Your MacBook Camera could Spy on You without lighting up the warning light

If you own Apple's MacBook, you should cover up it's webcam, because there's a possibility someone could be watching you. Like most webcams, the MacBook also has a tiny green light lets you know that the webcam is active, but it's possible for malware to disable this important privacy feature on...

Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials

Product: Product NetCam WiFi Camera With Night Vision, purchased August 2013 Summary: Live video stream is accessible with user/password of admin/admin. The user/password combination admin/admin cannot be changed by the user. This "feature" is undocumented. To reproduce: 1. Connect webcam to...

Security changes and features of Opera 18

News Security changes and features of Opera 18 Share December 4th, 2013 Opera 18 is now out on the stable channel, so we wanted to take a moment to go through some of the new features from a security perspective. Media Access One of the new features is media access. That is; camera and microphone...

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability CVE-2012-1823 to propagate that has been patched as far back as May 2012. Linux worm, which has been dubbed Linux.Darlloz, poses a threat to devices such as home routers a...

CVE-2013-5215

Cross-site scripting XSS vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID...

Belkin NetCam Wifi Camera Hardcoded Credentials

Product: Product NetCam WiFi Camera With Night Vision, purchased August 2013 Summary: Live video stream is accessible with user/password of admin/admin. The user/password combination admin/admin cannot be changed by the user. This "feature" is undocumented. To reproduce: 1. Connect webcam to...

FOSCAM Wireless IP Camera Cross Site Scripting

Advisory: FOSCAM Wireless IP Camera - SSID XSS Author: Liad Mizrachi Vendor URL: http://www.foscam.com/ Vulnerability Status: No Fix CVE-ID: CVE-2013-5215 ========================== Vulnerability Description ========================== FOSCAM's Web UI "WiFi scan" option is vulnerable to XSS using ...

Smartphones, A Perfect Cyber Espionage and Surveillance Weapon

The use of mobile devices in government environments concerns the secret service of any states, cyber espionage more often exploits the mobile platforms. Mobile devices are reason of great concern for governments, they have a great computational capability, huge memories to store our personal dat...

Stem Innovation ‘IZON’ Hard-coded Credentials (CVE-2013-6236)

Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...

Stem Innovation - 'IZON' Hard-Coded Credentials

Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux distribution and also the hidden web...

Stem Innovation - IZON Hard-Coded Credentials

Stem Innovation - IZON Hard-Coded Credentials Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within it...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Qualcomm stack buffer overflow camera

Stack-based buffer overflow and memory disclosure in camera driver QCIR-2013-00008-1: A stack-based buffer overflow and a kernel memory disclosure vulnerability have been discovered in the system call handlers of the camera driver...

CVE-2013-3687

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file...

Buffer overflow

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file...

CVE-2013-3686

cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action...

CVE-2013-3687

AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models use cleartext to store sensitive information, which allows attackers to obtain passwords, user names, and other sensitive information by reading an unspecified backup file...

Apple iOS密码锁安全限制绕过漏洞

CVE ID: CVE-2013-5161 iOS是由苹果公司为移动设备所开发的操作系统，支持的设备包括iPhone、iPod touch、iPad、Apple TV。 Apple iOS 7.0.2之前版本的密码锁没有正确过滤锁定状态，物理接触受影响设备的攻击者在某些情况下可绕过密码限制，打开“照相机”应用或读取最近打开的应用列表。 0 Apple iOS 7.0.2 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（HT5957）以及相应补丁: HT5957：About the security content of iOS 7.0.2...

CVE-2013-3540

Cross-site request forgery CSRF vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users...

CVE-2013-3689

Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which allow remote attackers to obtain sensitive information user names, passwords, and configurations...