Day 42 - Taping your webcam, open ports, the WHY of it all
31 Mar 2017 100daysofwritingI have thought long and hard about the topic that I plan to write on today,
Privacy. I taped my laptop’s webcam about 2 weeks ago, it afforded a renewed
notion of security, for the past 2 years, I have had it obscured because the
lid of my laptop is mostly closed. But now, I am all in. When I think about the
doors that I have left open for attackers, I want to be sure that there’s
nothing obviously wrong that I am doing. Before my recent Ubuntu
re-install,
I had the package openssh-server
installed on my primary computer! YEAH. Port
22 was open, it was behind a router and I used it to connect to my computer
through my phone.
Let me say that again: I had an RSA private key on my phone that could be used to get into my computer. Obviously, I didn’t know how insanely dangerous and stupid of my it was to have this kind of a setup, but I used to have that, and now I don’t. That’s partly because of all the articles that I read online about privacy and really important people’s email getting leaked or copied or hacked into or stolen, and partly because I finally understand how easy it is for someone to mount an attack, all it takes is a bit of social engineering (talk to the victim, get some details out of them, have access to their phone in an unlocked state for a short period of time) and the determination to want to get in.
Specifically, I think I should mention Robert Heaton’s post about cloning Facebook sessions using the Chrome extension EditThisCookie, which I tried myself with an incognito browser and my actual session and IT WORKED! A running ratchet that would change the session key for encryption every few minutes sounds like something that Facebook should have implemented? It all sounds really shady to me, because there were literally two steps to the whole process: 1. Install the extension 2. Copy the cookies and send them to yourself. The whole process would take about 5-9 minutes on a decent Internet connection with a good mouse and keyboard, assuming a logged in email account which is totally legit.
Obviously, the Snowden leaks, NSA apparently being able to switch on webcams without turning on the indicator lights on many versions and the Black Mirror S03E03 were all powerful contributing factors. (Mr. Robot didn’t have any privacy specific implications yet, but the next season might? should? We will see!)
P.S. See that black mirror episode if you haven’t already! The show was taken over by Netflix for the third season, and the production has changed and the difference between British production and Netflix production is rather visible! Nonetheless, all seasons of that show are GREAT.
POST #42 is OVER