its refusal to address the flaw as a security problem.

“StopBadware.org believes that users should have control over software being downloaded to their computers, and we encourage Apple to reconsider its stance and treat this as the security issue that it is,” Stopbadware.org said in an appeal posted to its Web site.

Read on.

Article Link

Employers loosen rules on camera phones

Sun, 18 May 2008 20:00:00 +0000

Cameras are available on just about every kind of wireless handheld device, from inexpensive cell phones to high-end smart phones, putting pressure on IT managers to reconsider corporate security policies banning cameras.

Microsoft's directory team forced to reconsider ignored standards

Mon, 03 Mar 2008 21:00:00 +0000

Recent proclamations by Microsoft CEO Steve Ballmer that the company would move toward interoperability and support for standards is putting pressure on the head of the company's directory and identity development to reconsider support for industry standards such as SAML that have been long ignored.

Rights groups seek court OK to intervene in Wikileaks case

Thu, 28 Feb 2008 11:00:00 +0000

The Electronic Frontier Foundation and the ACLU are among a growing number of public interest groups trying to get a federal court judge to reconsider a decision shuttering a whistle-blower Web site.