<p>LOL.</p>
<p>That was a good episode.</p>
<p>Y'know, Linux should be running personal flying cars these days... where's my Penguin Powered Personal Flying Car?!</p>
<div class="gmail_quote">On Oct 5, 2011 7:00 AM, "John Pilman" <<a href="mailto:jcpilman@gmail.com">jcpilman@gmail.com</a>> wrote:<br type="attribution">> I always liked the approach taken by Balok in Star Trek. But then, he<br>
> was defeated by the Corbomite Maneuver.<br>> <br>> Actually, thanks for the post, My laptop has a camera that I don't<br>> use, but I don't know if anyone else is using it.<br>> ...John<br>> <br>
> On Wed, Oct 5, 2011 at 1:29 AM, Ron Frazier<br>> <<a href="mailto:atllinuxenthinfo@c3energy.com">atllinuxenthinfo@c3energy.com</a>> wrote:<br>>> Hi Guys,<br>>><br>>> I'm going to post some experiences I've been having with Windows<br>
>> regarding webcam privacy. I'm posting it here for two reasons. 1) Some<br>>> of you dual boot like I do or have exposure to Windows either by<br>>> necessity or choice for whatever reason, and 2) some of it could apply<br>
>> to Linux. I'm posting it just in case someone reading it may avoid some<br>>> of the hell I've been going through. If anyone wants to, they can<br>>> address how to deal with similar issues in Linux.<br>
>><br>>> Webcam privacy<br>>><br>>> As many of you know, many new notebook computers come with a built in<br>>> webcam and a microphone. This is handy if you're doing video<br>>> conferencing, but can also be a dangerous way to invade your privacy.<br>
>> There have been occurrences of viruses which secretly turn on the web<br>>> cam and mic and send a record of whatever you're doing to the cracker.<br>>> I believe there have also been occurrences of websites which do the same<br>
>> thing with java and / or flash. Most people, including myself, don't<br>>> want total strangers spying on them while they use their computers.<br>>> There was also a lawsuit where technicians of a school system had<br>
>> installed spy software on the schools pc's prior to giving them to the<br>>> students. It was an official action, presumably to help find the<br>>> laptops if they were stolen. However, the staff was using it to spy on<br>
>> the students without authorization while the students were in their own<br>>> homes.<br>>><br>>> So I decided to A) find out if the camera and mic were active, and B)<br>>> disable them. Note that these components cannot be physically removed<br>
>> or disconnected easily. I first had to see if my notebook even has a<br>>> mic. After 20 minutes studying the manual, and trying to figure out<br>>> which parts of it applied, I determined that my machine has both a<br>
>> webcam (which was obvious) and a mic (which was not obvious). Finally,<br>>> I found a tiny pinhole in the front bezel, which is the mic. They may<br>>> not always be visible though. To see if the mic was working, I loaded<br>
>> up Windows sound recorder. Even before starting a capture, I could see<br>>> the volume graph fluctuating as I made some noise around the machine.<br>>> So, I've got a hot mic. Then, to check the camera, I loaded up the<br>
>> camera utility that came with the machine. Sure enough, my mugshot pops<br>>> up on the screen. The colors were all wrong, but that's another matter.<br>>><br>>> At that point, I decided I wanted to permanently (unless I reinstall<br>
>> something) disable these things. If I want a mic, I'll plug in a<br>>> headset; and if I want a camera, I'll plug one in. I went to the<br>>> Windows device manager and looked for the mic. Couldn't find it. I<br>
>> then opened the sound control panel and went to the recording tab.<br>>> There I found the mic device and told the system to delete it. I don't<br>>> remember the exact command. I then rebooted and restarted the sound<br>
>> recorder. It immediately gives an error message that there is no<br>>> recording device found, which is just what I wanted. So far, so good.<br>>><br>>> I went back to the device manager and found a USB Webcam. I selected<br>
>> the device and told Windows to disable the driver. I then rebooted and<br>>> started the camera app again. BOOM. There I am on the screen again.<br>>> Darn it. I went back to device manager and told the system to DELETE<br>
>> the driver. Rebooted. Started the camera app. BOOM. There I am<br>>> again! My image is now upside down, and the colors are wrong still, but<br>>> it's there! The point being, you can't turn off the stinking camera.<br>
>> Nothing I could do from a software point of view would stop the camera<br>>> from working. Being the clever engineer that I am, I headed to the<br>>> pantry and pulled out a roll of Gorilla Tape. It's thick, strong, and<br>
>> black. I sliced off a 1/2" x 1" piece of tape and affixed it right over<br>>> the top of the camera lens. I made sure that I positioned it in such a<br>>> way that I could still see the LED light which is supposed to come on if<br>
>> the camera is active. Now, I can activate the camera app and see<br>>> nothing at all, even though the camera is on, which is just what I<br>>> want. Even if I shine a flashlight on it, all I see is a dim blob of<br>
>> light, so the tape is working nicely. And that is how you can control a<br>>> very high tech device with a very low tech device. Note that covering<br>>> up the mic with tape won't really stop it's function though.<br>
>><br>>> Now you may or may not want to tape your camera. So, assuming you don't<br>>> have a virus or secret spyware on your system, here's how to stop flash<br>>> from accessing your camera and mic without your permission. I use both<br>
>> the tape as well as these settings. I don't know for sure if Java can<br>>> access the camera and mic. But, if it can, the only way I know to stop<br>>> it is to uninstall Java. I'll probably uninstall Java on my sister's<br>
>> machine and Dad's machine to reduce the other security concerns<br>>> associated with it. I don't think they need it anyway.<br>>><br>>> Some of you might say, don't use flash, but for my purposes, I don't<br>
>> find that practical. I have flash on both Windows and Linux. If you're<br>>> running flash on Linux, this applies to you.<br>>><br>>> Flash settings are controlled through an online app on the Adobe /<br>
>> Macromedia website. Assuming you have flash installed, go to the site<br>>> below to access the Flash settings manager. If using something like<br>>> Noscript in Firefox, you'll have to trust <a href="http://adobe.com">adobe.com</a> and <a href="http://macromedia.com">macromedia.com</a>.<br>
>> Here's are the addresses:<br>>><br>>> You can check the version of flash on your system here:<br>>> <a href="http://www.adobe.com/software/flash/about/">http://www.adobe.com/software/flash/about/</a><br>
>> They've been ramping the versions quite often lately. As of this<br>>> moment, the current one is 11.0.1.152.<br>>><br>>> Here is the settings manager.<br>>><br>>> <a href="http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html">http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html</a><br>
>><br>>> Note, you can right click a flash object in Windows IE and click<br>>> settings and a settings widget will pop up, however, you don't get all<br>>> the settings. I would use the website. I'm only going to mention the<br>
>> mic and camera settings here, but I would recommend checking all the<br>>> flash settings here to make sure your're not allowing flash cookies, old<br>>> security, flash storage, and flash peer to peer networking, if you wish<br>
>> to really keep your shields high, as I do. I can elaborate on those<br>>> procedures if desired. Note that if you delete flash, these settings<br>>> may be erased. If you update flash, they SHOULD stay there, but I check<br>
>> them whenever I do an update.<br>>><br>>> Once you load the settings page, you will see some links at the left.<br>>><br>>> Click Global Privacy Settings Panel.<br>>><br>>> There are two buttons. One says Always Deny - which automatically<br>
>> rejects any request from a flash app to access your camera and mic.<br>>> This is the one I choose. The other says Always Ask - which,<br>>> presumably, will ask you every time a flash app wants access to your<br>
>> camera and mic.<br>>><br>>> There is a bug in the settings manager, whereby it sometimes doesn't<br>>> accept the settings. This screen has no status indicator to show how<br>>> it's set, so I do the following to make sure it's set.<br>
>><br>>> Click Always Deny and then confirm the action. Do this 3 times. Click<br>>> Global Privacy Settings Panel again.<br>>> Click Always Deny and then confirm the action. Do this 3 times. Click<br>
>> Global Privacy Settings Panel again. (Yes I meant to write that twice.)<br>>><br>>> Now click Website Privacy Settings Panel.<br>>><br>>> This is where you can override the default settings. You should see a<br>
>> list of sites you've visited which activated flash. The list may be<br>>> quite long. If you want all sites to follow your new policy, click<br>>> Delete All Sites to remove everything from the list. All future sites<br>
>> you visit will, by default, use the settings you set in the prior step.<br>>> Let's say that now I go to <a href="http://skype.com">skype.com</a>, and I DO want to allow access to<br>>> the camera and mic. After loading <a href="http://skype.com">skype.com</a> in the web browser, open a<br>
>> new tab and go back to the settings manager and click on the Website<br>>> Privacy Settings Panel. You should now see <a href="http://skype.com">skype.com</a> in the list. It<br>>> will have a symbol by it which indicates the settings for that site. If<br>
>> you clicked Always Deny in the prior step, as I did, there should be a<br>>> red circle with a white horizontal line through it. This means that<br>>> <a href="http://skype.com">skype.com</a> will always be denied access to the camera and mic and it<br>
>> won't ask you. Every new site that activates flash will get an entry in<br>>> this box with the same symbol.<br>>><br>>> To allow <a href="http://skype.com">skype.com</a> to access the camera, click on its name in this box.<br>
>> Once you click the site name, some radio buttons above will light up.<br>>> There, you can select Always Deny, Always Allow, or Always Ask<br>>> permissions for THIS site only to access your camera and mic. In this<br>
>> case, you could click Always Ask or Always Allow. Note that you cannot<br>>> set Always Allow from the Global settings screen. This setting should<br>>> take effect immediately. But, you can click on the Website Privacy<br>
>> Settings Panel link again to refresh the page and see if it saved the<br>>> settings.<br>>><br>>> Using these settings, you can tightly control access to the camera and<br>>> mic for non malicious websites. A malicious site may be able to bypass<br>
>> these features. A virus or spyware won't be using flash probably but<br>>> will be talking to your hardware directly - hence the Gorilla Tape and<br>>> deleted mic driver in my case.<br>>><br>
>> Later I'm going to share 2 days worth of application install hell<br>>> experiences caused by DEP (Data Execution Protection). Too tired of<br>>> typing now. This other topic applies to Windows, Linux, and Mac.<br>
>><br>>> From Wikipedia:<br>>><br>>> <a href="http://en.wikipedia.org/wiki/Data_Execution_Prevention">http://en.wikipedia.org/wiki/Data_Execution_Prevention</a><br>>><br>>> Data Execution Prevention (DEP) is a security feature included in modern<br>
>> operating systems. It is known to be available in Linux, Mac OS X, and<br>>> Microsoft Windows operating systems and is intended to prevent an<br>>> application or service from executing code from a non-executable memory<br>
>> region. This helps prevent certain exploits that store code via a buffer<br>>> overflow, for example.[1] DEP runs in two modes: hardware-enforced DEP<br>>> for CPUs that can mark memory pages as nonexecutable, and<br>
>> software-enforced DEP with a limited prevention for CPUs that do not<br>>> have hardware support. Software-enforced DEP does not protect from<br>>> execution of code in data pages, but instead from another type of attack<br>
>> (SEH overwrite).<br>>><br>>> DEP was introduced on Linux in 2000, on Windows in 2004 with Windows XP<br>>> Service Pack 2,[2] while Apple introduced DEP in 2006.[1]<br>>><br>>> More later.<br>
>><br>>> Sincerely,<br>>><br>>> Ron<br>>><br>>> --<br>>><br>>> (PS - If you email me and don't get a quick response, you might want to<br>>> call on the phone. I get about 300 emails per day from alternate energy<br>
>> mailing lists and such. I don't always see new messages very quickly.)<br>>><br>>> Ron Frazier<br>>><br>>> 770-205-9422 (O) Leave a message.<br>>> linuxdude AT <a href="http://c3energy.com">c3energy.com</a><br>
>><br>>> _______________________________________________<br>>> Ale mailing list<br>>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>>> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>>> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br>>><br>> <br>> _______________________________________________<br>
> Ale mailing list<br>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>> <a href="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</a><br>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></div>