Hacker News new | past | comments | ask | show | jobs | submit login
Exposed Webcam Viewer (cryptogasm.com)
170 points by taintlove on Apr 13, 2013 | hide | past | web | favorite | 110 comments

Huh. Today I learned about Content-Type "multipart/x-mixed-replace". The webcam images are jpegs that are continously replaced by the server in the same HTTP response. It's the smoothest live webcam transmission I've seen so far.

Relevant headers:

        HTTP/1.1 200 OK
	Connection: close
	Content-Type: multipart/x-mixed-replace; boundary=--myboundary
	Content-Length: 99999999
	Cache-control: no-cache, must revalidate

It's not so smooth for me. :(

What an ingenious understanding of security ;) http://cryptogasm.com/webcams/webcam.php?id=4323

Schneier has, from 2006, people pointing webcams at securid tokens!!


Here's a Stackoverflow question from someone who is expected to OCR the webcam so they can programatically use the securid token (http://stackoverflow.com/questions/1983879/ocr-an-rsa-key-fo...)

And here's a really nice write up, with perl, about OCRing securid tokens. (http://perlmeister.com/lme/prod-0706.pdf)


I saw the link you posted. I laughed! it was funny. Then I searched, and a whole bunch of people do it.

That is hilarious and bad and wrong. All at the same time.

Neat. Raleigh, NC was on the first page and I think I remember that exact camera. We used to post webcam feeds when I was an undergrad at NC State. In fact, this one time was pretty amusing (and there's a long story associated with it): http://sphotos-a.xx.fbcdn.net/hphotos-ash4/120_540487511649_... http://sphotos-a.xx.fbcdn.net/hphotos-ash4/112_540487222229_...

It's on the first page for me too. What's the story? I live and work here in the area.

tldr: I wrote a JavaScript "virus" for our school's (unofficial) message board. I was banned for years. In a thread about that webcam, I made the above facetious apology.

Longer version: premium users of The Wolf Web were granted full html/javascript abilities. I probably never would have bothered to become premium, except every year the site hosted an Egg Hunt, which involves staying online as long as you can during a 24 hour period to claim "eggs" that are randomly assigned to you. The person who gets the most eggs wins premium status for a year. Two friends and I decided to win the competition by working in shifts and we indeed won. The fact that there were veteran users, some with over 50k posts, and we won with a new alias just added insult to injury.

While playing around with my newfound html abilities, I realized that I could write an auto-submitting form; I decided to write a virus. It was totally ugly; for technical reasons related to the payload, I wrote the entire thing on one line, used the shortest variable names possible, and it was pretty much untested. The way it worked is, when a premium user clicked on a thread with the payload, they would automatically submit a new thread with the payload included. I'm still proud of one feature: it would pull recent thread titles, so they would appear to be legitimate threads that had been bumped. I call it a virus, but it didn't do much besides spread for a few days before they disabled it. Anyway, all of my accounts were promptly banned. Somehow, I used some social engineering to convince an admin who had been away to unban me. It worked, but I never used the account.

Scheming, virus writing, social engineering. Definitely one of my finer moments. I documented some of the events here: http://www.facebook.com/media/set/?set=a.511920914339.213059...

That wierd building is "De Oldehove", an unfinished church tower. It leans more than the tower of Pisa in Italy. http://en.wikipedia.org/wiki/Oldehove_(tower)

Great find! The dummy patient thing is quite creepy. I am kind of waiting for the jump scare all the time.

There's a spider in front of this one. http://cryptogasm.com/webcams/webcam.php?id=22466

Spiders are big PITA for security cameras. I have to brush their webs off my outdoor cameras at least weekly.

It's gone.

It's back!

I just watched two people enter their PINs at a Domino's Pizza somewhere in London. The camera in question has historic playback, too.


Yeah. I wonder where that is. At first I thought it was actually in the City of London.

Sun Microsystems still representing at UCSD:


That's one of my racks!

I've always wondered who controlled that camera.

That rack was used for the development of the Rocks Cluster system back in its heyday. Rocks creator, Phil Papadopoulos, is the brother of former Sun CTO Greg Papadopoulos.

EDIT: Someone panned the camera to the other side of the room. Pardon the cable spaghetti - that rack is temporary.

Gosh I remember walking around my college campus one day and coming across some random computer cluster in the CS building, hopped onto one of the machines (that said "Sun Microsystems" embossed somewhere one it), proceeding to be utterly confused by the KDE applications and interface. (I was purely a Win user back then)

I'm now typing this post from an Ubuntu box that I built last week. I guess I've progressed a little bit ;)

s/KDE/CDE/ ?

It says ANLEMC-Titan. Googling for ANLEMC reveals it has to do with telepresence microscopy. That leads me to believe that machine may be a FEI Company Titan electron microscope:


Network rack, South Korea - http://cryptogasm.com/webcams/webcam.php?id=3070

Chickens, South Korea - http://cryptogasm.com/webcams/webcam.php?id=33410

It's kinda weird, I'm just pressing "random" and seeing what comes up.

There seems to be more than a few that are "street" views, which gives you view of certain cities. So that's kinda interesting.

Someone's house ... or porn set http://cryptogasm.com/webcams/webcam.php?id=2600

I guess this one is playing a joke on us? It's a feed of what looks like some old Japanese movie: http://cryptogasm.com/webcams/webcam.php?id=27115

Hmm my best guess is that it's Chinese.

Well, my ability to differentiate the two is admittedly rather limited (though I hope more accurate than a coin flip), so you might be right. On the other hand, it could've been a different movie by the time you saw it.

Taiwanese -> Complicated Letters Chinese -> Less complicated letters Japanese -> Rounder letters. Just a rule of thumb. The modern chinese letters are a simplified version of those taiwan still uses, and describe entire words. Whilst Chinese is looks more stroked, Japanese looks a little more organic, even though yes, unless you know either of them, they're still hard to differentiate.

This just reminds me of the start to a terrible movie. I feel like I am going to see something bad happen.

It (publically available cameras) actually is the basis of a French thriller released in 2011 called "Aux yeux de tous"... pretty good movie!

The popularity of snooping on other people's lives will never cease to amaze me. Some of the sentiment in this thread is what has powered ww.com for 15 years now, and I still don't get it.

I'm not complaining though :)

Most of these cameras appear to have been set up for an organization to look at itself, or for customers to look at their own stuff. I haven't come across any that appear to have been set up with creepy creeper intent.

Yet the aggregate effect of all these inexpensive cameras is categorically different than that of any single camera alone. Today these are crappy lo-res cameras, but as bandwidth costs decrease these will become supplanted by high res cameras that can count the pores on your skin and recognition systems that do just that.

Welcome to the future, courtesy of those who are not complaining.

When these coordinates are correct, i doubt he has something better to do: http://goo.gl/maps/hSz7r

this is one boring job. the guy does weird things from time to time.

Once i wrote SurveillanceSaver. A screensaver with random webcam streams. Eventually Google blocked searching for cameras and people recognized their cameras are unprotected. http://i.document.m05.de/?page_id=438

This is the web service behind it. Unfortunately the list is not up to date anymore. https://code.google.com/p/public-viewpoints

Inside a datacenter cage complete with Exadata.


Yeah, that's good security right there.


Dead bird?? http://cryptogasm.com/webcams/webcam.php?id=7972

It's not dead, it's just resting.

The one with the bird looks like Peregrine Falcon nesting boxes I've seen on skyscrapers around here; I suspect the bird's sleeping.

Bird's feathers are moving slightly, seems to be alive to me, unless there's a fierce wind or something.

just moved his head

Yep. Bird started voluntarily moving. I was getting concerned.

Concerned for the bird, or concerned that someone had a webcam stream of a dead bird? :)

Oh wow.. http://cryptogasm.com/webcams/webcam.php?id=36767 This one is from what looks like someones living room a few minutes away from me. Where are these precise coordinates coming from?

Anyone know what this might be? Looks like some kind of boats in a pond with solar panels in them? http://cryptogasm.com/webcams/webcam.php?id=11

For those are curious about how the guy found all these webcams. Here is the answer from his FAQ:

Various techniques. A lot of cameras can be found using Google if you know which search string to use (and you have a lot of patience). I also used Shodan (a search engine created by John Matherly) to get a large number of potential webcam feeds. If you've never heard of Shodan before, I recommend watching these videos by Dan Tentler. Whilst I'm hat-tipping people, I should also give a shout-out to the /r/controllablewebcams community on reddit who helped promote this viewer.

Looks like Windows 98 fed directly into a cam: http://cryptogasm.com/webcams/webcam.php?id=27279

How else are you going to record and remote view the monitor?

Looks like a monitor for a Philips CM Electron Microscope.

Here's a nice relaxing swimming pool: http://cryptogasm.com/webcams/webcam.php?id=36877

Wow, this is both terrifying and fascinating. The FAQ mentioned viewing these is a legal grey area. Anybody know about the legality of this in the United States?

Looks to me like a retail shop for baby supplies. Unless that lady is picking out diapers and a brightly colored uniform for their new employee. :-)

I think I saw a shark in this one: http://cryptogasm.com/webcams/webcam.php?id=24248

Looks like a model train set: http://cryptogasm.com/webcams/webcam.php?id=18939

This is cool, but really creepy at the same time. I guess some people don't really consider the ramifications of putting a webcam online.

Side note, a horse and her baby! http://cryptogasm.com/webcams/webcam.php?id=7392

somebody will soon discover some murder or something

This is amazing but also sad at the same time. Its amazing that people don't realize what connecting something to the internet means but sad because I've found some webcams inside peoples homes, I won't post the URLs for their own safety/privacy.

One person has an exposed webcam in what appears to be their bedroom! http://cryptogasm.com/webcams/index.php?q=city%3A%22San+Fran...

They're not the only ones: http://cryptogasm.com/webcams/webcam.php?id=4697 And their living room where they're currently watching TV: http://cryptogasm.com/webcams/webcam.php?id=4692

Damn, this is creepy.

Assuming this guy wasn't naked when you posted this ... but he is now.

This floated around on the interwebs a while ago - part of a vulnerability study that was posted to the blog detailing the approach for generating the set of camera feeds: http://cryptogasm.com/2012/02/list-of-vulnerable-trendnet-we...

Guy seems to be naked on the bed watching TV now.

Thankfully the camera's very pixelated.

It's creepier than you think, currently the first feed you gave they are in bed and the guy is playing on what look like a Nintendo 3DS and he is naked...

The bedroom one is labeled "Sleep Camera" in dutch...

I wonder if it's on purpose?

Kamer means room. The slaapkamer then is the bedroom. The other one ("Woonkamer") is the living room.

Ah of course, I thought it was truncated. Using my German to translate Dutch, not always successful :) Love the similarities, "Kammer" means "compartment" or "small room" in German.

Yeah, have a look throughs omething like shodanhq.com to find webcams that are exposed. So freaking creepy.

Does anyone know how these open streaming webcams are detected? Do they stream on a particular port? By the way, this is really creepy and the people having those webcams should at least be aware of it.

These people are currently (19:40 CET) having dinner: http://cryptogasm.com/webcams/webcam.php?id=22813

Im cancelling my sports package now: http://cryptogasm.com/webcams/index.php?q=city%3AAlbacete

A cat is chilling in front of this one: http://cryptogasm.com/webcams/webcam.php?id=8617

When I clicked, there was a dog running all over the place.

Nope. It's a cat again :)

Someone keeping an eye on their cars: http://cryptogasm.com/webcams/webcam.php?id=841

Radio Observatory in Cambridge: http://cryptogasm.com/webcams/webcam.php?id=18311

Unhealthy Food Observatory in the other Cambridge: http://cryptogasm.com/webcams/webcam.php?id=22785

Darn, now I wish I had visited this place (or just ride by it) when I was a student there :(

It's quite a long way out of Cambridge!


Still being used as part of the UK synthetic aperture radio telescope IIRC, along with Jodrell bank and a few other sites dotted around the UK.

It seems a lot of these places have webcams. I guess it makes sense, if there's a dogfight or a dog attacks a trainer you'd want some video evidence of it.

Firefox Nightly, 23.0a1 (2013-04-13) is crashing a lot for me while I view these cams.

(I guess that's what I get for using Nightly >.<)

I have the same issue with 22.0a2 (2013-04-06). Aurora went unresponsive, does not respond to SIGTERM.

It even managed to exhaust all my memory when I wasn't using the computer while the page loaded, when I came back to the computer I couldn't start any new processes - Not even a shell or tty.

Same thing here with Aurora. Is it crashing for anyone using regular Firefox?

This one (16.0.2) runs fine.

Works for me just fine on FF 20.0.1.

This is interesting.. and kinda creepy. I'm having the hardest time finding a webcam that can be controlled, though.

From the train set link, you can start the train from this one http://extcam-11.se.axis.com/view/viewer_index.shtml?id=64

Saw someone I know in a cam that is being broadcasted from my university. Weird.

Panopticon now in open beta.

that was the interesting one I have seen. http://cryptogasm.com/webcams/webcam.php?id=82

Playing guess-the-country on random is fun!

This is Virginia Tech... not Haymarket, Virginia.


I'm not sure how it does the geolocation but it doesn't seem to be terribly accurate in every case. I've seen cameras that claim to be located in inland locations that are on beaches (like http://cryptogasm.com/webcams/webcam.php?id=11495 which the site says is in a Seattle suburb but is actually on the Oregon coast)

Often, geolocation is no better than to the regional ISP.

Indeed, but I think we have to realize that not all these open cameras are security failings. Some universities and towns just have open cameras so that curious people can watch. I know that Purdue had one near where the band would practice marching so that parents could see the band more frequently.

Yep, that is the library...grad of '07

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact