On 2013-06-13 16:16, futureboy wrote:>
> Can my webcam or microphone be remotely
> activated on my [openSUSE] machine without my knowledge?
I don’t think so. Perhaps in Windows, knowing of a suitable exploit in
advance. You have to get shell access somehow.
With a browser… Google Talk needs a plugin to pick up the camera, and
you have to install that one first. You can do many things with applets
and things.
There are hardware things that would work in Linux: a dongle connected
to your keyboard, it would capture your passwords. That’s why banks ask
you to key the pass with a mouse in the screen.
Then there are humans.
Time ago I met a group of youngsters, no longer teenagers, that
routinely hacked their girlfriends computers with software to open
backdoors to them, for spying the girls, reading their email, etc. In
that group there was only a girl, and she was not present in this
conversation: I do not know if the girls do the same things to their
boyfriends.
This was not done remotely: they took their chance when doing
maintenance on those computers.
This is of course illegal, highly unethical, and absolutely wrong way to
go about in a relationship!
But then, they were using software that’s is easily available on
Internet. For Windows, dunno about Linux.
> On a related note, how secure is my Android phone? Mine is rooted with
> my choice in ROM image but I am not convinced that it is all that
> secure.
Good question.
I’m very hesitant to use it on open wifi spots.
Whatsapp is a very nice thing, but… we know they capture our messages.
Me living on Spain, it irks me that Mr Obama is saving my messages
routinely and perhaps reading them - as I’m not a USA citizen, he
doesn’t need a court order.
I said whatsapp, which is assumed to be private but is not. But all big
email providers (google…) are “hacked” for routine surveillance…
The only private electronic communication is that sent encrypted end to
end without the supplier intervention. And doing it may arouse the
authorities attention to you!
On 2013-06-13 19:16, futureboy wrote:
> So, beyond all the pretty standard smart actions to be
> taken, how can I be sure that my system won’t be compromised?
I don’t think we can be (absolutely) sure.
> I do
> understand that when I communicate across the Internet there is always a
> chance that someone is recording and collecting packets, got it,
And some one does, automatically. It is all over in the news about now.
> that
> doesn’t concern me as much as the idea of a directed attack or
> weaknesses in software that would be leaking information or providing a
> hole in my security. I read the security notices and accept all updates
> to ensure that my system is hardened.
The problem are the security holes that have not been found yet. It is a
war out there. Given enough money and “intelligent” chaps, they may find
a manner.
> I do not run AppArmor. Is that worth the overhead and setup?
I don’t know, but I use it. At least it should be used on any service
opened to the outside.
–
Cheers / Saludos,
Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)