You are here: Home / Archives for Technology

Webcam Exploit Allows Public Viewing of Your Private Areas

February 9, 2012 by

Open Unsecured Live TrendNet Camera ShotsIn many situations private investigators and security cameras go hand-in-hand.  On the 8 Feb 2012 episode of Security Now with Steve Gibson, he talked about a security flaw discovered by person(s) from Console Cowboys involving TrendNet web cameras. Allegedly, there are approximately 26 different models vulnerable to an exploit allowing anyone with an Internet connection to log into the cameras and watch you live.

What happened here is a savvy individual (hacker) that owned one of the cameras decided to take it apart and probe the software contained inside. What he found was an anonymous directory /anony/ with a CGI script “mjpg.cgi” that allowed you to go directly to the camera’s live shot.  He simply put his camera’s IP address in his web browser along with the direct path /anony/mjpg.cgi and was able to view his live web cam without a prompt for a user name/password.

If that wasn’t bad enough, the hacker went to the website ShodanHQ with his info.  Shodan is a newer search engine that logs all of the web servers connected to the Internet by reading their header data.  See, webservers including the small one contained in the Trendnet cameras broadcast a small descriptive title letting the recipient know what type of server it is (web, email, nfs, etc).  The Trendnet camera’s web server sends out the term “netcam” when prompted.  So, if you enter the term netcam into the ShodanHQ search engine, the result is a list of IP addresses that have this type of camera connected to the net.  All he did then was add the path behind the resulting listed IP addresses and he was looking in on people’s private webcam shots all over the world.

Here is clip from the Security Now Show where Steve Gibson talks about the webcam exploit:

So, if you or any of your clients are using any Trendnet cameras, it may be a good idea to disconnect them until you or they are able to correct the problem.  Trendnet has issued an update with links for downloads/firmware updates.

Thanks to Steve Gibson (@SGgrc) and Leo Laporte (@leolaporte) for a great report on this.

Leave a comment below and let us know what you think or what your experiences are with this type of exploit.

Gordon Medley

Filed Under: Private Investigation, Security and premise protection, Surveillance, Technology Tagged With: , ,

Data Breach Risks for Private Investigators

July 18, 2011 by

Private Investigator Computer SecurityThe popular book that I missed (but recently bought) is “Black Swans” by Taleb.  It explains that the big wins and losses in history can’t be easily predicted yet they are the most significant events.

Computer security is one field where this stuff really fits.  Here are 2 examples.

YOU WIN BIG:  In the old days to a PI had to rent an office, hire a secretary and someone to run to the courthouse… now you skip the administrivia and let a PC do the clerical work.  Life is good; you get to do investigations and skip the other stuff.  This convenience was not redicted when you were born.

YOU LOSE IT ALL: For the last 10 years you have been doing successful investigations.  Every week you open a new case, and enter detailed data on a new client and 10 suspects into your database.  Yesterday your database was hacked.  Today RCW 19.255.010 kicks in.  You are REQUIRED to notify all 5720 people (including the suspects) of the data breach.  On the average, figure it will cost about $100 each when you pay for their credit monitoring, etc.

The bottom line is that the potential $57K loss could be completely avoided by taking a few minutes to set up encryption (read the first sentence of the RCW again) to protect the client information.  There are lots of alternatives – password safe, PGP, bitlocker, EFS, password safe, TrueCrypt – that apply to hard drives, email, USB sticks or the cloud.  I choose encryption.

Gordon Mitchell

www.eSleuth.com

(425) 489-0446

Filed Under: Education, Technology, Training Tagged With: ,

Selecting a camcorder for private investigators

June 6, 2011 by

Camcorder

Have you ever purchased a video camera and then realized it was missing some key functions you need to use in your job?  It can be very frustrating to say the least.   There are so many good handheld video cameras out today, it’s hard to pick just one or two.  Brand wise, I’m a fan of Canon, Panasonic, Sony, but there are many others.  Some things you may want to think about before you shop are:

  • Do you have video editing software and familiar with using it?
  • Does your computer have a large hard drive?  Video camcorders today record in HD and that take a lot of hard disk space
  • Do you want a cam with a hard drive or flash memory?  Hard drives tend to be larger and are able to hold more video than camcorders with flash drives
  • How expensive are extra batteries?  Extra batteries and get very expensive
  • Does it have video stabilization?  This will allow you to shot handheld in low light conditions and still have usable video for your client
  • Does the camera have a “mic” input?  If so, you can put in a dummy plug which prevents you from accidentally recording audio.  If not, you’ll have to delete audio in your movie editing software before you deliver to your client
  • How much “optical zoom” do you need?  The more the better but it makes it more expensive
  • What video format doe your camcorder record in?  Does your video software handle that type of file?
  • How does your client want the video?  DVD?  CD-ROM, USB Key, Uploaded to a website?

Digital SLR

In addition to all the camcorders out there, digital SLRs now shoot video in addition to just being a still picture camera.  It should really be something you consider when you are looking to purchase a camcorder.  An SLR will often have more options allowing you to do more with the camera rather than a camcorder.  One major thing to think about is ISO range.  Many of the SLR cameras have a large image sensor allowing more light to reach it.  This translates to better low light pictures without having to use a flash or other light source.

With many digital SLRs (make sure you check that it can), you can use it both to video and take still images during your surveillances.  If you are considering an SLR for this purpose, look into what type of memory card the camera takes and the largest card you can get.  Digital SLRs take very good quality HD/1080P video and the resulting file is very large.  Also, check to see if the camera package comes with any lenses, a body alone will do you no good.

Here are two links to Google’s shopping/evaluation section that I like to use when shopping online.  The first is for camcorders and the second is for digital SLRs.  You can use the links to sort either item by price, zoom factor, price, sensor type, etc…

Camcorder List

Digital SLR list

I’d really be interested in what your ideas are when selecting a camera or camcorder.  If you’ve got some ideas, list them below in comments.  Your fellow investigators will appreciate it.

Filed Under: Local News, Technology

Get your Private Investigator website more exposure

February 16, 2010 by

Making your website as accessible and simple as possible for your users isn’t always easy. Luckily, there are many standards and practices that visitors expect on any modern website. We’ve boiled some of these rules down to our top 12 favorites for you to use as a checklist on your current website or next big project!

  1. Layout: Studies have been done that prove Web users look at the top of a page first and then work their way down the left hand side (think of a backwards 7). Try to include your important text, navigation and headings in those areas to increase their visibility.

  2. Contrast: Try to choose colors for your text and background that contrast well to make it easy on the eyes. If your foreground and background colors are too similar some monitors may not display the differences well enough to make your text readable.

  3. Whitespace: It’s tempting to try to include as much information on your page as possible, but overcrowding makes pages difficult to read or scan quickly. Use whitespace between paragraphs, content boxes, graphics and navigation elements to keep your pages digestable.

  4. Treat Type Consistently: Keeping the sizes and typefaces you use consistent will help users read your content more easily. Headlines should be larger, body text should be in a single size, and try not to use too many different fonts.

  5. Make Links Recognizable: Links should stand out from the rest of the text on your site. Common practice is to underline links and color them blue. If you don’t follow these rules, keeping the design of your links consistent will help users know what’s clickable.

  6. Header: This is one of the first things a visitor sees on your site, so it needs to have a consistent design and persistent navigation on every page. Include your logo at the top left and link it to your homepage to help users quickly return home.

  7. Footer: Just like your header, this area should be consistent throughout your site. Include your address, phone number, copyright info, and links to your social media profiles.

  8. “About Us”: Your about page should be clear and informative. It’s the go-to page for people wanting to know more about your website and, if you’re a business, why they should use your company over another.

  9. Calls-To-Action: A call-to-action is an area on your site that elicits a user interaction, like a “buy now” button or link. Make sure your actions are clear and go where promised, try replacing “click here” with “view gallery” or “see all services”.

  10. Buttons on Bottom Right: People read from top left to bottom right. If you want users to move through to the next page, put your buttons or links near the bottom right. If you want users to go backward, put your buttons or links on the bottom left.

  11. Clear Page Titles: If a page on your site shows the products you sell, call it your “Salon Catalog” or “Wine Tasting Menu”, not “Page 4.” This helps users when bookmarking a page and also promotes proper indexing by search engines.

  12. Break Up Long Blocks Of Text: We read slower online and we read even slower still if all the content is one long paragraph. Break up your text into smaller paragraphs and use sub-heads or graphics to help users scan more easily.

Filed Under: Technology

Private Investigator Training (Washington State)

January 29, 2010 by

Having just received an e-mail through our pnai.com website, requesting information on a training program for becoming a licensed private investigator, I directed the individual to the following locations:

www.pnai.com/pi-blog/private-investigation-training-at-grcc.html

http://www.extension.washington.edu/ext/certificates/pri/pri_hta.asp

I hope this helps anyone, in the Settle-Tacoma area, seeking similar information.

Respectfully,

Donald A. Bambenek II,  Bambenek Investigative Group

Filed Under: Technology Tagged With:

Please Support 4Troops

January 27, 2010 by

I was watching Good Morning America, yesterday morning and Bob Woodruff did a profile on the band 4Troops.  The group is comprised of four U.S. soldiers who served in Iraq and Afghanistan.   I listened to their performance and I was amazed. Here are four young soldiers who served our country and are now collaborating to foster support for American veterans.

They are releasing a CD on May 25, 2010.   You can pre-order it now.  I am sure you will enjoy their music, the message in their songs, and hope you will support them.

http://www.4troopsmusic.com/

 

Donald A. Bambenek II, Bambenek Investigative Group

Filed Under: Technology

Comcast – PI’s get speed boost

December 16, 2008 by

If you haven’t noticed, just recently, Comcast boosted it’s upload and download speeds to its high speed Internet customers.  We use a standard connection plan with an added boost that costs an extra $8 per month.  The speeds shown above in the image are pretty remarkable.  I conducted this test in the early morning to ensure I was’nt competing with neighbors for bandwidth.  You can find this speedtest site at:  http://www.speedtest.comcast.net

 Enjoy

Gordon Medley

Watchmen Investigations, LLC

Filed Under: Technology Tagged With: , ,

Japanese mobile music site admins arrested for infringement

October 24, 2008 by

In the US, the RIAA has a huge job on its hands policing people’s computer use, but the Recording Industry Association of Japan is far more concerned with mobile phones when it comes to copyright infringement. That’s because Japanese music lovers acquire new tunes on their handsets, not from their laptops. Given this reality, it was only a matter of time before criminal charges were brought against a unauthorized mobile phone download service—something that finally happened this week (read more)

Filed Under: Technology

Thurston County Doubles Document Fees

September 7, 2008 by

1/3 of the info at twice the price.  Recently, while at the the Thurston County Superior Court pulling a case file for one of my clients I realized they had doubled there per-page printing price.  It’s gone to $1.00 for the first page and .50 cent for each additional.  I used to think .25 for the first page and .25 each additional was overboard too.  Especially since the state worker has to do no more than pull the pages from the printer and collect the cash from the customer.

Filed Under: Technology Tagged With: , , ,