Slashdot Mirror

← Back to Stories (view on slashdot.org)

Website Peeps Into 73,000 Unsecured Security Cameras Via Default Passwords

Posted by Soulskill on from the security-through-insecurity dept.

colinneagle writes: After coming across a Russian website that streams video from unsecured video cameras that employ default usernames and passwords (the site claims it's doing it to raise awareness of privacy risks), a blogger used the information available to try to contact the people who were unwittingly streamed on the site. It didn't go well. The owner of a pizza restaurant, for example, cursed her out over the phone and accused her of "hacking" the cameras herself. And whoever (finally) answered the phone at a military building whose cameras were streaming on the site told her to "call the Pentagon."

The most common location of the cameras was the U.S., but many others were accessed from South Korea, China, Mexico, the UK, Italy, and France, among others. Some are from businesses, and some are from personal residences. Particularly alarming was the number of camera feeds of sleeping babies, which people often set up to protect them, but, being unaware of the risks, don't change the username or password from the default options that came with the cameras.

It's not the first time this kind of issue has come to light. In September 2013, the FTC cracked down on TRENDnet after its unsecured cameras were found to be accessible online. But the Russian site accesses cameras from several manufacturers, raising some new questions — why are strong passwords not required for these cameras? And, once this becomes mandatory, what can be done about the millions of unsecured cameras that remain live in peoples' homes?

53 of 321 comments (clear)

  1. Ethics by iluvcapra · · Score: 4, Insightful

    Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

    --
    Don't blame me, I voted for Baltar.
    1. Re:Ethics by Anonymous Coward · · Score: 2, Interesting

      I'm sure the 3 letter agencies of your country share and honor your view on the ethical methods of spying

    2. Re:Ethics by Ichijo · · Score: 5, Interesting

      How would a good person inform the owner that their door is unlocked if the only way is contact them is to walk inside? Or is the correct response to just walk away?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    3. Re:Ethics by Anonymous Coward · · Score: 5, Interesting

      That analogy certainly applies to the Russian website that is streaming the videos, but I think the blogger who has discovered this website that is streaming videos from people's homes and then tried to contact the owners is more like someone seeing their neighbors door open, some people that shouldn't be there walking out the door and then peaking in the door and calling out to see if everything is okay or letting them know when they get home that someone was in their house.

    4. Re:Ethics by Anonymous Coward · · Score: 2, Insightful

      Samaritan says "hi subject #82644266222".

      WHAT?! You don't seriously want the world's AIs to learn about the world solely from 4Chan and wikipedia, do you? Yootoob user comments are probably what finally convinced skynet to off Mankind.


      Like the issue with automated license plate readers, this is another case where something is of little concern when it has to be done manually, one item at a time. But when you automate the process and can grab data on everyone with a click of a button, then you should start getting nervous.

    5. Re:Ethics by arth1 · · Score: 4, Insightful

      Just because a door is unlocked does not mean you may walk inside, even if it is to tell the owner their door is unlocked.

      No, but it also doesn't mean you're not an idiot for not locking your door.

      Blame is not a limited commodity - you can add blame to the idiots who don't take precautions without removing any blame from those who break in. Point fingers in both directions. The breeches is a cooperation of the idiots and the outers.

      When and why did being an idiot become a right?

    6. Re:Ethics by fahrbot-bot · · Score: 3, Informative

      When and why did being an idiot become a right?

      It's right there in the Declaration of Independence (for people in the US anyway) -- "Life, Liberty and the pursuit of Happiness" -- and ignorance is bliss (or so I've heard...)

      --
      It must have been something you assimilated. . . .
    7. Re:Ethics by QuietLagoon · · Score: 2

      ...Blame is not a limited commodity - you can add blame to the idiots who don't take precautions without removing any blame from those who break in....

      Using your logic, if someone uses an armored vehicle to break down the door and go into someone's house, then the homeowner is to blame because he did not have a door lock strong enough to stop an armored vehicle.

    8. Re:Ethics by mythosaz · · Score: 3, Insightful

      To be fair, the Russian website isn't streaming the videos any more than TPB is hosting copyrighted material.

      The Russian website has a lot of IMBED tags and links, I imagine.

    9. Re:Ethics by mysidia · · Score: 2

      How would a good person inform the owner that their door is unlocked if the only way is contact them is to walk inside? Or is the correct response to just walk away

      Better have a good reason for being there on their property in the first place. And how would you discover the door was unlocked, unless it was left open?

      Ring the doorbell wait five minutes.

      Go talk to one of their neighbors. Don't enter the building alone if you are not an associate or good acquaintance of the owner.

      The owner probably has relatives, or a cell phone.

    10. Re:Ethics by JeffAtl · · Score: 2, Interesting

      and local law enforcement

    11. Re:Ethics by arth1 · · Score: 2

      People might be idiots for not understanding that the world is full of terrible people and they need to go out of their way to protect their privacy from criminals, but victim blaming and shaming especially after the fact is not right.

      Why not? It doesn't absolve the terrible people from their deeds.
      We need to shame those who have something to be ashamed of regardless of whether they're victims or not.
      That someone became a victim is sad, but does not in any way mean we cannot criticize them like we can criticize non-victims. If two people don't lock their bikes, and one of them gets stolen, we should not only be able to criticize the guy who did not get his bike stolen. Whether he's a victim or not doesn't change whether he's an idiot.

    12. Re:Ethics by JMJimmy · · Score: 3, Informative

      There looks to be 255 'territorial' top level domains ("country code" TLDs) - not all of which are acknowledged as countries in say, the UN.

      That 255 includes:
      1 for European Union
      1 for Antarctica
      2 for Russia
      2 for East Timor
      2 for UK
      yu, .zr, .an, .cs, .dd no longer exist as countries
      a crapload of administrative/dependent territories that are inconsistently applied. ie: Canada's "territories" do not get TLDs but similar entities in other countries do.

    13. Re:Ethics by fahrbot-bot · · Score: 4, Informative

      I know you are joking, but the line was plagiarized/borrowed. The original line was "life, liberty, and the pursuit of property". But It wasn't simply about the right to accumulate a bunch of luxuries; in context, it was referring to the pursuit of things that are somehow relevant to a satisfying and productive life. So it would be the right to pursue home ownership for your family, maybe fields for farming, and for many ./ers, it would be the right to accumulate gadgets, for the musically inclined, the right to procure instruments, etc. It doesn't take much of a stretch to go from this sort of enlightened satisfaction, to calling it merely "happiness" for simplicity.

      Take it from someone who, at 51, is debt-free, has a net-worth of almost $2M, but lost his wife in 2006 after 20 years together, "property" does not make "happiness". Though having "things" might make your pursuit of satisfaction and/or productivity (whatever that means to you) easier, property is a means to an end. Happiness is something you realize from within and, possibly, experience with someone else.

      Even after 20 years together, Sue and I held hands where ever we went - I miss that and nothing else I have can, or could ever, compensate for losing her. Remember Sue...

      The line is better written as, "the pursuit of happiness."

      --
      It must have been something you assimilated. . . .
    14. Re:Ethics by mrchaotica · · Score: 2

      It's broadcasting on the Internet. Assuming it's intended to be public is exactly as valid as assuming a website is intended to be public.

      --

      "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

    15. Re:Ethics by clonehappy · · Score: 2

      How is this modded +5 or insightful? It's neither. Why are we still comparing locks and doors in meatspace to virtual servers and ports and IP addresses on a globally-interconnected network of computing nodes and electronic resources? They are nowhere near the same thing. When you advertise and/or broadcast a service on a given port and on a given IP-address, you can rest assured that unless it is properly secured, anyone and everyone will access it and utilize the resources it provides.

      In most cases, there are perfectly ethical and legal reasons to access someone else's resources. For example, Google searches, YouTube, IRC, FTP. Is it unethical to download files from an open, unsecured FTP server? Of course it isn't. Is it unethical to watch someone's private camera in their home that they left with no or default credentials? Probably yes, but you'll never know for sure because the default behavior of the network is that if something's wide open, it's there for everyone to use.

      When I started college in the 90's, there was a directory on some network drive that was mapped by default for all students. It was called "Network Trash Folder", and had some obscene amount of storage available on it. You better believe it was used for almost a year as a warez-and-mp3 repository for people in the know. Was it unethical to use that resource, that was obviously not officially-sanctioned to be globally available to all users, as a personal storage space? What if some cool/disgruntled/outgoing admin actually made a publicly available storage space knowing people would find it and use it for whatever they wanted? How would anyone know what the intent really was for that resource to be there?

      Long story short, it's up to the administrator of a given resource to secure it, lest it be used in ways he or she did not intend. It's not as simple an analogy as "Well, B&E is illegal duh!" Because we aren't dealing with physical resources. If you don't want people watching your cameras, don't put them on publicly routeable ports/addresses or at the very minimum, change the default credentials so people can't access your resources. If you leave everything wide open (or default), expect people to use it. I realize most people don't know this, and this is why they should either learn or pay the consequences. And before I get the "don't blame the victim" song and dance, it's not victim blaming when someone doesn't know enough about how something works to use it safely or securely. If you stupid enough to run your car's engine without oil and it seizes, you're to blame, you're not a victim...if you leave your iPad and laptop and wallet full of cash laying on the seat of your unlocked car downtown and someone rips you off, you're not a victim (unless you count of your own stupidity).

    16. Re:Ethics by JMJimmy · · Score: 2

      What you describe is not a free society. It is trespassing and unauthorized access. I'm not saying you can't find some cool stuff if you dig around, but don't fool yourself into thinking you are free to go anywhere you want as long as the door's unlocked.

      Luckily I live in Canada where fraudulent intent must be proven and that I do not have any colour of right when it comes to "unauthorized access"

      Trespass is provincial and in my province the property "that is enclosed in a manner that indicates the occupier’s intention to keep persons off the premises or to keep animals on the premises." must be met - otherwise I am free to enter until I'm told to leave.

  2. try telling this to old people by alen · · Score: 4, Interesting

    my father in law went to the at&t store with help on his wifi only ipad. he's totally confused by the need for an itunes store account password, wifi password on his home wifi and wifi passwords at other places

    1. Re:try telling this to old people by Anonymous Coward · · Score: 5, Insightful

      Tell him they're like keys on a keyring. You need a different key to unlock your desk draw even after you've unlocked your house. And when you go to someone else's house, your key doesn't work for them.

  3. People buy stuff without understanding is... by FlyHelicopters · · Score: 4, Informative

    Film at 11...

    The truth is, many people are using technology today without really understanding any of it. Even my own wife is pretty gumby with computers, if I wasn't there to do something about it, I have no doubt they would be full of malware and viruses.

    To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

    Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything.

    And no, she won't let me restrict and lock down the machine, I've tried that.

    1. Re:People buy stuff without understanding is... by arth1 · · Score: 5, Insightful

      To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

      That sounds like "I don't want to learn all that traffic stuff, I just want to drive on the highway."

      It might be better if there were two classes of devices, one run by others for them, and ones you drive yourself. All some people need is the equivalent of public transportation. We don't let people drive cars or fly planes without some basic skills, and while most don't get good at it, at least good enough to not be an instant hazard for everybody else.

       

    2. Re:People buy stuff without understanding is... by Jason+Levine · · Score: 5, Insightful

      Many people look at computers as if they are appliances. You don't need to know how to configure your toaster. You just plug it in and toast your bread. You don't need to edit some config file to make your refrigerator keep your food cold. Any "settings" come in the form of easy-to-read dials or buttons. Turn the dial on the stove and the heat goes on/up. Turn it the other way and it goes off. There's a group of people who expect computers to act like this. Unfortunately, computers are far more complex than any fridge or stove - especially once you go online and you are opened up to all of the security issues that this entails.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    3. Re:People buy stuff without understanding is... by war4peace · · Score: 2

      They could be made simpler by designing and creating applications, UIs and features which "do one thing but do it well".
      There's little incentive to do so, though, although I have to say that smartphones got there already, more or less.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    4. Re:People buy stuff without understanding is... by PPH · · Score: 2

      It might be better if there were two classes of devices, one run by others for them, and ones you drive yourself.

      Apple vs Android.

      Windows vs Linux.

      Self driving cars vs stick shifts.

      etc, etc.

      --
      Have gnu, will travel.
    5. Re:People buy stuff without understanding is... by arth1 · · Score: 4, Insightful

      Because you can plow your computer into a sidewalk full of pedestrians. Totally great analogy, that.

      Yes, you can. Your computer can be used as a base for attacking critical infrastructure, because you allowed it to be.
      Or you let someone get to your credit card information so you can't afford medication a week.
      Or your router gets disabled so you can't dial for help through your IP phone.
      Or somone finds classified information on your PC and uses it for nefarious purposes costing lives.
      The possibilities are there. Bits and bites can kill people these days.

    6. Re:People buy stuff without understanding is... by RavenLrD20k · · Score: 2

      Because you can plow your computer into a sidewalk full of pedestrians. Totally great analogy, that.

      Unwitting user clicks on a cute link that installs malware on the system to turn it into a zombie for a botnet. Unwitting user's system is now participating in an attack that drains hundreds of millions of $$$ from the bank accounts of tens of millions of people that now have lost all their life savings (somewhat similar in outcome to the damage caused by driving on a NYC sidewalk)... all because they followed the cute instead of paying attention what they were doing and following the rules of the Internet superhighway. I'd say the analogy is fairly apt.

    7. Re:People buy stuff without understanding is... by bill_mcgonigle · · Score: 2

      And no, she won't let me restrict and lock down the machine, I've tried that.

      "Son, there's no way I'm wasting my time changing the oil in my car - you will fix the engine for me if you love me."

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    8. Re:People buy stuff without understanding is... by FlyHelicopters · · Score: 2

      People want their computers to be like their cars.

      They don't want to know what is happening under the hood. They just want to drive it.

      Yes, and frankly, I think that is why so many iPhones and iPads have been sold.

      Technical people look at those and say, "oh my god, a locked down inferior device that costs more, who wants that crap".

      You know what? A lot of people do... How many? About a billion... That's right, between all the models of iPhone and iPad, about 1 billion of them have been sold, give or take a bit...

      Clearly a lot of people DO want that...

      If Microsoft sold a locked down version of Windows, I think people would actually buy it. I know I'd buy a copy for my Mom.

    9. Re:People buy stuff without understanding is... by Fish+(David+Trout) · · Score: 2

      To quote my own Mother, "I don't want to learn all that technical stuff, I just want to use my computer".

      Yea, I have to say, I have to clean her machine off of crap every year. Every time I go over there, Internet Explorer has 5 or 6 toolbars installed because she clicks on everything.

      And no, she won't let me restrict and lock down the machine, I've tried that.

      Then she shouldn't be allowed anywhere near any computer that's connected to the Internet.

      Seriously.

      An Internet connected computer in the wrong hands can be a very dangerous threat to the rest of us who share the Information Super-Highway with her. Her incompetence and irresponsibility can seriously hurt a lot of people very quickly.

      She is behaving like a person who wants to drive a car but is not interested in obtaining a license that proves she knows how to operate said motor vehicle is a safe manner. She just wants to get on the road. To hell with leaning how to drive!

      That's irresponsible.

      If she cannot take the time to learn how to safely operate a computer connected to the Internet or cannot demonstrate that she knows how to do so, then she should NOT be alowed anywhere near one.

      At least not without close supervision.

      --
      "Fish" (David B. Trout)
  4. Place the blame where it belongs by arth1 · · Score: 2, Informative

    Strong passwords are not mandatory because it's the responsibility of the user to read the instructions and secure the device. If they don't, they have no reason to complain. It was their choice to disregard the instructions.
    A question is whether people who are that stupid should be allowed to own surveillance devices. The risk of stupid people reacting inappropriately to real situations and causing harm instead of preventing it seems rather high.

    1. Re:Place the blame where it belongs by Imazalil · · Score: 4, Insightful

      But if a large number of users are not able to use their devices properly (ie. secure them) is that not the fault of the device maker? This isn't even about strong passwords, but just default passwords.

      It's a known fact that the general public is not security conscious, and that they do not read through manuals. Shouldn't the makers of these systems work towards making some basic security the default?

      The best, but not very good example is Windows. Microsoft provides lots of guidance on how not to get viruses or malware on Windows. Does that mean they get to wash their hands of anything that infects their user's machines when they open powerpoint slides from uncle Bob? Technically yes, but they do have some duty to make their product more secure because they know full well a large number (the majority) of people will click on any link that lands in their inbox.

    2. Re:Place the blame where it belongs by arth1 · · Score: 2

      But if a large number of users are not able to use their devices properly (ie. secure them) is that not the fault of the device maker? This isn't even about strong passwords, but just default passwords.

      No. A large number of users are not able to change oil, tires, brake pads or plugs on their cars either, and that's not the manufacturer's fault. In the case of cars, service stations appeared to fill that market, at a cost.

      The problem is that people feel entitled to not bother about doing things themselves, nor pay others to do it. Unless people start to get convicted and otherwise bearing the costs of being idiots, this won't improve.

    3. Re:Place the blame where it belongs by Higaran · · Score: 2

      Most users don't care about security. If you made setting up a user name and password the first thing the user see before you can do anything else, people would still put a user name as "user" and password as "pass" or "1234"

  5. What is the actual risk? by GatorSnake · · Score: 2

    What is the actual risk here to those using cameras as baby monitors?

    Step 1: Someone sees a baby sleeping
    Step 2: ????
    Step 3: Profit?

    "Help! A stranger saw my baby turn over. Call the police!!!" ?

    1. Re:What is the actual risk? by jeffmeden · · Score: 2

      What is the actual risk here to those using cameras as baby monitors?

      Step 1: Someone sees a baby sleeping
      Step 2: ????
      Step 3: Profit?

      "Help! A stranger saw my baby turn over. Call the police!!!" ?

      You could make the rather egregious leap that it would assist in kidnapping the child (a crime) since you know exactly where/when they sleep. If someone decided to stand at the curb and look at your kid's window for an awkwardly long time, would you call the police? But yes, the baby monitor thing is just a headline-getter.

      Using the cams to identify high value merchandise (certainly some of these cams are protecting things of actual value?) and also identify when no one is around, and then take the final step of disabling the camera's record/alert functionality (if there even is any) would be a slam dunk hollywood-style heist, done without even hiring the nerdy sidekick hacker to sit in the van and jam on his keyboard for the duration of the job.

    2. Re:What is the actual risk? by Frigga's+Ring · · Score: 2

      Depending on where the camera is pointed, it could capture a mother breastfeeding. Plus, if we assume the camera also has a mic, there's a lot of information that could be picked up audibly.

  6. Why isn't it mandatory? by Ostrich25 · · Score: 2

    Because not everything needs to be legislated, FFS. The last thing we need are more rules and laws.

  7. Oh Noes! by NoNonAlphaCharsHere · · Score: 2

    If these cameras get secured, how will law enforcement hack into them, get a partial reflection of a face in a hubcap, enhance and run it through facial recognition software and have the perps drivers license picture onscreen within 40 seconds?

  8. Not just cameras by RobinH · · Score: 5, Interesting

    Cameras are a problem, but it's not just cameras anymore. Nest thermostats, for instance, have occupancy sensors and they connect to the internet to work. So your thermostat tells a server on the internet if anyone's home (potentially). Smart meters have similar problems. We recently bought a temperature sensor (AVTECH brand) for our small server closet, and it automatically connected to GoToMyDevices.com as soon as I got it on the network, and started uploading sensor data. There was nowhere in the device's built-in web interface to enable or even disable this "feature". Nothing in the documentation. I looked online and found a forum where it explained that you had to telnet to the device, and at the main menu you had to select a hidden menu item, and then type a command to turn off this feature. It's that kind of absurdity that makes the whole "internet of things" just a house of cards waiting to collapse.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
    1. Re:Not just cameras by Kaenneth · · Score: 3, Insightful

      That's when you return it to the vendor as defective.

      They get away with it because people put up with it.

  9. Why not strong passwords? by phantomfive · · Score: 2

    why are strong passwords not required for these cameras?

    Mainly because most programmers don't know/care about security. Security is hard even when you care (for example a default password isn't a security vulnerability if your userbase is sophisticated enough to change it, and even ssh has had a vulnerability), but if you don't care, it's impossible.

    Sad but true.

    --
    "First they came for the slanderers and i said nothing."
    1. Re:Why not strong passwords? by phantomfive · · Score: 4, Informative

      Default, simple or non-existent passwords on consumer appliances have nothing to do with programmers.

      So, I had a wireless router once that would not turn on until I changed the password. It is very much a problem that can be solved by programmers.

      --
      "First they came for the slanderers and i said nothing."
  10. Re:How is this even a story? by war4peace · · Score: 2

    I have printed porn images on HP printers around the world using just Google :)

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  11. Re:what's the fucking site? by nukenerd · · Score: 4, Informative

    http://www.insecam.com/

  12. Re:Goes to show by NoNonAlphaCharsHere · · Score: 2

    I don't know where you work, but around here, kill the messenger is company policy.

  13. Manufacturers can help make this better by Terry+Pearson · · Score: 3, Informative

    This is because of people who are too lazy or too intimidated by technology to understand it. You buy the camera, many times you open a port on a router, but you fail to change the password. I am not going to blame the manufacturer for that.

    However, manufacturers could make the default a lot more secure by using methods to randomize the default passwords of the cameras. I've setup routers where the default password is printed on a plate on the bottom (next to the mac address and default IP). This gives you a degree of randomness and makes brute force near impossible without physical access to the device. This way, the user still has the freedom to change to a blank password, 'password' as password etc. if they choose to unprotect themselves. But the default becomes reasonably secure.

    This is mostly a problem with users, but sometimes the manufacturer needs to adjust the process to help the intimidated, ignorant, or lazy user along.

    1. Re:Manufacturers can help make this better by phorm · · Score: 3, Interesting

      These days when the local ISP's give out routers, there is a stamp on the router that has the default login, wifi ESSID, and wifi login. You can change these of course, but the defaults are not the same between customers.

      When I setup my firewall, it *WOULDN'T* work until I first set a password. This was the very first step.

      This isn't customers - many who are less tech savvy - being lazy, it's the manufactures. There is absolutely no reason that they can't either package a unique password or simply require the users to create a password before the first use.

  14. News Flash: by Lumpy · · Score: 2

    People are stupid, People when confronted with technology are triple stupid.

    --
    Do not look at laser with remaining good eye.
  15. Re:Make default passwords hard by Lumpy · · Score: 2

    Set the default password to be the ethernet MAC address. Problem is most of these cheap china crap cameras all use the SAME mac address.

    Just bought 6 1080P IP cameras and discovered I had issues when I powered up more than 1. I looked and all of them have the exact same mac address. Easy enough to change if you know how in the web interface UI, but 99% of consumers would have no clue.

    --
    Do not look at laser with remaining good eye.
  16. tempest in a teapot by Charliemopps · · Score: 3, Insightful

    So... some random person somewhere... can see my sleeping baby. But they have no idea where that baby is other than the last hop out of my ISP so they might know I'm somewhere in Atlanta... or whatever. Maybe if they stared at the feed 24/7 for years I might drop my water bill in the crib before I picked the baby up so they could get my address or something... But ok, so they can see a video feed of my sleeping baby? So what?

    Short of a camera pointed directly at my bed, or my toilet, I don't see how this would be that god awful. First, I'd never point a camera at my bed. Any camera. Second, someone seeing pictures of me walking around my pizza restaurant? With no address and no idea who I am or where my restaurant is? So what?!?! There are plenty of horribly invasive privacy problems out there. This isn't one of them.

    1. Re:tempest in a teapot by Anonymous Coward · · Score: 2, Insightful

      So... some random person somewhere... can see my sleeping baby. But they have no idea where that baby is other than the last hop out of my ISP so they might know I'm somewhere in Atlanta... or whatever. Maybe if they stared at the feed 24/7 for years I might drop my water bill in the crib before I picked the baby up so they could get my address or something... But ok, so they can see a video feed of my sleeping baby? So what?

      Short of a camera pointed directly at my bed, or my toilet, I don't see how this would be that god awful. First, I'd never point a camera at my bed. Any camera. Second, someone seeing pictures of me walking around my pizza restaurant? With no address and no idea who I am or where my restaurant is? So what?!?! There are plenty of horribly invasive privacy problems out there. This isn't one of them.

      Actually it doesn't take a lot of legwork. The default credentials to your cam will probably let me see what the Wifi SSID and password is... And what your neighbors SSIDs are too. Thats one more piece (and some services are nice enough to let me geolocate based on a SSID/mac). If you have a poorly secured (the default) residential gateway (many cable/dsl providers give these out for free and you get what you pay for when it comes to security) I can probably find out the names of all the PCs on your network. Do you or someone you love own an HP, that oh so helpfully named itself after the full name you entered when you set up Windows? Oops! Now I know your name. A quick stop to some other helpful sites on the internet (public records) will fill in the rest.

      You laugh, but I have successfully used this trick several times, it takes about 5 minutes of digging using freely available tools and a little brainpower, to start coming up with tons of info about a location in my city like resident names, address, list of household networked equipment, cams, phone presence (so i can be sure to stop by when i know no phones are home, i.e. no people are home) and the like. I wish I were exaggerating. To be fair, none of it is any more harmful than seeing a nice living room full of expensive toys through open curtains, but with the power of the internet I can troll thousands of houses (all within a few miles of me) with a few clicks and pick out exactly which kind of TV I want to steal.

  17. Time sink ... by CaptainDork · · Score: 3, Informative

    ... after an hour of poking around. Nothing to see.

    --
    It little behooves the best of us to comment on the rest of us.
  18. What is old is new again by cetan · · Score: 2

    2005 wasn't that long ago, was it?

    http://it.slashdot.org/story/0...

    --
    In Soviet Russia...michael would be rotting in Siberia!