Looking through files

[curiousgirl]

I've been spending the day looking through the files in /etc (in between reading blogs and watching youtube videos ).

Anyway I was looking at the file in /etc/adobe/mms.cfg which seems to be the config file for flash, and there was this in it:
# Lets you prevent SWF files from accessing webcams or microphones
# 0 = Not Disabled (default), 1 = Disabled
#AVHardwareDisable = 0

WOW... so seriously all this time SWF files have been able to access my webcam (ok I don't have a webcam, but theoretically) and microphone?

That's kinda creepy... lol.

I mean I can kind of see why you might want it... but... still.

[kingluke]

Flash is evil.
FACT!

[curiousgirl]

My friend laughed at me and said "that doesn't mean it won't ask you first, go to a site that uses flash with a mic and see for yourself".
And it did ask me.
So lol.
I am wondering though by the access filesystem one further down since I am sure I've used the flash uploader on the wordpress site and I can't recall flash ever asking my permission.

[Farmer Mike]

About 5 or 6 years ago, there was malware that could tturn on an infected computer's webcam and send video back to the malware author. I imagine microphones could be switched on too.

Virus alert: Rbot sets your webcam to spy on you | Security | silicon.com

iTWire - Webcams vulnerable to malware hackers

This was Windows malware, I don't know how feasible that exploit would be in Linux.

That configuration file could just be a holdover from a precaution against such a thing.

[MASONTX]

Remember this in the news a few months ago? http://boingboing.net/2010/02/17/sch...ed-student.htm

[curiousgirl]

No, I didn't know about that! Why would a school even want to monitor kids at home like that sheesh?

[MASONTX]

The official explanation was that the laptops belonged to the school, and were on loan to the students. The school put the software on the laptops so if a student reported one stolen, they could turn on the camera and try to recover the laptop from the thief. Unfortunately, it was aleged that one or more administrators abused the program and were spying on students who had not reported their laptops stolen.

[Bemk]

About 5 or 6 years ago, there was malware that could tturn on an infected computer's webcam and send video back to the malware author. I imagine microphones could be switched on too.

Virus alert: Rbot sets your webcam to spy on you | Security | silicon.com

iTWire - Webcams vulnerable to malware hackers

This was Windows malware, I don't know how feasible that exploit would be in Linux.

That configuration file could just be a holdover from a precaution against such a thing.

It would be a bit more difficult as you'd need to be root to enable a piece of hardware for the user I believe. Don't pin me down on that one, but it would be my theory.
Still if there was a piece of mal ware, it still had to get on your PC, and as long as you don't open any E-mails with (working) macros, install everything from the repo's, or from any other source you can trust, and don't work with software you don't trust, you should be reasonably fine.

Still, if someone would really want to get into your system, they will get there, no doubt. Safety precautions are only speed bumps in that case to physically try and stop the attacker. Locations such as the US government are targets like that, and the way they protect their data, must be to have enough speed bumps in place to detect and stop the attacker with a SWAT team or something like that(didn't seem to help in the case of McKinnon though).

[Farmer Mike]

As an addition, here's a story I just ran across:

Man charged with malware 'sextortion' plot ? The Register

[MASONTX]

Even on windows machines, I don't think it is a huge threat, assuming reasonable precautions, but it points out the need to be aware of what you do in front of a webcam.