Google has also indexed thousands of publicly accessible Panasonic webcams (tlrobinson.net)
These appear to mostly be in China.
I haven't updated the list of cameras in awhile (and I seem to have lost my script to do it)
I haven't updated the list of cameras in awhile (and I seem to have lost my script to do it)
63 comments
[ 2.6 ms ] story [ 140 ms ] threadhttp://cryptogasm.com/webcams/
awesome resource, connects you to the world in a weird way :)
My guess is that making a webcam publicly accessible is more likely to be intentional than doing the same with a printer.
Of course, if the webcam is for security, then probably not. But people installing security cams should be expected to know what they are doing (LOL!).
If I would set up a web-accessible cam without password protection, how would google find it? Its a crawler right? It doesnt just searches for random IPs and tries to connect to them.
I always was under the assumption that there is a pretty big part of the internet which is just not indexed by the major search engines (thus more or less private).
That would be incredibly alarming, and quite possibly the largest breach of trust perpetrated by a company so far this decade.
I tried typing "http://then and it suggested a UPS package URL and "thenicestplaceontheinter.net". I've not been to either of those pages before (I use Chrome for testing, so I'm not signed into it, etc).
http://www.wired.com/business/2011/02/bing-copies-google/
I agree it'd be alarming and terrible, but hardly a new development.
Edit: it's doubtful that an e-mail provider would automatically fetch links from e-mails -- think about them clicking 'unsubscribe' links and links to reject the transfer of domain names. It would break in very obvious ways. IMs and texts, on the other hand, might be more opaque to that kind of meddling.
Make sure that your results can be tracked and provide as much information as possible and you got a nice project here..
If anybody wants to collaborate or you just want an NS delegation off that name to try to roll your own, just let me know!
I don't think the main site or its www subdomain would need to be secret. Of course, if it uncovers some huge invasion of privacy, we might have to set up an army of different domains running similar software on separate IPs to keep it effective.
I see it getting quite complicated, though! Dimensions I see are: User's OS, User-agent, ISP/Cell carrier, Transmission protocol (smtp, xmpp, http), service provider (google, microsoft/skype, microsoft/msn).
Then you might have to also include the sender AND receiver information in the domain, so based on a single request you could see all possible implicated parties.I also thought about putting the sender in the path of the URI, but I think it should be in the domain name, too. This is because you might get a hit on robots.txt and in that case, you'd only have one half of the route in the domain name.
Finally, including everything in the DNS lets you evaluate whether the name was even resolved, and potentially by whom. Getting a hit that the name was resolved but not fetched over HTTP gives you information about which services might be analyzing links in order to queue them for further investigation.
I think maybe the domain should be of the format "www.encodedonlywithatoz.yourdomain.com" to maximize whatever regex parsers try to pick up on URLs (i.e, a www. prefix, a .com suffix, and no special chars). You could encode the dimensions via a lookup table to make it less verbose and slightly more obfuscated ("aa" = at&t, "ab" = verizon, etc).
You shouldn't expect data in the path info to be preserved, but it'd be a nice bonus, as you say.
Even more interesting would be some custom DNS software that replies with perhaps a CNAME or something, where you could encode a unique serial number per request. If you had a huge IP range available, you could even resolve to unique IP addresses for every lookup, so you could correlate DNS requests with any HTTP requests that show up later on. A low/near-zero DNS TTL would come in handy.
Regarding custom DNS software, I might draw from this excellent write-up featured on HN recently:
http://5f5.org/ruminations/dns-debugging-over-http.html
Also, it'd be interesting to just crank the log level to maximum on a normal piece of DNS software, and post some links around in IM clients and elsewhere, just to see if anything anywhere kicks in. The experiment could be repeated (on different subdomains) with a more clever implementation tricks later.
I can't wait to send some around in facebook messages and IMs.
Here's a maiden honeypot link: http://hn0001.hnypot.info/Welcome-Internets!
...Though posting it publicly nearly guarantees I will see a hit, I can at least see if code running on HN resolves it immediately.
I can't wait to send some around in facebook messages and IMs.
Here's a maiden honeypot link: http://hn0001.hnypot.info/Welcome-Internets!
...Though posting it publicly nearly guarantees I will see a hit, I can at least see if code running on HN resolves it immediately.
Edit: There is activity coming in on that name, but mostly it is from browsers pre-loading DNS to prepare for the next potential pageview. My browser did this (chrome on Mac). I suppose that is a form of information disclosure we often overlook. On a page you can inject a link into, you can get some very basic analytics.
In the 15 minutes following the posting of that link, there have been zero clicks, 36 IPv4 lookups, 6 IPv6 lookups.
(Of course, people should be relying on more than obscurity to hide their private pages! - but I believe people have been known to make mistakes and/or not know what they're doing.)
http://bit.ly/V4VtJJ
http://www.shodanhq.com/browse
Also, check your server ip on Shodan to see if your firewall rules are not exposing a little to much
We were even able to track down some cameras located on campus which made for some hilarious phone calls.
https://www.google.com/search?q=inurl%3A%22viewerframe%3Fmod...
10 600 results
when you click on one result
i.e.: 202.212.193.26:555/CgiStart?page=Single&Mode=Motion&Language=0
then you see in the head of the frameset (and similar in every framed html document)
so basically, these HTML abominations should not get indexed if google would follow these indexing directives (basically google invented these meta tags themselves)google is evil? nope - they really follow these directives.
so why is this indexed?
take a look at
http://202.212.193.26:555/robots.txt
the robots.txt is a crawling directive, google can't crawl the (current) version of these pages, so google doesn't see the indexing directive. but as crawling is optional for indexing URLs, this gets indexed.how could this be solved, well: either get rid of the robots.txt or
the noindex robots.txt directive is specified nowhere, but it works nonetheless.The only exceptions I can think of are scary, like operating a caching proxy and scraping the cached data. Or scraping data from browsers that have loaded pages by user request.
I am just surprised that a URL with no associated content would be included in the index.
But now that I think about it more, why not? It will not show up except in extremely specific searches, and in those cases it is useful to the searcher.
https://www.google.com/search?q=unicorn+admin
4th result down (wbpreview.com) is shown in search results despite blocking crawling/indexing with robots.txt. The result displays "A description for this result is not available because of this site's robots.txt – learn more" and the title seems to be auto-generated. The goal was to de-index the listing but apparently that's not an option.
[1] http://support.google.com/webmasters/bin/answer.py?hl=en&...
Most of which, to be fair, seem to be descriptions of this exploit, or pages listing open cams. The number of cams actually accessible is a fraction of those, and the number unintentionally left open a smaller fraction again.
http://207.68.47.143:8080/anony/mjpg.cgi
I remember when I was taking a network security class in college the professor was guiding us through the steps required to scan a network for vulnerabilities, specifically detecting services and control panels which are left open and vulnerable. Naturally we were using the college network for this, and in addition to the expected control panels of printers in different professors' offices I accidentally found the control panel for the school VoIP system, and it was not properly secured. I believe it was a Cisco system. Anyway the control panel seemed to offer access to modify various settings of the college VoIP phone system, with no password protection.
Now granted it could be that I only had access to this because I was doing the scan from "inside the system" instead of outside via the web, but I'm sure there are vulnerable VoIP systems which have accidentally exposed their control panels to the internet.
If 'inside the system' means from a University internet connection, that it is very much a security hole, as anyone physiclly present could exploit it. (Or at best any person who the Univeristy allows on their network, which is much larger than the group of people who should be able to touch those settings)
Of course a 'Global Citizen Operative' would have to take action also, it is not like I proposed a "Global responsive network of autonomous drone to enforce peace and harmony" to would do that instead.
Sorry for the up in the clouds comment but the merciless hand of insomnia grabbed me and prompted my mind to wander.