
Insecam: Large Directory of Unsecure Cameras - djsumdog
http://www.insecam.org
======
kefka
Wow.. This certainly goes to show, the more "secure" you try to make things,
the easier they'll try to make it and ruin your security.

www.insecam.org/en/view/386702/ \- Somebody's RSA keyfob with automatic button
presser.

~~~
saganus
Wow.... wtf? I'm guessing someone just dropped the camera on a desk without
realizing it was on... but still... holy cow...

Edit: I guess you are right. It does seem a bit improbable that you would get
such a good reading on the numbers. Definitely scary as fuck...

~~~
sargun
No, this was probably intentional. When there is security, especially
corporate mandated, people will find a way to work around it to gain
efficiency.

~~~
colemickens
Microsoft makes me/us do 2FA ~5-20 times a day, doesn't support U2F and
implements 2FA in a way that forces you to type a PIN into the phone rather
than the other way around (massive phishing hole they don't seem to care about
- sometimes I'll be flooded with 2FA prompts and have _no idea which ones were
initiated by me or by an attacker_ ).

I've joked about writing an app on my phone that would just auto-respond to
all the 2FA prompts with my PIN, and have been told that other people actually
tried to (or did) implement such an application.

Meanwhile I was at a Googler's place a year ago and watched him tap a U2F
device on the side of his laptop to complete the second factor. Sigh.

~~~
userbinator
_in a way that forces you to type a PIN into the phone rather than the other
way around_

Could you explain more what you mean by this? Presumably it's not typing a
phone into a PIN...?

~~~
colemickens
What closeparen said. Normally the phone gives you the PIN and you type it
into the application you just signed into. Gives you some amount of assurance
that the second-factor is going to the desired party.

Instead, MS's 2FA send a notification to your phone where you type in a
static, pre-defined PIN. There is no way of knowing what actor or application
triggered the 2FA request.

------
carreau
Well someone have started to hack these camera to display a message to the
owners:
[http://www.insecam.org/en/view/402371/](http://www.insecam.org/en/view/402371/)
In case it get's fixed this one now says "everone can watch your home, reset
the camera" "reset your cam and use a password next time !"

------
thrownblown
Puppies!
[http://www.insecam.org/en/view/245507/](http://www.insecam.org/en/view/245507/)

~~~
deepnotderp
Awwww so cuuuutee, Wait those are mine! ;)

------
sandworm101
I stopped when seeing that the 3rd canadian camera on the list was in
someone's living room. I dont want my ip showing up on thier router's logs
when they contact police after noticing all the traffic. I really hope they
dont have kids in front of that camera.

An open door is not an invitation to trespass, especially when it has
obviously been left open in error.

~~~
saganus
Not sure if the door analogy works here.

I can't think of a better analogy, but what if I had a Polaroid camera and go
around taking pictures in my property and then throwing those pictures away on
the street. If a stranger picks up one (or several) of those pictures, would
you consider that trespassing as well?

I'm not saying I am for or against this, but it's definitely a tricky subject.
Obviously part of that trickiness is because complex tools (for the general
populace) are being sold as simple tools, and so people who buy them have no
idea what they are capable of or what is the proper way of using them
(securing them with a password, etc).

~~~
tptacek
The case might turn on whether the owners of the camera suffer damage (which
here means basically "how upset do the owners of the camera get) and whether a
_reasonable person_ would feel they'd been invited to watch this particular
camera _by the owners of the camera_.

That's a lot of uncertainty to shoulder just for the joy of looking at
someone's incidentally public camera feed.

------
saganus
A feed to watch an An Altair 8800 computer?

[http://www.insecam.org/en/view/376032/](http://www.insecam.org/en/view/376032/)

This is...puzzling...

Edit: Ah... it says "You can play Zork and Ladder on this computer and watch
as the LED flashes !"

------
potomak
This is a hack I build with some friends based on that list:
[http://surveillance.life/](http://surveillance.life/)

~~~
Senji
It's times like these that I wish MS hadn't axed "Active Desktop" from their
newer oses.

Back then you could make an html file with one frame or iframe and point it to
a website like this or embed a flash stream.

You could just embed this website and have random webcams as background and
your icons and everything else would still work normally on top of your new
"background".

Eventually the embedded IE would crash and you'd press F5 and it would fix
itself.

------
wtfishackernews
This seems like a very inconvenient way to store your car collection
[http://www.insecam.org/en/view/374821/](http://www.insecam.org/en/view/374821/)

~~~
serg_chernata
It's that Jay Lenos collection?

~~~
CyberDildonics
His cars (all of them?) in the burbank airport.

------
thrilleratplay
There was a similar site, who's name I cannot remember, that was up for a year
as a infosec experiment around 2011, 2012. The neat feature about that one was
the ability to put in a zip code and see all of the unsecured cameras in that
area.

------
electic
Here is a very weird one. Anyone want to take a guess as to what this is?

[http://www.insecam.org/en/view/168715/](http://www.insecam.org/en/view/168715/)

~~~
dom0
This is the actual feed:
[http://141.84.11.4/mjpg/video.mjpg?COUNTER](http://141.84.11.4/mjpg/video.mjpg?COUNTER)
(site just shows "No" for me on your link)

That's a Foucault pendulum.

The pendulum on that feed belongs to the geophysical institute of the
university of munich.

Eg. [https://www.geophysik.uni-muenchen.de/outreach/foucault-
pend...](https://www.geophysik.uni-muenchen.de/outreach/foucault-pendulum/das-
foucaultsche-pendel?set_language=de)

~~~
basicplus2
Definitely my favourite! :)

[http://141.84.11.4/view/viewer_index.shtml?id=1362](http://141.84.11.4/view/viewer_index.shtml?id=1362)

And this link lets you change the "feed profile"

------
pryelluw
I sell and install security systems as a side-gig (fell into it and its high
margin/low effort sale). People demand easy to remember passwords. Ive tried
to somehow get them to use better passwords but they always call me to change
it. I still try to get them to use a strong password, though.

~~~
rahimnathwani
I'm curious which systems you prefer. I have an irrational aversion to paying
a subscription fee, but it seems to take some effort to set up Motion or
Zoneminder with recording and mobile alerting, and ease of use lags behind
cloud services.

Oh, and cheaper cameras support only mjpeg, which makes live viewing high-
bandwidth.

What software/hardware do you use?

~~~
pryelluw
I sell commercial-level stuff. Cant remember the brand from memory. A friend
who is in the security business (he works with factories and similar sized
clientele) sources them for me. He is the expert. I merely sell and install
it. I lack any real interest in this market and mostly easily sell them
because other installers are really shady. No real marketing or sales effort.
People just call me and I name the price. It pays to treat people well.

------
cesis
Is this because of unsecure credentials? If so, would it be OK for someone to
change those credentials?

~~~
soylentcola
Probably not legally these days (CFAA and all) but sadly, insecam is viewed as
sort of the "bush league" of messing with unsecured cameras.

See: [http://8ch.net/ipcam/index.html](http://8ch.net/ipcam/index.html)

for how people use Shodan and other tools to do some fairly shady things. It's
like grey hat at best (find these things and move them around/leave messages
to secure your cams) and serious invasion of privacy at worst (people trading
caps of women undressing, people having sex, etc).

------
jjulius
Not surprisingly, some of the locations are incorrect. A camera listed as
being in British Columbia[0] is actually located in Quebec[1].

    
    
      [0]http://www.insecam.org/en/view/392890/
      [1]https://goo.gl/bG4sxk

