Comments on: An iSight Security Hole in Tiger?

By: Sven Rafferty

Sven Rafferty — Sat, 08 Jul 2006 21:42:05 +0000

Videoeye, I’m not sure what you’re trying to communicate, but I discovered the O’Reilly page searching “iSight” and “Security” for another article and that link came up. I followed it and thought it would be great to share with you all. If you’re looking for resource kudos to your link, and you’re not getting it, I’m sorry to hear that as we do put in links to those that found stories of interest.

By: videoeye

videoeye — Sat, 08 Jul 2006 16:23:50 +0000

Sven, Is OK. I’m not trying to make an argument here.
The problem is that I Digg this story, I publish the O’Reilly link (http://www.oreillynet.com/lpt/wlg/7409), and now everybody is taking the same O’Reilly link on diferent articles.

Actually, I found O’Reilly page trying to find Quartz Composers projects. (And I found this).

My only concern at this point is his website being.
I don’t know. Whatever. Is the Digg effect.

By: Sven Rafferty

Sven Rafferty — Sat, 08 Jul 2006 15:48:35 +0000

Adam, did you not read the opening of the article? We stated that Apple has a good security record and this probably isn’t a hole. However, exploits run deep and it’s only time before a hacker figures out how to tap into this much like the old Internet Explorer vulnerability that was much the same as this by placing a line of code in a web page to show the contents of a Windows hard drive. Soon after, a hacker figured out how to grab those files. Harmless trick at first…deathly exploit later. That’s all we were trying to point out. Further, follow the forum links and see the posts on the camera alone. No scare tactics, no, “yellow journalism,” just trying to make people aware of what could be.

You’re right, cover the lens with some tape and you’re set. Good suggestiong. Now it’s Apple’s turn to put a built-in slide cover like the external iSight has, though. Then problem is gone.

Videoeye, we have a link to our source above in the article. We did not get this from digg.

By: videoeye

videoeye — Sat, 08 Jul 2006 07:02:09 +0000

Sven, did you get the story from here?… http://digg.com/apple/iSight_…_(do_you_have_OSX_iSight_)
I digg it.
But, there is one problem.
All PC users told me that theirs browsers crash.
So (is a good idea, someone to embed a JavaScript that detects OSX or XP).
Anyway… is not a security issue at all. Is just Quartz Composer script (only for Mac OSX users).

By: Adam

Adam — Sat, 08 Jul 2006 05:48:38 +0000

Wow, this is classic yellow journalism. Scare the reader, make some wild guesses as to possible news items (all mildly plausible) and then predict doom. When, in reality, you found out that Quicktime can talk to the iSight, and you can embed that command in a webpage. There’s no hole, no problem, and won’t be, but everyone needs traffic to appease the advertisers, eh?

Put some masking tape over the camera if you’re paranoid. Everyone else move along, there’s nothing here.

By: David Rodgerson

David Rodgerson — Fri, 07 Jul 2006 12:08:37 +0000

I would imagine that the LED light and camera run in a series circuit so that the light is automatically on whenever the camera is.

By: jack

jack — Fri, 07 Jul 2006 07:35:08 +0000

The built-in camera has already been existed long time in PC notebooks. I suppose the world would gone crazy by now as there are lots of malwares exist in Windows to do such act.

By: Skittou

Skittou — Fri, 07 Jul 2006 07:28:17 +0000

Maybe this sounds stupid, but what prevented the same kind of unsafe usage of the built-in microphone that is present on our macs for so many years? It could record all kind of conversations and broadcast it on the net right?

By: Homer

Homer — Fri, 07 Jul 2006 05:46:02 +0000

I’d suggest just putting up a little post-it note to cover the lens until you want actually want to use it.

By: Ian

Ian — Fri, 07 Jul 2006 04:22:39 +0000

July 20, 2005: http://www.oreillynet.com/lpt/wlg/7409