Telnet and Root on the Sercomm iCamera2


A web browser displaying the message "Open Telnet Daemon successfully!"

tldr; URL http://[IP]/adm/file.cgi?todo=inject_telnetd Telnet username root Telnet password Aq0+0009 History Four years ago to the day, I wrote an exposé of the hideous security failings of Sercomm IP Cameras. The blog has since attracked 200 comments - as people try to unlock their cameras, and find out what flaws they have. Despite my best efforts […] Read More

Don't Cover Your Webcam's LED


Just a quick note on a mistake I see people making. Webcam covers are a cheap and easy way to prevent your laptop's camera from spying on you. But too many of the covers obscure the LED which indicates that the camera is on. If you cover your activation LED then you won't be able […] Read More

2FA using a postcard!


Upon joining the hyper-local social network "Nextdoor" - users are asked to verify their postal address. One option they offer is to have them send you a card in the post. So, I signed up, entered my address, and waited. A few days later, this popped through my letterbox. A few random thoughts... ✅ This […] Read More

Training Customers To Be Stupid


Companies face a complicated choice. Make things easy for the customers, or make things secure for them. Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security. In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for […] Read More

Anatomy of an Amazon Phishing Attack


Phishing is the devious practice of tricking users into giving away their usernames and passwords to fraudulent sites. It is big business, and the best defence against it is constant vigilance. I'm going to walk you, step-by-step, through a scam that targetted me today. Along the way we'll see how to avoid falling prey to […] Read More

Some thoughts on Amazon's 2FA


Amazon now let you secure your account with Two-Factor-Authentication (2FA). This means you can log on with a one-time password which changes every minute. For some reason, Amazon call it Two-Step-Verification (2SV) - but it is exactly the same as all the other 2FA solutions. The Process There's no direct link to 2FA settings. So […] Read More

Would you fall for this phishing scam?


Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This […] Read More

Virgin Media are hijacking your router - again!


Virgin Media are trying to resell your internet access. Worse still, they appear to be doing it without users' permission. A brief recap: Back in 2015, Virgin Media announced plans for a WiFi sharing network. A user's router would broadcast a separate WiFi network and other Virgin customers could roam on to it via an […] Read More