(July 17, 2017 at 6:44 am)pocaracas Wrote: Why cover your webcam at all?
Isn't the LED hardwired to turn on when the camera is powered? You'll know if someone is using it without your permission.
No, that would be the smart thing to do. The LED in almost all cases is controlled by software. Besides, if you are distracted you will not notice it, and that's often when you are at your most vulnerable (e.g. naked, getting dressed, etc.)
(July 17, 2017 at 7:22 am)Ben Davis Wrote: Do you have any advice for large-scale corporations, where technology can be older and more vulnerable and the capability for change not rapid enough to keep up with the efforts of hackers?
Apart from the obvious " Get newer tech and change faster!"
There should always be plans to upgrade legacy tech as a long term solution, but if you need something for the short term:
Put the vulnerable machines in a separate part of the network / VLAN and firewall them off. If people need access to them, VPN through to them, or make them use a separate physical machine. Operate under the principle of least privilege: if the tech can run as a low-level user, do it. If the machines don't need Internet access, don't give it to them, etc. If the tech is part of a web service setup, install a WAF (web application firewall) in front of them to stop the basic attacks.
(July 17, 2017 at 7:43 am)mh.brewer Wrote: Describe your biggest bust (largest threat/potential threat foiled).
I don't really "foil" threats. I'm on the discovery / reporting side rather than actually doing the fixing. With that said, I think my "biggest" discovery happened only a couple of months ago, where I found a vulnerability in a (live) website that allowed me to run commands as the server administrator. That's pretty much the Holy Grail of what I do.
