Relevant headers:
HTTP/1.1 200 OK
Connection: close
Content-Type: multipart/x-mixed-replace; boundary=--myboundary
Content-Length: 99999999
Cache-control: no-cache, must revalidate
(http://www.schneier.com/blog/archives/2006/12/how_to_negate_...)
Here's a Stackoverflow question from someone who is expected to OCR the webcam so they can programatically use the securid token (http://stackoverflow.com/questions/1983879/ocr-an-rsa-key-fo...)
And here's a really nice write up, with perl, about OCRing securid tokens. (http://perlmeister.com/lme/prod-0706.pdf)
(http://www.staton.us/electronics/web_cam_otp/index.html)
I saw the link you posted. I laughed! it was funny. Then I searched, and a whole bunch of people do it.
Longer version: premium users of The Wolf Web were granted full html/javascript abilities. I probably never would have bothered to become premium, except every year the site hosted an Egg Hunt, which involves staying online as long as you can during a 24 hour period to claim "eggs" that are randomly assigned to you. The person who gets the most eggs wins premium status for a year. Two friends and I decided to win the competition by working in shifts and we indeed won. The fact that there were veteran users, some with over 50k posts, and we won with a new alias just added insult to injury.
While playing around with my newfound html abilities, I realized that I could write an auto-submitting form; I decided to write a virus. It was totally ugly; for technical reasons related to the payload, I wrote the entire thing on one line, used the shortest variable names possible, and it was pretty much untested. The way it worked is, when a premium user clicked on a thread with the payload, they would automatically submit a new thread with the payload included. I'm still proud of one feature: it would pull recent thread titles, so they would appear to be legitimate threads that had been bumped. I call it a virus, but it didn't do much besides spread for a few days before they disabled it. Anyway, all of my accounts were promptly banned. Somehow, I used some social engineering to convince an admin who had been away to unban me. It worked, but I never used the account.
Scheming, virus writing, social engineering. Definitely one of my finer moments. I documented some of the events here: http://www.facebook.com/media/set/?set=a.511920914339.213059...
Edit: also, weird building in NL - http://cryptogasm.com/webcams/webcam.php?id=18641
Baseball: http://cryptogasm.com/webcams/webcam.php?id=35918
Some sort of dog kennel: http://cryptogasm.com/webcams/webcam.php?id=36541
Kid and dad playing video games: http://cryptogasm.com/webcams/webcam.php?id=35548
Cockroach cam: http://cryptogasm.com/webcams/webcam.php?id=24313
Llamas or alpacas? http://cryptogasm.com/webcams/webcam.php?id=19208
Flamingos: http://cryptogasm.com/webcams/webcam.php?id=23564
Monkeys: http://cryptogasm.com/webcams/webcam.php?id=20433
Giraffes, zebras, ostriches: http://cryptogasm.com/webcams/webcam.php?id=19583
Waterfowl: http://cryptogasm.com/webcams/webcam.php?id=22596
WTF.
Ironic/meta: http://cryptogasm.com/webcams/webcam.php?id=34942
I've always wondered who controlled that camera.
That rack was used for the development of the Rocks Cluster system back in its heyday. Rocks creator, Phil Papadopoulos, is the brother of former Sun CTO Greg Papadopoulos.
EDIT: Someone panned the camera to the other side of the room. Pardon the cable spaghetti - that rack is temporary.
I'm now typing this post from an Ubuntu box that I built last week. I guess I've progressed a little bit ;)
Edit: some other findings
Mouses : http://cryptogasm.com/webcams/webcam.php?id=36548
Caltech Submillimeter Observatory: http://cryptogasm.com/webcams/webcam.php?id=36447
Stange machine (any idea what it is?) : http://cryptogasm.com/webcams/webcam.php?id=36900
http://www.fei.com/products/transmission-electron-microscope...
Chickens, South Korea - http://cryptogasm.com/webcams/webcam.php?id=33410
It's kinda weird, I'm just pressing "random" and seeing what comes up.
There seems to be more than a few that are "street" views, which gives you view of certain cities. So that's kinda interesting.
I'm not complaining though :)
Yet the aggregate effect of all these inexpensive cameras is categorically different than that of any single camera alone. Today these are crappy lo-res cameras, but as bandwidth costs decrease these will become supplanted by high res cameras that can count the pores on your skin and recognition systems that do just that.
Welcome to the future, courtesy of those who are not complaining.
This is the web service behind it. Unfortunately the list is not up to date anymore. https://code.google.com/p/public-viewpoints
http://cryptogasm.com/webcams/webcam.php?id=7779
Yeah, that's good security right there.
MOAR:
Dead bird?? http://cryptogasm.com/webcams/webcam.php?id=7972
Various techniques. A lot of cameras can be found using Google if you know which search string to use (and you have a lot of patience). I also used Shodan (a search engine created by John Matherly) to get a large number of potential webcam feeds. If you've never heard of Shodan before, I recommend watching these videos by Dan Tentler. Whilst I'm hat-tipping people, I should also give a shout-out to the /r/controllablewebcams community on reddit who helped promote this viewer.
Looks like a model train set: http://cryptogasm.com/webcams/webcam.php?id=18939
Side note, a horse and her baby! http://cryptogasm.com/webcams/webcam.php?id=7392
Damn, this is creepy.
This floated around on the interwebs a while ago - part of a vulnerability study that was posted to the blog detailing the approach for generating the set of camera feeds: http://cryptogasm.com/2012/02/list-of-vulnerable-trendnet-we...
Thankfully the camera's very pixelated.
I wonder if it's on purpose?
