Originally published January 19 2005
Hackers can use Google to access cameras not intended for public viewing
by Mike Adams, the Health Ranger, NaturalNews Editor
Anyone with access to Google can also have surprisingly easy access to camera images that are not necessarily meant for public consumption. Simple searches can lead hackers to unsecured web cameras of all types. And security experts are warning that, as media attention gathers around this story, more and more delinquent web surfers will enter the fray.
On 8 January 2005, media reports revealed that a simple Google search would uncover thousands of unsecured network cameras.
Few of the cameras reveal sensitive information, but media interest in the topic has generated significant extra traffic on their owners' networks as people surf to each entry in Google's listings in the hope of finding interesting images.
This is the second Google-enabled exploit highlighted by Gartner since December 2004 (the Santy worm also uses the "inurl:" feature to identify targets).
In the long term, software and hardware vendors need to increase default levels of security on their offerings, for example by preventing the use of a default password after users install a product for the first time or turning on security features by default.
Most search engines and indexing tools look for a file named robots.txt in the root directory of a Web site, which specifies which areas of a site, if any, can be indexed.
If you allow search engines to index your Web servers, everything they link to, including cameras and other devices, will be indexed by default.
Use properly set up robots.txt files on all Web servers, including Web-enabled devices such as cameras.
Treat all Internet-facing devices --- even apparently obscure ones such as network cameras --- as relevant to security.
Keep them up-to-date with patches and use strong passwords.
"New Worm Attack Points to Need for Vulnerability Management" --- The widespread Santy worm shows the critical importance of applying vulnerability management processes to all servers, software and Web-hosting services.
"Agile Processes Improve Enterprise Corporate Security Programs" --- The best approach to improving the efficiency and effectiveness of Internet security programs is to adopt high-level security processes.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml