People who put tape over the camera lense on their laptops?

PSA TIME FOLKS...

I’ve been online via BBS and pennywhisltle modems with dial up phones since about 1980 and I’ve gleaned some facts that I’d like to share.

1) If you are using a consumer grade computer (Windows, Apple) and you have not downloaded spyware via a compromised website or opening stupid attachments from email you shouldn’t have then you computer is not spying on you.

There are in all probability tools the NSA can use to hack your computer via your IP address but they need to target you first in order to do that and gain warrants, etc... it takes effort and a task force. I’m pretty sure talking trash on TDPRI will not get that kind of attention so I’m pretty confident we’re in the clear. We are not worth their time.

2) If you think you’re computer has a virus, Trojan, keylogger, etc... Tape over your camera will do nothing. They can see your screen and log anything you type. Get you computer cleaned up and keep it clean. Scammers and thief’s are looking for low hanging fruit. They aren’t going to waste time on someone who takes defensive measures. There are way too many sucker s who don’t.

3) I know this should be obvious but Microsoft security will never phone you at home, out of the blue to help you upgrade your security. My dad fell for this and so did my mom. Fortunately they were both too inept at running terminal commands to assist the hackers in installing the malware remotely.



Then there’s this...

Ok, this phishing scam posted @netgear69 is a neat variation on a theme.

This is automated and run as a script. They’re not typing this thing and sending it, you’re on their hit list and they send out a million of these things daily. They make it look like it’s coming from your email address to your address but it’s sent from a mail server in Moldova and theyre spoofing your email address to make it look like it’s coming from your account.

But how did they get my password?
They get the password associated to the email account from a list that’s being circulated online. There are somewhere around 50M exposed passwords being circulated currently and likely more. If you’ve been a member of LinkedIn, DropBox, Sony, Adobe and now of course Facebook as well as many others over the last decade there is a very good chance your email address and one of your passwords is on a list circulating. Here’s a site that can tell you how or if it happened: https://haveibeenpwned.com/ put in your email address and it will tell you if it’s on a list and how’s that occurred.

So back to that scam...
They run their script with your email against their database of hacked passwords and if they have an email match, they drop in that little bit with a password you’ll recognize making them seem legit. If they don’t have a match, you get the message without the pawsord part.

The long and short of it is that they threaten you about screenshots and embarrassing you by sending stuff to your contact list. It’s BS. They do not have any screenshots or a list of your contacts. If they did they would include a screenshot of you doing whatever they claim. It’s just a more advanced scam for 2018.

In conclusion...
If you think your computer has been compromised, get it professionally cleaned. Seriously, better safe than sorry.

If tape over the camera makes you feel better, by all means put tape on the camera but websites can’t remotely turn on your camera unless you install sorftware or a browser plugin that lets them do that and keyloggers and screen grabbers are far, far more dangerous.

G’night y’all.

 

Assuming that’s a euphemism, that’s why the tape is important.

 

Hilarious

I hadn’t but yes, the shoe fits and it fits well

 

Brilliant and informative post... thank you so much.

I entered my email in to the above site and I'm on 4 lists of stolen password data... and I don't do Facebook, Linkedin etc. I changed my Windows password two weeks ago... looks like I'll keep it changing.

I've been using a password generator (lastpass) for a few years but I'd kept my Windows log-on password the same for several years. Sloppy of me.

I can't help feeling that the news this morning about the use of an unsecured cell phone is coincidental... or is it??? (There's so much more I want to say... but won't! )

 

Sounds like a great plan. Put all your passwords online.

But you really should worry about your Windows password, I bet you have people breaking into your house on a daily basis, so you have to be careful.

 

Strange place for a shoe.

Although athletes foot and jock itch are probably quite similar.

 

This is another opportunity to point out the false sense of security or understanding people have with anti-virus software. This doesn't mean don't use it but does mean have the sense to realize it is often a remedy for or thing that makes noise in a too late situation.

Using DNS and network based security has been huge in my problem solving to protect unsophisticated users. I'm almost 30 years into computer networking, admin and security. Even with Cisco and other certifications plus a lot of experience it's humbling.

A good edge device and software feature set where you do your computing will see all the source and destination traffic.

What I call buying a laptop vs a craptop makes a difference. The software loads on a lot of discount stuff has been known to compromise security. A lot of people are always criticizing Microsoft or Windows 10 as examples but the real problem is just a bad combination of what you bought and how the owner is using it. I have to watch over what around 750 employees do and the modern world of vendors doing a whole lot under your roof. Now well into replacing old with Windows 10 I see it as best ever for that platform but I've only got it deployed with business class hardware and in some cases Microsoft's own branded computers that have proven to be superb in important ways.

You also can't have a false sense of security if you use a Mac or Linux. They have vulnerabilities too.

Cisco owns OpenDNS now but they've still kept on with a free or family option. My guess is it's probably better than ever because that and Meraki cloud changes have come closer together.

If you're really paranoid or want the best possible scenario consider getting the entry level enterprise products for your personal use.

 

Ditto.

I have a number of friends in the IT dept of the company I'm working with. They've all done it as they know just how easy it is to hack into cameras and microphones. I didn't ask for a camera on my Mac and I'll only use it of it's to my benefit.

 

Bots can do the first line surveillance, and flag "interesting" cases for people to look at.

I'm not making this up. We have federal indictments out for people blowing the whistle on this.

 

Here is a helpful graphic from security researcher/journalist Brian Krebs that puts this webcam hacking risk in perspective. The next time you think "Yeah, but who would be interested in hacking MY computer?" think of all these ways some random person can get value from your hacked PC. "Webcam Image Extortion" is just the one way down on the lower right.


https://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/

 

So, you're saying we're all screwed 36 ways from Sunday?

 

I taped over mine...and also those dumb lights that keep flashing on my dashboard.

 

I hate the "Why are you worrying if you're doing nothing wrong" or "no one's gonna watch you" arguments...


Because I don't want people collecting facial recognition data from my face, for one. I dont want to be recorded, 'Just in case a scammer can use data.

Yes I use the tape. Even Mark Zuckerberg does....

Umm, FWIW, Bossman can say to IT tech. I want to monitor my employees through our PC's video devices.. IT Tech puts a program on the computer, sets everything up so bossman can click his program open and browse all your monitors. Bossman isn't being the hacker, he's paying a hacker to make the monitoring easy for him. He can do this successfully, barely able to operate a mouse.. I haven't heard of this done with video cameras specifically, but this is pretty common for E-mail..



Even Michael Scott was able to monitor his employee's emails..

 

Idiot!

Idiot!

 

Another thing about the "why would someone want to hack my computer" line of thought. One important aspect is that most attacks are not an attack against you or your computer. It targets a certain flaw in a certain kind of system.

If it is a very common system, you can get a lot of payoff for minimal work. Your computer is most likely a very common system.