Irfanview hacked on Windows 10, as was VLC player

First two items on the list are programs I use.
https://wikileaks.org/ciav7p1/cms/page_20251107.html

Irfanview -- apparently they can use it to turn on microphone & camera

VLC -- apparently they can use it to turn on your microphone

On 11/03/2017 10:20 AM, Niamh Bodkin wrote:

VLC -- apparently they can use it to turn on your microphone


Not surprising given VLC's features. It's possibly the only good media
players for Linux users.

--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
�借貸! ��騙! ��交! �打交! �打劫! �自殺! 請考慮綜� (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

On 11-Mar-2017 8:30 AM, Wolf K wrote:
On 2017-03-10 21:20, Niamh Bodkin wrote:
First two items on the list are programs I use.
https://wikileaks.org/ciav7p1/cms/page_20251107.html

Irfanview -- apparently they can use it to turn on microphone & camera

VLC -- apparently they can use it to turn on your microphone

"They" have been able to do this for quite a while now. "They" can turn
on/eavesdrop/scavenge data from any internet-connected device, such as
your iPhone-activated front door lock.

"They" includes a lot more people than the CIA.

Have a nice paranoid day.


+1

"Niamh Bodkin" wrote

| First two items on the list are programs I use.
| https://wikileaks.org/ciav7p1/cms/page_20251107.html
|

Browsing through the Wikileaks data I was
surprised by how little info there actually was.
One of the few "hacks" I actually saw was how
to look up the current UAC level in the Registry.
That's basic sys admin stuff.
With one of the hackable programs, Libre Office,
there's a Procmon screenshot of DLLs loaded.
It means nothing without explanation. Irfan View
and VLC? Maybe I missed it, but it seemed to me
that there was no actual information there. Just
an incriminating list.

In any case, the programs you're talking about
are generally not Internet-connected, which
means they're talking about hacks by malware
that's already on your computer. Why do they need
to hack when they're already on your computer?
Probably most of it is concerned with how to bypass
the restrictions on someone running in "lackey mode",
as a limited user. Likely they're dealing with corporate
employee computers in many cases. Otherwise, why
would it matter? They don't need to hack IrfanView
to run code if you're running with moderate permissions.

But there are lots of ways to get around UAC.
That's a nuisance, not security.

What you're talking about is realizing your home
desk drawer is not locked and your TV is not
chained to the wall. But what about a front door
lock? The real concern is malware getting in in
the first place. Scam emails. Running javascript
in the browser. Installing Java, Flash, Silverlight,
or PDF plugins. Allowing autorun for USB sticks.
(Or using USB sticks promiscuously in general. If
you need to transport files to someone else it's
safer to use a CD.) Using remote functionality
software like Skype or remote desktop functionality.
Enabling file sharing.... Those are the things you
have to watch out for. If you leave your house
with the front door unlocked and the side window
open, having no lock on your desk drawer is the
least of your worries.
(Actually, police will tell you the same thing about
house break-ins: The entry point is critical. Once
they get into a foyer or start dealing with your
desk drawer lock, they can afford to take their time
and make more noise.)

And for most people, ransomware is a far bigger
threat than hackers stealing your files. (Ideally, you're
not keeping banking/credit card records on your
computer.)
Ransomware will probably come from online. Likely
through a sneaky email or browser vulnerability. In
order to work it will have been designed to bypass
file restrictions, so UAC will do you no good and all
those security updates to the likes of Irfan View or
VLC will just get irretrievably encrypted along with
the rest of your data.

In article , says...

First two items on the list are programs I use.
https://wikileaks.org/ciav7p1/cms/page_20251107.html

Irfanview -- apparently they can use it to turn on microphone & camera

VLC -- apparently they can use it to turn on your microphone

So don't plug in the camera and don't connect the mic. For laptops put
tape over the camera and maybe something more over the mic. Or take it
apart and disconnect the wires. Might be enough to simply remove the
appropriate drivers assuming they don't get reinstalled every time you
reboot system.

In article , Wolf K
wrote:


"They" have been able to do this for quite a while now. "They" can turn
on/eavesdrop/scavenge data from any internet-connected device, such as
your iPhone-activated front door lock.

no they can't.

In article , Mayayana
wrote:


And for most people, ransomware is a far bigger
threat than hackers stealing your files.

the only people for whom ransomware is an issue are those who don't
have backups.

these are the same people who are at risk for all sorts of problems,
ones that are far more likely to occur than ransomware.

if someone has a full backup, then it's a complete non-issue, whether
it's ransomware, a hard drive failure, loss/theft or something else.
reformat, restore, and everything is back to normal, often in less than
an hour.

(Ideally, you're
not keeping banking/credit card records on your
computer.)

it's much better there than on paper that anyone can read.

On 3/11/2017 12:47 PM, nospam wrote:
In article , Wolf K
wrote:


"They" have been able to do this for quite a while now. "They" can turn
on/eavesdrop/scavenge data from any internet-connected device, such as
your iPhone-activated front door lock.

no they can't.

Especially when you turn it off when you are not using it.

In article , Keith Nuttle
wrote:


"They" have been able to do this for quite a while now. "They" can turn
on/eavesdrop/scavenge data from any internet-connected device, such as
your iPhone-activated front door lock.

no they can't.

Especially when you turn it off when you are not using it.

and even if you don't.

there may be a very small number of vulnerable devices, but it's not
trivial to gain access and easily blocked anyway.

it's certainly not 'any internet-connected device'. not even close to
reality.

On 2017-03-13 04:54:13 +0000, nospam said:

....and I see your post time has just gone haywire again.

--
Regards,

Savageduck

In article 2017031221040280366-savageduck1@REMOVESPAMmecom,
Savageduck wrote:

On 2017-03-13 04:54:13 +0000, nospam said:

...and I see your post time has just gone haywire again.

no, that post was posted from another computer.

In article , Nomen Nescio
wrote:

And for most people, ransomware is a far bigger
threat than hackers stealing your files.

the only people for whom ransomware is an issue are those who don't
have backups.

these are the same people who are at risk for all sorts of problems,
ones that are far more likely to occur than ransomware.

if someone has a full backup, then it's a complete non-issue, whether
it's ransomware, a hard drive failure, loss/theft or something else.
reformat, restore, and everything is back to normal, often in less than
an hour.

What?!?! You must not have much data to fully restore if you can
restore it all in under an hour. My backups would take quite a
number of hours, maybe a day, to restore all of my data. I'd be
glad to be able to restore it, in that eventuality, no matter how
long it took.

how big is all of your data?

restoring a full 500g ssd is under an hour over usb 3.1.

or just boot off a clone, should be around 30 seconds or so.

for me, most of my data lives on file servers, accessible to any
computer on the network. it took something like 20-30 minutes to back
up my entire laptop.

On Mon, 13 Mar 2017 00:29:58 -0400, nospam wrote:

...and I see your post time has just gone haywire again.

no, that post was posted from another computer.

OT SUBTOPIC: Date header discussion...

AFAICR, they changed the way date headers work with the most common
InterNetNews NNRP servers well prior to the more current INN 2.6.0 (a few
years ago), which means the newer versions handle date headers differently
now than they did before.

You can still completely control what the date header says, but you have to
be able to change how your system date is presented to the news server.

For example, my date header above should be the generic GMT system date.
(and where my next reply, using the same server, will contain my computer
sysdate.)

On Mon, 13 Mar 2017 20:11:27 +0000 (UTC), Stijn De Jong wrote:

Date: Mon, 13 Mar 2017 20:11:27 +0000 (UTC)
For example, my date header above should be the generic GMT system date.
(and where my next reply, using the same server, will contain my computer
sysdate.)

By way of example, the date header above will be my system date instead of
GMT (all other things being equal in the two consecutive posts).

In article , Stijn De Jong
wrote:


...and I see your post time has just gone haywire again.

no, that post was posted from another computer.

OT SUBTOPIC: Date header discussion...

AFAICR, they changed the way date headers work with the most common
InterNetNews NNRP servers well prior to the more current INN 2.6.0 (a few
years ago), which means the newer versions handle date headers differently
now than they did before.

You can still completely control what the date header says, but you have to
be able to change how your system date is presented to the news server.

For example, my date header above should be the generic GMT system date.
(and where my next reply, using the same server, will contain my computer
sysdate.)


*whoooooooooooosh*