If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
First two items on the list are programs I use.
https://wikileaks.org/ciav7p1/cms/page_20251107.html Irfanview -- apparently they can use it to turn on microphone & camera VLC -- apparently they can use it to turn on your microphone |
Ads |
#2
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On 11/03/2017 10:20 AM, Niamh Bodkin wrote:
VLC -- apparently they can use it to turn on your microphone Not surprising given VLC's features. It's possibly the only good media players for Linux users. -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#3
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On 11-Mar-2017 8:30 AM, Wolf K wrote:
On 2017-03-10 21:20, Niamh Bodkin wrote: First two items on the list are programs I use. https://wikileaks.org/ciav7p1/cms/page_20251107.html Irfanview -- apparently they can use it to turn on microphone & camera VLC -- apparently they can use it to turn on your microphone "They" have been able to do this for quite a while now. "They" can turn on/eavesdrop/scavenge data from any internet-connected device, such as your iPhone-activated front door lock. "They" includes a lot more people than the CIA. Have a nice paranoid day. +1 |
#4
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
"Niamh Bodkin" wrote
| First two items on the list are programs I use. | https://wikileaks.org/ciav7p1/cms/page_20251107.html | Browsing through the Wikileaks data I was surprised by how little info there actually was. One of the few "hacks" I actually saw was how to look up the current UAC level in the Registry. That's basic sys admin stuff. With one of the hackable programs, Libre Office, there's a Procmon screenshot of DLLs loaded. It means nothing without explanation. Irfan View and VLC? Maybe I missed it, but it seemed to me that there was no actual information there. Just an incriminating list. In any case, the programs you're talking about are generally not Internet-connected, which means they're talking about hacks by malware that's already on your computer. Why do they need to hack when they're already on your computer? Probably most of it is concerned with how to bypass the restrictions on someone running in "lackey mode", as a limited user. Likely they're dealing with corporate employee computers in many cases. Otherwise, why would it matter? They don't need to hack IrfanView to run code if you're running with moderate permissions. But there are lots of ways to get around UAC. That's a nuisance, not security. What you're talking about is realizing your home desk drawer is not locked and your TV is not chained to the wall. But what about a front door lock? The real concern is malware getting in in the first place. Scam emails. Running javascript in the browser. Installing Java, Flash, Silverlight, or PDF plugins. Allowing autorun for USB sticks. (Or using USB sticks promiscuously in general. If you need to transport files to someone else it's safer to use a CD.) Using remote functionality software like Skype or remote desktop functionality. Enabling file sharing.... Those are the things you have to watch out for. If you leave your house with the front door unlocked and the side window open, having no lock on your desk drawer is the least of your worries. (Actually, police will tell you the same thing about house break-ins: The entry point is critical. Once they get into a foyer or start dealing with your desk drawer lock, they can afford to take their time and make more noise.) And for most people, ransomware is a far bigger threat than hackers stealing your files. (Ideally, you're not keeping banking/credit card records on your computer.) Ransomware will probably come from online. Likely through a sneaky email or browser vulnerability. In order to work it will have been designed to bypass file restrictions, so UAC will do you no good and all those security updates to the likes of Irfan View or VLC will just get irretrievably encrypted along with the rest of your data. |
#6
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article , Wolf K
wrote: "They" have been able to do this for quite a while now. "They" can turn on/eavesdrop/scavenge data from any internet-connected device, such as your iPhone-activated front door lock. no they can't. |
#7
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article , Mayayana
wrote: And for most people, ransomware is a far bigger threat than hackers stealing your files. the only people for whom ransomware is an issue are those who don't have backups. these are the same people who are at risk for all sorts of problems, ones that are far more likely to occur than ransomware. if someone has a full backup, then it's a complete non-issue, whether it's ransomware, a hard drive failure, loss/theft or something else. reformat, restore, and everything is back to normal, often in less than an hour. (Ideally, you're not keeping banking/credit card records on your computer.) it's much better there than on paper that anyone can read. |
#8
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On 3/11/2017 12:47 PM, nospam wrote:
In article , Wolf K wrote: "They" have been able to do this for quite a while now. "They" can turn on/eavesdrop/scavenge data from any internet-connected device, such as your iPhone-activated front door lock. no they can't. Especially when you turn it off when you are not using it. |
#9
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article , Keith Nuttle
wrote: "They" have been able to do this for quite a while now. "They" can turn on/eavesdrop/scavenge data from any internet-connected device, such as your iPhone-activated front door lock. no they can't. Especially when you turn it off when you are not using it. and even if you don't. there may be a very small number of vulnerable devices, but it's not trivial to gain access and easily blocked anyway. it's certainly not 'any internet-connected device'. not even close to reality. |
#10
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On 2017-03-13 04:54:13 +0000, nospam said:
....and I see your post time has just gone haywire again. -- Regards, Savageduck |
#11
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article 2017031221040280366-savageduck1@REMOVESPAMmecom,
Savageduck wrote: On 2017-03-13 04:54:13 +0000, nospam said: ...and I see your post time has just gone haywire again. no, that post was posted from another computer. |
#12
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article , Nomen Nescio
wrote: And for most people, ransomware is a far bigger threat than hackers stealing your files. the only people for whom ransomware is an issue are those who don't have backups. these are the same people who are at risk for all sorts of problems, ones that are far more likely to occur than ransomware. if someone has a full backup, then it's a complete non-issue, whether it's ransomware, a hard drive failure, loss/theft or something else. reformat, restore, and everything is back to normal, often in less than an hour. What?!?! You must not have much data to fully restore if you can restore it all in under an hour. My backups would take quite a number of hours, maybe a day, to restore all of my data. I'd be glad to be able to restore it, in that eventuality, no matter how long it took. how big is all of your data? restoring a full 500g ssd is under an hour over usb 3.1. or just boot off a clone, should be around 30 seconds or so. for me, most of my data lives on file servers, accessible to any computer on the network. it took something like 20-30 minutes to back up my entire laptop. |
#13
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On Mon, 13 Mar 2017 00:29:58 -0400, nospam wrote:
...and I see your post time has just gone haywire again. no, that post was posted from another computer. OT SUBTOPIC: Date header discussion... AFAICR, they changed the way date headers work with the most common InterNetNews NNRP servers well prior to the more current INN 2.6.0 (a few years ago), which means the newer versions handle date headers differently now than they did before. You can still completely control what the date header says, but you have to be able to change how your system date is presented to the news server. For example, my date header above should be the generic GMT system date. (and where my next reply, using the same server, will contain my computer sysdate.) |
#14
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
On Mon, 13 Mar 2017 20:11:27 +0000 (UTC), Stijn De Jong wrote:
Date: Mon, 13 Mar 2017 20:11:27 +0000 (UTC) For example, my date header above should be the generic GMT system date. (and where my next reply, using the same server, will contain my computer sysdate.) By way of example, the date header above will be my system date instead of GMT (all other things being equal in the two consecutive posts). |
#15
|
|||
|
|||
Irfanview hacked on Windows 10, as was VLC player
In article , Stijn De Jong
wrote: ...and I see your post time has just gone haywire again. no, that post was posted from another computer. OT SUBTOPIC: Date header discussion... AFAICR, they changed the way date headers work with the most common InterNetNews NNRP servers well prior to the more current INN 2.6.0 (a few years ago), which means the newer versions handle date headers differently now than they did before. You can still completely control what the date header says, but you have to be able to change how your system date is presented to the news server. For example, my date header above should be the generic GMT system date. (and where my next reply, using the same server, will contain my computer sysdate.) *whoooooooooooosh* |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|