We are being watched through WEB-cameras

[Растаман]

Adobe has begun hasty work to fix an unpleasant vulnerability in one of its most famous technologies, Flash Player. Thanks to this subtlety, attackers could covertly activate microphones and webcams on end-user computers using the so-called “clickjacking” method. A vulnerability student at Stanford University, Feross Abuhadiji (Feross Aboukhadijeh), who created an example of hacking based on an algorithm discovered back in 2008 by an anonymous researcher, discovered the vulnerability.

Technically, “click stealing” is a type of attack that combines the completely legal capabilities of web applications, including setting transparency and positioning of elements using CSS styles, as well as social engineering methods that trick users into performing unnecessary actions. For example, this was used to force users of social networks to “put pluses” on false pages or to place spam on their own - the corresponding buttons were simply made transparent and superimposed on top of completely harmless elements.

The 2008 attack on webcams was built using the Adobe Flash Player Settings Manager utility, which is actually a web page on the Adobe website. It was displayed in an invisible Iframe, and as a result of deception, the user himself turned on access to his microphone and webcam. Then, a game written in JavaScript was used to deceive, and some mouse clicks really worked in it, while others were redirected to an invisible frame. As a result, Adobe introduced a special code into the Flash Player Settings Manager dialog that prevents this page from being inserted into invisible frames.

Despite the measures taken, Abuhadiji found that all access parameters are stored in a regular SWF file (Shockwave Flash), and they can be loaded into the frame directly, without the rest of the web page. As a result, it becomes possible to bypass Adobe code that protects against insertion into frames. In fact, the same vulnerability is used as in 2008, only the attack vector is chosen slightly different. Abuhadiji himself admitted that he was surprised by the operation of his scheme. The author claims to have informed Adobe of the vulnerability found, but received no response. Only after the public announcement did Adobe reach Abuhadiji to inform them of work to rectify the situation. It is assumed that to circumvent the vulnerability, users do not have to update their copies of Flash Player.


Based on materials from BetaNews, PC World, and CNET.

 

[@InfoPoisk]

Well, they watched us, they look and they will watch: cry :: cry :: cry:

 

[Детективное агентство ИКС-Инфо.]

Cut down microphones and cameras before going to net ...: roll:

 

[Частный детектив. Timofey. Челябинск.]

go to typewriters with support Wifi : lol:: lol:: lol:

 

[Детективное агентство Тула]

Actively use a wig, glasses and makeup!

 

[НСК-СБ]

Thank you Nail!

 

[Частный детектив Севастополь ОДБ]

Thanks, we will consider !!!

 

[Игорь Эдуардович]

Thanks, read with interest !!!!!

 

[Саратов-Алиби]

Yes, let them look, I somehow do not care "maritime signs" ..........: lol:: lol:: lol:

Nail thanks for the stuff.

 

[Игорь Коракс]

Thank you, it is especially worthwhile to be careful owners of laptops, where by default the built-in cameras and microphones are always in standby mode. The only reliable way to seal the camera.