Slashdot Mirror
Google Exposes Web Surveillance Cams
An anonymous reader writes "Blogs and message forums buzzed this week with the discovery that a pair of simple Google searches permits access to well over 1,000 unprotected surveillance cameras around the world - apparently without their owners' knowledge." Apparently many of the cams are even aimable. Oops!
What is the search keyword.
This just underlines the engineer's problem with making something secure, yet making sure every moron in the U.S. can plug it in and turn it on and have it basically work.
meh
I use http://www.google.ca/search?q=inurl%3A%22axis-cgi% 2Fmjpg%22&btnG=Google to find them. It works great.
http://www.google.com/search?hl=en&lr=&safe=off&c2 coff=1&q=inurl%3A%22MultiCameraFrame%3FMode%3D%22
This is why you should never trust some other company with your own surveillance needs. There are plenty of camera + software combinations that can do TCP/IP stuff and you can tinker with it yourself and set it up on your own apache server.
I am sure someone will post with OSS software solutions.
Aside from that, how many people really need web-enabled surveillance? Just record it to HD or have it monitored live in closed-circuit fashion.
Brushfireb
Most of the ones that are found via Google require an ActiveX control. Don't get too excited.
I'm a big tall mofo.
For the curious, here there is an article (in spanish, sorry) with some links to cams and what terms to search to find more, happy watching :)
t icle=146
http://sindominio.net/suburbia/article.php3?id_ar
When some wag placed Dino in front of a volcano monitoring camera on White Island it was claimed that he would slowly disintegrate from noxious fumes and gases emitted from the volcano. And yet, Dino is still smiling back at us in defiance...
I got a jump on this from the Boing Boing post a couple days ago. I use inurl:"axis-cgi/mjpg".i ?camera=&showlength=1&resolution=640x480 Shows animals under the knife, I've yet to catch a surgery yet.
This one seems to show every page printed off of some printer. http://81.72.76.218/view/index.shtml. Right now it's some photo.
This one http://217.148.2.106/view/index.shtml shows somes bar (German?) that seems very active.
This one http://24.173.235.172:8001/axis-cgi/mjpg/video.cg
Anybody find any other cool ones?
This is slashdot - where are the nudie shots...
Use Google and search for the following:
inurl:"ViewerFrame?Mode="
or:
inurl:"MultiCameraFrame?Mode="
one two
:)
I have clicked some of them, and indded some provide pictures of various random places, like shopping center, bureau, or parking lot. But I've noticed that some of them are asking for a password, or simply refuse to connect. Does it mean that admins had fast response to this issue?
And btw - slashdotting thousands of cameras around the world is really funny. Karma prize for a person that finds the most interesting places!
#
#\ @ ? Colonize Mars
#
Sure, and if you're inexperienced or a moron then you can do it wrong, just as these people have. High quality tools can still be misused by dolts.
I am sure someone will post with OSS software solutions. Aside from that, how many people really need web-enabled surveillance? Just record it to HD or have it monitored live in closed-circuit fashion.
Does anyone remember the article, couple years back about people using X10 cams for survelience, which were easily monitored from, not a black suburban, but so much as a Yugo with a coathanger antenna out in the street? It's about understanding the deployment needs and big picture of security.
"hey, I can see myself in the bathroom in the internet.... uh..."
A feeling of having made the same mistake before: Deja Foobar
The search keyword is inurl:"axis-cgi/mjpg"
Why did you have to say that now you made me look too...
inurl:"view/index.shtml"
On pages with non-enlish text (E.G. this one http://aquashop-es.miemasu.net/MultiCameraFrame?Mo de=Motion&Language=1)
change language=1 to language=0 to get english text.
While looking ofr daycare for my kids, I came across a few that offered web based cam viewing of the kids/classrooms. My wife thought it was a great idea til I suggested that anyone could potentially view the kids....sex offenders, children theft services, etc. Sure the school offered password based access, but any system that is turned on can be compromised. Maybe it's the paranoid dad in me, but while it may be nice to see what my kids and teachers are doing, it scares me that some pediphile may be watching what kids are doing, learning their favorite activites, and their overall daily schedule. The ped could even be a parent that has a kid registered at the school making access even easier. So in the end, I axed schools that has cams (especially wireless ones) and convinced my wife based on the reasons above.
Perhaps some places have policies where the camera is on only for certain periods of time that vary weekly and IT departments that verify access logs, but I saw no such plans when I checked.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
Now the real question is, can the slashdot effect destroy all 1500 camera servers? ... Ive got 100 bucks on "yes".
I got "If no image is displayed, there might be too many viewers, or the browser configuration may have to be changed. See help for detailed instructions on how to do this." from three in four camera`s....
What an elegant solution, just post the problem on slashdot and watch many hundreds of tiny embedded (axis is linuxppc based iirc) webservers get slashdotted completly
Holy crap: "women doing laundry".
graffe.com suggests searching for inurl:"ViewerFrame?Mode=".
You can do slightly bettter by searching for inurl:"MultiCameraFrame?Mode=", as mentioned on Metafilter.
It should be obvious, but any web server that doesn't want to be on google should serve up the appropriate robots.txt file. This includes webcams in their default configuration.
main(O){10<putchar((O--,102-((O&4)*16| (31&60>>5*(O&3)))))&&main(2+ O);}
LN2 is cool!
Johnny at IHackStuff has a huge list of fun things like this you can get from google.
Here is the list of searches for network aware stuff: Google Cached since main site is down
Some search phrases for cameras are: "camera linksys inurl:main.cgi" and
"powered by webcamXP" "Pro|Broadcast"
Don't forget that google can limit results to region by using "site:.jp" or similar.
This is nothing new... I have known about it for months. I wonder why it was only mentioned in blogs the past week or so? Anyway, here's the link: http://www.google.com/search?hl=en&ie=UTF-8&q=inur l%3A%22ViewerFrame%3FMode%3D%22&btnG=Google%20Sear ch
Following an item on The Reg http://www.theregister.co.uk/2005/01/08/web_survei llance_cams_open_to_all/ I have been looking at some of the result given by google. One interesting one that came up was http://lobbycamera3.abia.org/axis-cgi/mjpg/video.c gi?camera=&resolution=640x480 which turns out to be an airport in Mr Bush's home state of Texas. http://www.ci.austin.tx.us/austinairport/ This just goes to show that even supposed security professionals don't bother to read the instructions on their new toys. Free to air surveillance for Mr. Bin Laden?
The article says, "Video surfers are using this knowledge to peek in on office and restaurant interiors, a Japanese barnyard, women doing laundry, the interior of an Internet collocation facility, and a cage full of rodents, among other things, in locales scattered around the world." Funny thing is, I have seen all of those, like the article is talking about the same ones I was spying on. But I couldn't find one of a women's dressing room. :(
we'll never give you the search query!
:)
slashdot the fun? hardly..
it's available to anyone with five minutes of time and half-a-clue
(and totally worth finding hehehehe)
In any case, I have to admit that one of my guilty pleasures used to be (before the slashdotting) this fun link to... 137 java-controllable webcams around the world: http://www.google.com/search?q=intitle%3Aliveapple t+inurl%3ALvAppl
A certain japanese construction site has made a lot progress lately. :)
Power to the Peaceful
Is this the first recorded instance of a wide array of small webcam servers getting simultaneously slashdotted?
I win:
...
http://63.243.46.98:8081/axis-cgi/mjpg/video.cgi
Runnin' On Empty
Alot of these cameras are exploitable too. It was fun along time ago making these cameras mine... ofcourse I always reset the pass...ofcourse... There is an exploit here: http://www.k-otik.com/exploits/08242004.Axis.sh.ph p
For those still asking, the search string is:
inurl:"view/index.shtml"
For those lazy ones here it is wrapped up and packaged for you:
http://www.google.com.au/search?q=inurl%3A%22view% 2Findex.shtml%22
The following is a list of servers:
http://www.networkpunk.com/?q=node/view/614
Thank you.
ViceVirtue
Combine this with the IP address locator (http://www.geobytes.com/IpLocator.htm?GetLocation ) and take your dream vacation from the comfort of your own !
Where's the bloody ZOOM!!
any women's locker rooms. :(
There is also a known vulnerability with the root password
/ 12/msg00067.html
http://cert.uni-stuttgart.de/archive/bugtraq/2001
Since most of them are being used as simple security cameras for simi-public areas, there really isn't much secret data that is going to be discovered..
So you can watch cars in a parking lot.. Or people mill around the mall...Big risk there..
I don't see a big deal that most of them are not being locked down. Unless i missed something here..
---- Booth was a patriot ----
I discovered quite along time ago that if you search for a certain firmware version of the Axis cameras, (Axis Network Camera 2.XX) you can find exploitable cameras that have not had their firmware upgraded to fix a security bug.
http://camera//admin/admin.shtml will bypass the passwords of cameras that don't have the newest firmware. (I found this on security focus)
I fear what happens when someone discovers that they can enable telnet and get root access on tons of cameras, and starts them churning spam....
Why in the hell do people assign public IPs to camera's directly?
I know that some maybe public for a reason (news, weather stations, etc...), but I bet the majority don't need to be opened to the public.
Come on people...get with the program.
I would recommend you not underestimate the intent of some cameras out there.
I wouldn't meddle (ie. admin control) with certain camera's, lest I be visited by such people with gray cadillacs and brown raincoats...
A more clear example is this camera which is absolutely public. I did however encounter similar cameras with a more restricted character (page 16/17 of 2nd google link).
Google - home" Requires installation of activeX plug-in. Great video feeds.
Google - inurl:"ViewerFrame?Mode=Motion"
Google - inurl:LvAppl intitle:liveapplet
Google - intitle:"Live View / - AXIS"
Google - "Powered by webcamXP"
Google - inurl:indexFrame.shtml "Axis Video Server"
Google - "MOBOTIX M1" and "open menu"
Google - intitle:flexwatch intext:"Copyright by Seyeon TECH Co"
Google - intitle:"WJ-NT104 Main"
-- ladies and gentlemen we are floating in space!
It's not really obvious.
:
.
If you don't want your webserver to be 'found' then either
A. don't put it online. (Right)
B. security through obscurity: don't link to it, don't save a record of it. No links = no crawling/spidering.
C. Put it behind a server-wise password
Because in the end, Google may respect robots.txt but I, for one, don't when creating a local cache of a site using HTTrack
And I'd imagine there's search engines which ignore it just as well.
According to a Google search, the default settings for these are as follows:
Username: root
Password: pass
I'll lay odds there are complacent admins out there.
THIS INFORMATION IS FOR EDUCATIONAL PURPOSES ONLY. DON'T BE A FUCKHEAD.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
I disagree:
i
http://webcam.magic.iac.es/axis-cgi/mjpg/video.cg
Black and grey are both shades of white.
Remeber, use the session restore plugin to save the tabs when the java applets crash firefox ;)
If you look on axis's site, you see most of them atre ~640x480 resolution, one being 1280x960, toshiba also has one megapixel version but it's astronomically out of price reach for simple applications.
:)
With all of those sub 100 cameras that are going up to 3mpix these days, how come there aren't "HD"webcams or anything similar in the cheap end of the spectrum? it would be good enough for low-level consumer home security, and I'm sure it would sell like crazy. I know the image quality wouldn't be equal to the top webcam using CCD out there, but some application would require more resolution before perfect color reproduction.
Anyways just a thought... If anyone could point me to something that already exists, it would be nice, as I am sure a lot of people here would jump on this...
--- Metamoderating abusive downgraders since my 300th post.
Instead of using wireless on cameras, they could have used wired connections and allowed a VPN login. That might have been a *little* safer. So much for Closed Circuit TV.
All in all CCTV is kind of funny, but doesn't really make my day :-(
Most of the links coming up probably originated from a site thats been up for years called "Earth Cam". They have so many they have to categorize them...Google's just doing what it's supposed to finding everything...Well almost everything...L8r all...
Even eafter this story has been posted and many of the cameras have been slashdotted the admins still wont have a clue.
These have been known for a while. It's hardly breaking news. I visit the site soetimes. There is a lot more than cameras. There are links for usernames, passwords, databases, etc.
a little car shop
Not entirely sure what this is
Japanese fish store
The ______ Agenda
ok, where hell is this:
http://219.96.71.76/control/userimage.html
Hey, there's even some naked people passing by this cam. Wonder where in the world that might be.
I heard about this sort of security problem when CU-SeeMe first came out years ago and I'm surprised it has become an issue again. Apple's iSight has a built-in iris that closes when you twist the lens, and twisting the lens also doubles as a switch for turning the camera on and off as well as launching iChat AV. Plus, there's a little LED that lets you know when it's on. I always thought that webcams should always have a physical lens cap on them because just for that added security, and never considered getting one until the iSight came out.
This is not a design problem. Because if it was a design problem, then we should be abandoning TCP/IP altogether. The real problem is that the Internet was given to the masses while it was still in a "beta" or "release candidate" stage. One of the things that should have been in place before everyone and his brother got internet access is VPN. These cameras wouldn't be a problem if they were behind a firewall and the only access is via VPN or some other method of tunneling. Perhaps if the boxes were labelled "Use Behind a Secure Firewall" then this wouldn't be as common.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Ok, I've clicked on the links mentioned and the results from google and I'm getting weather cams and empty offices.
We all know why we jumped on this story so now somebody needes to deliver!
No idea what this is. Exposer a bit too long?
e ra=&resolution=640x480
http://209.161.173.14/axis-cgi/mjpg/video.cgi?cam
Well I found a secret government baby making factory.
o .cgi?camera=&resolution=640x480
http://kamland4pi-cam1.lbl.gov/axis-cgi/mjpg/vide
http://avenches-webcam1.rcv.ch/axis-cgi/mjpg/video .cgi
Amphitheatre in Switzerland. (Hurry, it's getting dark there.)
Of course if you put in place the elements of a Big Brother state then they will be abused. Three working for the UK authorities have been suspended for perving through a young ladies window, goodness knows how they got found out. I'm sure 99.99% of these cases are never detected.
Phillip.
Property for sale in Nice, France
Not all webcams that are found are actually "secret" most of them (if not all) are available to the public.
further, if security is the issue, there are indexes that IGNORE robots.txt file, (and I'm sure there are some that actively look for robots.txt that are exclusionary) not everyone lives by the motto "do no evil"
a spider reading the robots.txt is a nice, perfect world, internet convention, much like SMTP- and we all know how well that ended up.
every day http://en.wikipedia.org/wiki/Special:Random
I remember doing the exact same thing on Altavista. The default full install of IRIX on Indy workstations had a webserver that would serve images from the IndyCam perched on the granite Sony monitor in many computer labs and offices. The trick was finding ones that were enabled, or didn't have the little door shut. There were a few that were on.
Southeastern Virginia REPRESENT!
This appears to be Stuttgart Airport http://195.243.185.195/ -- security risk much? I would have a problem with this being exposed on the web if I were the head of security there.
As David Brin frames it - I've stolen his opinion for this post, the key issues are transparency and egalitarianism.
The fact that we can look is not the problem. The problem with surveillance cameras is when people can look at us, but we can't look back.
Wouldn't it be better if a women going to her car can look at surveillance cameras up the block to make sure she will arrive safely? Or a citizen's watch groups can virtually patrol it's own neighbourhood?
The key problem is when a select few can control and abuse the technology and possibly enforce the law selectively. For example, corrupt cops losing video evidence of them beating someone to death.
I'm not completely sold on the idea, but it's an opinion worth considering.
Transparent Society
http://lobbycamera2.abia.org/view/index.shtml
So, have anyone found any nude stuff yet?
The Axis Video Server vulnerabilies found several months ago had hackers using Google to find vulnerable cameras. Check out "Axis Video Server" for a nice list of sometimes very-controllable cams.
Nothing new here.
-AutoNiN
How much of this problem is due to folks plugging the cameras in behind firewalls (thinking they are safe) and then having the cameras/drivers enable access via Plug & Play?
I used this back in Feb of 2003 to test out Panasonic Network Cameras prior to me making a purchase...
Since the first round of cameras are getting slashdotted... :-)
Type this into Google:
"toshiba network camera" login
Whoa! That guy looks familiar. Oh my god, it's ME!
... is that you havin' fun in the car at the parking place?!
http://24.234.255.102/axis-cgi/mjpg/video.cgi?came ra=4&resolution=352x240
It's simple, we just /. the cameras, that way nobody can view the cameras. Instant security!
What is this? It looks like someone knocked over the easter basket and there's one remaining egg in the mountain.
A server room? here
Blue Sky Tomorrows
Are you kidding me?
How many daycares have IT departments?
Love the handle buddy. While you might not be a pervert, I think Ill keep my kids away from you.
And Ill lock em up in their room so you cant get to them. Or our family pets. Or....
dd
I disagree:
http://isolationcell.com/
Why not just put a shutter on the camera, maybe an activity LED. How about making USB cameras so they can be hotplugged.
Engineers have been foolproofing for eons, always a step behind the fools.
Isn't this a standard Google hack as listed in O'Reilly's book.
I've had loads of fun with this one. Turning supposedly security cameras in on themselves etc.
We even have such a camera watching things at work.
"It's secure", said our IT manager (my boss - did someone mention Dilbert?).
Once home, it took me all of 10 mins to spy on my colleagues.
Has anyone seen the Kevin Rose footage on WarSpying - increasing the range of a receiver and driving around a neighborhood to spy on the X10 network cams?
Since you are conditioned to believe this then maybe I can interest you in some of my professional services - as a professional I am obligated to say No Problem to whatever your needs are and hand you over to our reassurance dept.
Dumbass.
The idea is probably from the final talk of the 21C3 since the idea was mentioned there.
is that an echelon station?
This is my sig. There are many like it, but this one is mine.
Earth Cam is good, but it doesn't seem very inclusive.
The perfect solution would be something like MapQuest, with users being able to add the URL of a webcab and set it's position on a map.
The only complicated part I see here is the interactive map. Anyone know an easy/straightforward way to do it?
thats funny stuff. you'd think they'd password it or something
That the world is a pretty damn boaring place....
I'm jezze I can't even find any that have people on them.
Technology, the cause of and solution to all of life's problems.
chixors: http://aleksandriacamot.it.helsinki.fi/view/index. shtml?videos=one
w00w00
If you reload the page, it keeps updating!
The problem is putting the camera directly on the wire. This gives them an external IP address. Places should be using an internal network with a router to connect the cameras. That way the main systems used to watch the cameras can get on the internet and do whatever but the cameras have a 192.168.0.X or something IP that can only be accessed from the outside if the router is set up to foward the port.
Unless the cameras are intended for public viewing they should not be given an external IP.
Work Safe Porn
The original statement said, "1000 cameras around the world..." Yet, you're claiming that only morons in the US are responsible?
So,
What freakin plug-in do I need to make this work with safari? I have some voyeurism to attend to. Ok Ok I'll download mozilla, but DON'T tell me to use explorer, please. It is officially in atrocity status on macs, due to microsoft's abandonment of it.
music lover since 1969
NUCLEAR REACTOR plant! This is pretty cool stuff!
"Snoop does laundry? That's hot."
-- Paris Hilton, some stupid commercial
Lets say your local friendly 'protection' dude wanders in to your shop one day asking for money 'or else'.. you can either..
a) inform him that his every move is being watched by a million slashdotters..
b) pull your gun out from under the counter and blow his brains out - then tell the police there's plenty of witnesses to interview.. ;)
for a living and have always warned users to put them behind a firewall. Some just insist on giving themselves easy access to remote locations, they don't even try to setup passwords. Guess it's time for some email and a link to Slashdot.
I'd love to be a fly on some walls right now as camera owners watch there IP cameras meltdown under the pressure, many of these things can hardly support 5 - 10 users let alone Slashdot!!!
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
I guess you will be home schooling your kid for life.. As most ( soon all, 'for their safety' ) schools have cameras everywhere...
Cameras are not going away anytime soon.
True not all are publically available, but as you say 'anything can be compromised'.
---- Booth was a patriot ----
This not is a new issue. In my work I have been used these search types to test our Camera applications. Various are publics, other not.
o tion"
These are various samples:
Convision-> inurl:"/fullsize.jpg?camera="
Axis-> inurl:"/axis-cgi/jpg/image.cgi"
Canon -> inurl:"/-wvhttp-01-/GetOneShot"
Pixord -> inurl:"/images<camera_id>sif"
Panasonic -> inurl:"/SnapshotJPEG?Resolution=320x240&Quality=M
D-Link -> inurl:"/IMAGE.JPG"
JVC -> inurl:"/still.jpg"
IQinVision (Video-Server) -> inurl:"/cgi-bin/cgi-image?camid="
IQinVision (Camera) -> inurl:"/now.jpg"
If you look really carefully, you can see the Nexus in the background.
Kirk and Soran are fighting on the little tower.
liqbase
Me and many other small groups of people have been using this to gain control over cameras for close to a year now. Every once in a while there is a news story about this google trick and then for like a month afterwords the most popular cams get flooded and the frame rate drops down to like 5 frames per minute. It sucks.
I have really been dreading the day when slashdot ran a story about this because I know that it will result in many of these cams being slashdotted out of existence. Why can't I have nice things?
http://shit.slashdot.org/article.pl?sid=05/01/09/1 411242
Are there stairs in your house?
Hippo!
The sending of this message pretty much inconveniences everyone involved.
That's the lamest tsunami video yet.
A while back while searching for info on a xerox network printer up popped a few hits of the url's for the web interface of the printer model. I accessed 1 with the default password, could have changed any of the settings or ftp'd a document, say 3,000 pages of black and wiped out the toner and trays.
Luckily the the good side usually wins in me so I just printed out a couple pages to tell them their printer was public.
Google Error We're sorry... ... but we can't process your request right now. A computer virus or spyware application is sending us automated requests, and it appears that your computer or network has been infected.
We'll restore your access as quickly as possible, so try again soon. In the meantime, you might want to run a virus checker or spyware remover to make sure that your computer is free of viruses and other spurious software.
We apologize for the inconvenience, and hope we'll see you again on Google.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
When you run the google query, it gives you a page of results, each record containing the URL linked (by the URL) to the webcam image. So the webcam webserver log shows the Google page you linked from; all they have to do is deny access to any request with "google" (or its IP#) in the REFERER field.
However, it's trivial to download the Google results page with wget, then globally replace 'a href=' with 'img src=', and get a local page which, when loaded in a browser, shows all the available webcam images in a single page, labeled with their URL. Then the webcam admin has to invert the ACL, allowing only authorized users, rather than filter on the REFERER (which, like the IP# of the browser displaying the images, now fills the webserver logs with the browser's address).
--
make install -not war
I want one of... whatever this thing is!
http://phys9901.campus.tue.nl:50080/remote6/
OK, so you can do a Google search for part of the URL and find all of the cameras that Google knows about.
But why does Google know about them in the first place?
Google (or any other indexing bot) can't find web pages that don't have a link to them. And, typically, they can only find sites that have links from other sites, or that have been "suggested" to the search engine by a user.
So, somebody put a link to the webcam in a publically-accessible page somewhere. If somebody puts a link to a security cam or a nanny cam in their home page or blog, sure, they can expect the world to be looking in!
johnny.ihackstuff.com has been posting google cam searches for a long time now...
Congrats, we have just managed to slashdot every surveillance camera in existence. A new slashdot record!
Sean Fanning, an anonymous reader, and Paris Hilton's ex-boyfriend have in commonng? They're all too utterly and completely fucking stupid to keep shit to themselves.
If someone tells us, "Get outside more", does this count?
Table-ized A.I.
Some of the things that these people do in those computer labs are absolutely hysterical. Do they even know that they are being watched? To bad that most of the girls that one finds in the computer labs are of the decidedly more nerdy variety.
I guess that there will be a few broken cameras when the admins all go back to work on Monday.
sad thing is i have known about this for YEARS and am surprised something so obvious (searching for the page title of an axis cam on google) didnt take longer to be public knowlage. if anyone cares what started it all, its GSU's axis webcam on one of their buildings.
Why does the surviellence cameras connect their feeds to the Internet? They can easily keep it within their LAN and forget the worry about other people seeing it. Also why can't they password protect the site so that only authorised personnel can see it?
As if a camera with a built-in web server has the capability to filter by referer.
No, that was the one after the tsunami hit.
- Voice of Ambience -
If you can see your webcam's feed remotely it means that other people can see it as well
SOMETHING AWFUL DOT COM!
http://thepoolcam.dyndns.tv/axis-cgi/mjpg/video.cg i
Ok, I'm on here, and I can see 10 other people using it too - wonder if anyone there have noticed the camera spazzing around yet? ;-)
Code, Hardware, stuff like that.
This entire operation is based on the fact that this is a single camera brand/model-type, with a built-in webserver, and a standard URL template for the "get image" CGI that can be Googled. Several of those cameras implement the standard Basic authentication required in HTTP; there's no reason to think they can't also filter by REFERER, a much simpler operation, also provided by supporting the HTTP spec.
--
make install -not war
http://80.97.109.10:40010/
Dude stop stealing that money!
I discovered this a few weeks ago, and I found one that had sound AND I COULD CONTROL in some crowded resurant somewhere in Japan. I moved it back and forth, and finally got someones attention, they were talking to the camera, it was hilarious.
http://134.84.240.219/view/index.shtml
The first three pages of hits in Google can't load. It is because the Cameras themselves have been slashdotted!!! what is next? slashdotted pet feeders?
Couple of them were dead.
Until today it would have been impossible to comprehend the meaning of "my security cameras have been slashdotted".
Well, that is what some of security camera owners will be saying tomorrow morning.
Looks like most cams are effectively slashdotted right now...
-
Some server room somewhere.
-
Another server room somewhere else.
-
Yet another server room.
-
Still another server room, with lousy housekeeping.
-
Elevator doors somewhere.
-
Horse in a stall.
There are cameras in retail stores. Also boring.But there are some pretty pictures available. Most of these look like vacation spots.
hello?
its january 2005..... Google has been indexing the web for years now...why has it taken so long for someone to think of submitting this as 'security' or 'news'??
You've been able to search URLs for common lines for ages...especially from anything thats been linked from a sites pages!
I'd be more worried by the fact that there are multiple exploits for those AXIS cameras out there - and default admin names and passwords!
anyone who is bored can now do inurl: searches for your badly installed switches that have their web services linked to (really guys you should do "no service http" on your configs!) CISCOS and HP's both have easily identified URLs - fun for a Sunday night? maybe, but thats just lame.
If surveillance is present and justified then it shouldn't matter if we all can see it right if there's nothing to hide? ;)
How can we search my locality other than site:.uk for example?
Anyone found any UK webcams? Best I've seen so far is an Irish one.
One of my local town centre would be handy!
A blog I run for the wealth
First take a screen shot with print screen.
Record the IP, and the time on paper.
Verify what country from the IP. Contact the local authorities by phone or email and send the details.
Saskboy's blog is good. 9 out of 10 dentists agree.
Panasonic could mitigate some of the damage they've done with their camera's stupid default features by not accepting connections referred to them by google. Their viewnetcam.com site seems to be hosting a lot of vulnerable cameras.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
Whatever it was, they now appear to have pointed the camera at the big dipper.
http://axis.axiscam.net/view/index.shtml I win! I've been watching this for hours.
Meanwhile you probably secretly fantasize about having sex with underage cheerleaders yourself...
In case anyone didn't notice, danila looked up the posting history of FerretFrottage and found a post to use as incriminating evidence against him. This is a rather advanced flaming technique. I am quite impressed. Well done.
My other first post is car post.
I remember sitting playing around with some of the cameras near the beginning of last year.
I'm suprised someone just finally noticed this now >_>
ND
This statement is forty-five characters long.
http://cafecam.heerenvanbeijerland.nl/view/index.s html?videos=one
Now the terrorists will get through undetected and destroy us all!
You must think in Russian.
Must be a slow day...check out what they're watching on the left-hand monitor!
http://webcam1.cotas.com.bo/view/view.shtml
http://209.52.239.29/axis-cgi/mjpg/video.cgi?camer a=&resolution=320x240
when i went here there was a flying boat lined up in the shot, if there's not one there when you go then the person has carried out the promise in the title of the web cam of stealing it!
OMG! LOL!!!1 I setup my network camera on my computer and now it can be viewed on the internet! I guess wtf? I figured it would magicly know which computers should be able to connect to it! GOOGLE IS EVIL for peep at my camera that is on the internet that any 1 can connect to!!!!12
Of course if people would just setup a firewall this thing would never happpen. There are flaws with all kinds of software. Why would you just let programs randomly listen on port 40010?
http://204.49.60.246/view/index.shtml
a b - a pair of cameras in some storage place, and you can get them to point at eachother :D
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
http://213.189.5.245/view/index.shtml?videos=one
Midnight in Spain looks just like midnight where I live.
Check it again in 12 hrs.
Bandwidth is the answer. A camera at 640x480 at 30fps has to have compression turned *way* up to make it out the typical home user's 256k or 512k of upstream bandwidth.
Next, the phillips TriMedia chip and competitors support real-time compression at 640x480 and are available in volume. Chips that can suport compression at higher resolutions aren't made in volume, so are much more expensive.
Finally, if you need high resolution, just switch to a telephoto lens. If you need to look at several areas of detail, use several cameras.
wow, this ought to be picked up by the mainstream media. So anyone can use Google now to watch someone else's online webcam. Google search is now used for spying on people, watch their webcams, dig up stuff on them which they don't want to share, the evildoers can use Google to dig up confidential info and then use that to harm us. This is pure evil, and i won't be surprised if the lawsuits start coming in from privacy conscious and the ACLU types against Google, followed by govt. regulations. This could be the biggest court drama of the decade. Google will surely be pulled down sooner or later.
Argh can't find the link. Anyway, Wired news a year ago: http://www.wired.com/news/infostructure/0,1377,578 97,00.html
so, the news is that more applications were vulnerable to spidering. DOH! I mean, sure, give away you surveillance webcam access without a login. What were these guys thinking about?
I found this guys web site over 2 years ago:
wonder.I.am
Wonder what this is... some type of X-RAY screen? http://x12b-cams.nsls.bnl.gov/indexFrame.shtml?new style=One&cam=4
http://198.182.65.150/sample/LvAppl/lvappl.htm
I think it is looking down N. Stone Ave. From W. Alameda St. to W. Pennington St. and beyond.
So is it leagal to check out these cams or will the FBI come and knock on our doors?
This brings a whole new meaning to voeyur porn.
you might be able to put together a decent game trying to figure out what the camera is showing.
whoever gets it first wins some points. more points if they can do it using only the camera picture data, less points for each other source they have to consult (google searches, web sites, traceroutes, keyhole, etc) to figure it out.
might be a fun challenge. like geo-caching in reverse. instead of finding a location and going to it, you are already there and to figure out where you are.
The Ticketpro office
Saskboy's blog is good. 9 out of 10 dentists agree.
I dub thee: LENSCAP !
http://www.searchlores.org/rabbits.htm Catching the rabbit's ears & pulling files out of the hat Advanced Web searching tricks by VVAA (Various Authors)
He was struggling to control the cam and just got up and walked away.
http://24.11.251.162:92/#
>every moron in the U.S.
Most of the one's I've found are either Japanese or in the Netherlands. Some links here.
If I were manufacturing these things, I'd load each with its own randomly-generated default username and password and put these on a big yellow-and-red sticker on the camera, impossible to miss.
That's the X12B at Brookhaven National Laboratory, not a storage place. Its used for X-ray crystallography. It's apparently scheduled for conditioning until next weekend though.
see here:
http://www.px.nsls.bnl.gov/x12b_info.html
The webcams are to check on it remotely.
"Well, it's really just another example of engineers doing the job right, only to then have a PHB of some ilk tell them..."
This assumes that all bad decisions are the result of a PHB's intervention . Some is simple ignorance (something we all are guilty of at one time or another).
...notice that her genitals are pixelated out; seeing them, according to the FCC and most of the religious right, would be...obscene.
I recognize this one: Stuttgart International Airport. D'oh (auf Deutsch)!
Snickersnee3: Build your own 3-watt Luxeon Star headlamp from scratch
we were playing with these cameras ages ago
---- Put Sig here:
n/m
This one shows what appears to be a pet store in Japan. The puppy in front is pretty cute.
it would be cool if some future Robosapien product were Internet-enabled and could run around sending video AND be remote-controlled. Completely mobile, with Wi-fi. OR if someone would build a hack like that.
...Crypnotic also looked up the posting history of FerretFrottage to see if danila had looked up the posting history of FerretFrottage, and upon finding a link, very excitedly posted the parent as a rather advanced means of showing off. I'm not that impressed, but well done nonetheless.
Meanwhile, I'm the only one here who has not yet looked up the posting history of FerretFrottage, although it is apparently a popular thing to do...
So long, michael. Don't let the door hit you...
WebCams:h tm
inurl:/view/index.shtml
inurl:/LvAppl.
inurl:"ViewerFrame?Mode="
Other fun stuff:
"phpMyAdmin" "running on" inurl:"main.php"
inurl:ipsec.secrets -history -bugs
"# Dumping data for table (username|user|users|password)" -site:mysql.com -cvs
[One query per line]
I would think that if these people are too lazy to set their camera's up properly they may not have changed the login either, does anyone know what the default login, and password is to the Axis cameras?
Was the sig intended to be related to the post?
Got time? Spend some of it coding or testing
...and engineering lab at the University of Queensland, making the number (international) +61-7-3346-9705 or in Oz (07)3346-9705. I'm sure they'll get a blast from your call. (-:
Got time? Spend some of it coding or testing
Thanks for pointing out the origin of tubgirl. I'm no conspiracy theorist; just trying to make a point about obscenity being relative. Actually, you help me make that point if you are serious about the pubic hair. Could you expand on that a little, please?
Finally, voyeur sites for those of us with a fetish for boring things!
do "AXIS 2100 Network Camera /view/view.shtml" into google then
http://ip-of-cam//admin/admin.shtml (note the 2 slashes)
to get to admin area
I'm in Australia, it's 10:51 am over here, and as you can guess, almost all of the web cams will be in a part of the world that is dark right now, so this little execise was not very interesting for me. Although some of the pix were quite eerie: e.q. an empty office full of cubicles and flatscreen monitors. Almost felt like I was experiencing "Dawn of the Dead" live... Yeah, I need to get a life.
http://belba.dyndns.org:805/
http://163.29.163.13/indexFrame.shtml?newstyle=Qua d
For the first person who physically visits one of these cameras and posts a sign in front of it that reads "FSCK YOU /. VOYERS!"
UTF-8: There and Back Again
Thanks. Interesting, yes, but not so odd when you consider that we Americans appear downright terrified, yet fascinated with women's breasts. Show the top, sides or bottom of your breasts and it's sexy. Display an obvious nipple projection and it's sexy. Show areola skin or worse yet, an actual nipple(!) and you've crossed the line. We actually project quite a few such dichotomies...
Randomly tried one from a google slope and found a ski slope with people skiing. How neat.
enta.net
Yeah, baby! That's my kind of ISP. Looks like some real 'leet dudez run that shop. Only thing missing is pizza boxes.
Mod down people who tell people how to mod in their sigs
Well, I have not posted in months, but I made this post as an advanced form of recognition of doc traig's recognition of the advanced flaming of ferrets, followed by advanced excited showing off of said advanced ferret flaming. I recognize your superior (some might say advanced) recognition of the practice of ferret flaming and the advanced showing off thereof, doc.
-
apparently without their owners' knowledge.
Actually, at least 20 of the cameras _do_ have their owners knowledge. They belong to a chain of laundromats in southwestern Japan, one camera per location. The idea is that before heading off with your laundry, you have a quick look at the cams to see how busy they are, and decide which place to go to (or maybe not to go at all..)
Of course, this is slashdot, I probably shouldn't have said anything because now 50 sickos will be running off and watching young japanese folk do their laundry.
I'm surprised that it's gotten this far without somebody mentioning science fiction.
H. Beam Piper's stories included a standard trope, in which there were many publicly available cameras in various places. "Telescreen" users used their output instead of wallpaper images, and Pappy Jack used surveillance images of a forest fire to scare Little Fuzzy.
Hey, slashdotters! Who wants to step up and provide that service?
Regards,
Ric
With google, I've found a number of installations of PHPMyAdmin on people's websites. If you don't know, PHPMyAdmin is a direct interface to a MySQL server through a powerful, easy-to-use interface. In other words, if somebody looked hard enough, they could snag credit cards from online retailers pretty easily.
Alexa is another big danger. At the company I worked at, my boss was fond of browsing the company's admin site with a browser with Alexa installed. On a few pages of the admin site were html links which were used to delete things. Sure enough, when Alexa spidered our admin site, it followed each and every delete link. Goodbye cookie-based authentication, hello IP-based!
ICE CREAM!!!!
UTF-8: There and Back Again
This could be done in any other web search engine, not only google.
Here are hotbot results. The first result is a webapge with links to most of the cams...
Besides searching for a part of the URL is a very old trick in search engines, any search engine theortically should do the same thing.
The lunatic is in my head
http://www.i-hacked.com/Computer-Components/Softwa re-Internet/Finding-Online-Webcams!.html
Actually, in a way, the Slashdot effect could indeed be considered an infection. About ten years ago, before there were email viruses that I was aware of, rumors of email viruses that do terrible things (that were not then possible) were circulated by credulous people trying to spread the warning. One such notice was passed to a government client of my then-employer with great solemnity at a meeting, without having been circulated into the engineering department where I worked. When I finally saw the notice and explained why it was not applicable in the client's environment, I explained how the REAL virus was the email notice in question, and that the computer it ran on was the human brain.
Now, years later, these sorts of viruses are all over the place (see snopes.com), as are the occasional "bugs" like this one, in which an unintended result occurs. Of course, "programming" the human mind, by introducing data that will yield a predicted result, is as old as the human (or proto-human) mind. I submit that being skilled in this is potentially far more powerful than anything we code for a computer.
FWIW, it's not like all of these cameras have gaping security holes. At least one, the AXIS 211 claims to have the capability of setting a password on the web interface. (I don't have one to verify this.) As far as I know, Google only follows publicly accessible links in its indexing, so the fact that we can look at the cameras isn't really the fault of Google or the camera vendor. If it's a violation, it's the failure of the camera's owner to read the fine manual.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
NFL cheerleaders dumbass..RTFP next time...I guess you're the one that now not so secretly fanasizes about underage cheerleaders.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
From the Axis support docs...
User: root
Password: pass
-MJ
Very last line from the "warspying" article linked-to from within the Register article:
"The problem is, if the cops take an interest in you while you're doing something like this, the only way to get out of the situation is to admit that you're a dork," says MWD. "I'd almost rather be taken back to the station."
This space intentionally left (almost) blank.
Here is some store where you can watch people try to shoplift. Pretty cool.
You create your own reality - Leave mine to me.
You know you'd like it if a 17 year old skirt were riding your rod.
Putting a concerned parent down because they care about their child is bad enough. Using some misconstrued reference as "incriminating evidence" to flame that individual is APPALLING!
It's not well done. It's RUDE & INTOLERABLE! It's people who act like you and the ferret who make us parents paranoid about what might happen to our kids.