Skip to main content

Posts

Showing posts from May, 2017

Life hack: Save time spying by integrating wiretaps and facial recognition

Patent #9,565,390 B1 was granted February 7, 2017, and it's the best thing to happen to mass surveillance since the people who've done nothing wrong filter.
From the summary: (full text PDFSYSTEMS AND METHODS FOR ENHANCING RECORDED OR INTERCEPTED CALLS USING INFORMATION FROM A FACIAL RECOGNITION ENGINE)
A video stream is received. The video stream can be analyzed in real-time as it is being received or can be recorded and stored for later analysis. Information within the video streams can be extracted and processed by a facial and video content recognition engine and the information derived there from can be stored as metadata. The metadata can be queried for statistical data and/or for business or security analysis.
The metadata can be used to enrich the call content of a recorded or intercepted call. The information derived from the video streams can be used to determine whether or not the call should be recorded.

The inventor is Ofer Shochet of Tel Aviv and the patent is as…

Directory disclosure vulnerability in facial recognition software

There are at least a dozen, most likely many more, Embedded Facial Recognition Systems online on the World Wide Web with a basic software flaw that allows anyone without credentials to browse the /images directory, download log files, and view enrolled images.

I was able to locate the systems on Shodan searching for - html:facial html:recognition html:embedded country:"US" - and once on the log-in pages, simply inspecting the page source revealed the path to the background image.








Navigating one directory up revealed the directory listing, and I was able to navigate to the folder "logs" and download .bmp files of faces enrolled in the system, as well as system files.



It's probably none of my business but I'm one of those people who needs to know what the fuck pic.twitter.com/F453dsf67x — Kenneth Lipp (@kennethlipp) May 6, 2017 Many of the systems seem to be on dedicated IP blocks (inferred from searching Shodan for the IP's ASN, net:"xx.xx.xx.0/24&…

Ranger and Bonker , Predator Drones

Update:
Okay, so that drone video? It was from February, most likely...and it's on a demo server for a DOD supplier. Security through obscurity. — Sean Gallagher 📦🐭 (@thepacketrat) May 5, 2017
You can see the wakes of small boats like a formation of contrails from thousands of feet above -- the next moment the screen flashes and there's a jet-skier astride a bouncing craft leaving behind it a rivulet of foam.

As of noon today this full motion video, FMV, feeding from a camera aboard a MQ-1 Predator circling Choctawhatchee Bay in the Gulf of Mexico, was accessible to anyone with the IP address. The webpage exclaims "Welcome to FMV!" next to three agency logos, the National Reconnaissance Office, the Aerospace Data Facility-East, and the Washington Innovation Center of the Combat Information Center.

Yester'eve as I agoogle browsed, and did see what fish would bite on Shodan, as is my wont, I searched the latter for three letters and ended up watching jet-skiers …