58,000 Security Camera Systems Critically Vulnerable To Attackers 157
Sparrowvsrevolution writes with news of some particularly insecure security cameras. From the article: "Eighteen brands of security camera digital video recorders are vulnerable to an attack that would allow a hacker to remotely gain control of the devices to watch, copy, delete or alter video streams at will, as well as to use the machines as jumping-off points to access other computers behind a company's firewall, according to tests by two security researchers. And 58,000 of the hackable video boxes, all of which use firmware provided by the Guangdong, China-based firm Ray Sharp, are accessible via the Internet. Early last week a hacker who uses the handle someLuser found that commands sent to a Swann DVR via port 9000 were accepted without any authentication. That trick would allow anyone to retrieve the login credentials for the DVR's web-based control panel. To compound the problem, the DVRs automatically make themselves visible to external connections using a protocol known as Universal Plug And Play, (UPnP) which maps the devices' location to any local router that has UPnP enabled — a common default setting. ...Neither Ray Sharp nor any of the eighteen firms have yet released a firmware fix."
Never attribute to malice... (Score:2, Interesting)
Re: (Score:2)
What, nobody has complained about this being an intentional backdoor yet? The Chinese are out to get us.
You are first post, people will get saying that in a few...
The Chinese or Uncle Sam ?? (Score:5, Insightful)
The Chinese are out to get us
If I were you, I'll be more worried about Uncle Sam
Re: (Score:1)
worse yet... uncle sam and the chinese collaborating on something like this.
Re: (Score:2)
Uncle Samurai?
Re: (Score:2)
Is there really any difference left?
Re: (Score:3)
Of course the Chinese can't afford to see the U.S. banking system collapse. Just turn around almost everything you can touch. Can you see where it is being manufactured? Who's going to buy the stuff if no one has any money left?
Re:"The Chinese" are Uncle Sam (Score:4, Insightful)
Who's going to buy the stuff if no one has any money left?
The entire rest of the world. China isn't particularly dependent on one country with no money.
Re: (Score:2)
they are when that one country represents nearly their entire customer base.
they are when that one country represents nearly all of the manufacturing contracts for products "made in china".
if the US goes down, China goes with it. China is trying to grow their economcy, not kill it and cause another revolution.
Re: (Score:2)
they are when that one country represents nearly their entire customer base.
Sure, the US is important to China, but "nearly their entire customer base"? Ahh... EU is larger than the US to China (see http://www.stanlib.com/EconomicFocus/Documents/Global/ChinaexportstoEUvsUS.pdf [stanlib.com]). But agreed - letting US go bankrupt would definately be a hit to the Chinese economy.
Re: (Score:2)
Re: (Score:2)
If you owe the bank a little money and you can't pay, you have a problem. If you owe the bank a lot of money and you can't pay, the bank has a problem.
Re: (Score:2)
Say the USA owes you 2 trillion and you're stupid enough to try forcing them to pay up right now. If you're _unlucky_ instead of saying "Fuck off, we'll pay you when its due" the US Gov will tell the Federal Reserve to create the 2 trillion or so to pay you back now.
The Chinese Gov isn't that stupid. They haven't converted enough of their US dollars to tangible stuff yet.
Russia might not care so much - the USA doesn't owe Russia as much a
Re: (Score:2)
Re:Never attribute to malice... (Score:5, Insightful)
What, nobody has complained about this being an intentional backdoor yet? The Chinese are out to get us.
I'm inclined to keep "Never attribute to malice something much stupider than malice would have implemented" in mind as a variant on the usual phrase.
Given the hordes of profit-driven, variously political, and simply lulz-oriented attackers on the internet, relatively blatant backdooring(when you are in the privileged position of being the guys shipping the firmware, no less, hard to ask for more insider access than that) amounts to squandering an advantage. Had the units shipped with, say, a bugged sshd that is hardcoded to always allow access via keypair auth with a specific private key, it is both much more likely that nobody would ever have noticed, and that nobody but the intended attacker would ever have been able to make use of the vulnerability. A wholly unauthenticated hole, on the other hand, is an open invitation to every bot-herder and na'er-do-well on the planet to come and have a rummage through the systems, leading to much greater competition for the creator of the backdoor.
Re: (Score:2)
Re: (Score:3)
Well... If you plug your random DVR (or print server, or any device for that matter) tcp port through your router, you deserve what you get. If you leave upnp on, you deserve what you get. Openvpn costs nothing.
Re: (Score:2)
Re: (Score:2)
Pray it's the Chinese... and it's not SCORPION STARE.
Although if you know what that is and don't have GAME ANDES REDSHIFT clearance, I'm afraid you're in for a change in work environments - hope you like British bureaucracy!
No Surprise (Score:5, Funny)
"As Seen On TV"
Made in China. (Score:2)
Re:Made in China. (Score:5, Funny)
Damn! and i was just looking for a system for my house and my mom's house.
Is your mom hot?
Well, I guess we'll find out soon enough...
Re: (Score:2)
It is 127.0.0.1.
Re: (Score:1)
How to make a fool of yourself with the cops. (Score:2)
No network issue here, I never connected the system to the network.
One of the last things the system recorded, was the wee little hands of the owner's 4 year old grandson, playing with the mouse. He made all 16 little boxes in the status grid turn black. Just 16 little clicks.
Re: (Score:2, Interesting)
#1 lesson. Turn off Universal Plug and Play in your router and turn on the firewall. Open only ports you use.
Re: (Score:2)
Which will protect so well against a child playing with the physical hardware device on the premises.
Re: (Score:2)
yep. I can see that happening again... and coincidentally I just finished firing off an email to an up and coming IP camera and managed wifi vendor that provides free NVR and WAP controller software... too bad none of their "server" software installs as a service. So not even a CHANCE of hiding it from little hands. (unless you want to jump through a bunch of hoops to force it into service mode)
And in this case all the kid would have had to do was THREE clicks to log grandpa's PC off. (thus shutting down t
Re: (Score:2)
Why would you let your kid use the same user account as yourself (or grandpa). Are you a fan of deleted documents? Just make a separate account for DVR, leave the soft running and fast-user-switch out of it. And a separate restricted accoun for the kid.
And on a side note - if the computer recording your cameras is in a place where a 3 year old can access it, this computer will probably be the very first thing stolen - so i think you are making this crap up.
Re: (Score:2)
And on a side note - if the computer recording your cameras is in a place where a 3 year old can access it, this computer will probably be the very first thing stolen - so i think you are making this crap up.
Nobody said Grandpa was smart or thought his cunning plan through... LOL
Re: (Score:2)
The perfect crime...
Remarkable technical prowess! (Score:4, Funny)
Re: (Score:2)
I got a hold of one (ZModo) and after putting a known good hard drive in it it worked for a while and then suddenly the SATA controller must have fried. It will no longer recognize any hard disk. Since I didn't pay all that much for it, I pretty much consider it disposable. I'll probably end up using the cheap cameras I got on something a little less flaky.
Closed up a hole on our DVR (Score:4, Interesting)
Re: (Score:3)
The soul-crushing thing about your story is that it suggests that somebody deliberately went to additional effort to build/install a telnet daemon while hacking the firmware together. That's just sick and wrong.
Re: (Score:2)
That's just sick and wrong.
Not to mention a godsend and a timesaver for debugging. Every embedded application I've ever made whether linux based or some tiny microcontroller on a UART had some terminal based debugging interface.
I'm willing to bet that this is just a leftover from testing that shouldn't have made it out the door.
Re: (Score:2)
Na, they just adapted some else's embedded Linux distro that happened to have telnet running (most do). I doubt they were competent enough to set it up themselves.
This is quite typical of embedded Linux systems. Perhaps they think it will be used on a private network where everyone is a trusted user or something.
Re: (Score:1)
Re: (Score:1)
It didn't break anything. It looks like the telnet is just a leftover from development.
Port knocking (Score:5, Informative)
Port knocking is where the inbound system won't connect until a series of unsuccessful attempts is tried on a known sequence of ports - the system will open the door only when the visitor gives the "secret knock".
For example, a system won't normally accept connection requests. If the visitor attempts (unsuccessfully) ports 1010, 1050, 3042, and 4725 in that order, the system then accepts a connection at port 9000. (Use different numbers and length as needed for security.)
It is nigh impossible for a security audit to detect this type of camouflage. This technique has been well-known for years.
If China were putting back-doors in hardware systems, they could make them virtually impossible to find.
That's circumstantial evidence that this isn't a case of espionage on the part of the manufacturer. It's more likely a flaw in the software or a debugging port that wasn't compiled out in the released version.
Re:Port knocking (Score:5, Interesting)
Port knocking is insane. It's the worst nightmare the security-through-obscurity mindset brought us, and it's so fucking annoying.
My company develops a CCTV DVR/NVR. It's GNU/Linux based, we keep it up to date by offering free updates for life. Upgrades are not a huge firmware blob you need to download and then install (something customers won't do), It's a simple package (we use our own pkg management, and it's slackware-like), usually a few mb of download, but to the customer it's transparent. They just get a warning when they log-in, and the system lets them know via e-mail there are available updates, they can install them with a single click. The whole system is web-based, HTML5, and works out of the box on anything Gecko or Webkit based plus Opera (IE not supported). We don't require additional ports, everything works through a single HTTP port. Everything is session-based. We force the customer to use secure passwords, and to change them frequently. We use uPNP to open that single port, but that's when the customer runs the setup wizard, and we explain what we are going to do, and request customer authorization.
It's easy to do the right thing, and if the manufacturer does the right thing, you don't need any additional security (for example, you don't really need to firewall the damn DVR). Sadly, most manufacturers don't do the right thing. They don't even bother providing upgrades. And the customers don't usually care, even when you offer a better solution, most will go with the generic chinese crap just because it's a few dollars cheaper. That's why more secure and functional solutions such as ours are usually only found in corporations (95% of our customer base).
This issue is not restricted to DVRs, China doesn't give a fuck, and people in general only care about the price tag. That's a deadly combination for the technology used by 90% of the population.
Re: (Score:3)
Sure hope you:
* Make it possible to disable or alter password expiry policies. This sort of thing just pushes people to put them on paper.
* Do not use UPnP without customer authorization.
Otherwise, I wouldn't really trust you / want to use your things.
Re: (Score:2)
You can disable password expire and strength policies, or change them at will in the config. There is a HUGE warning in that page. When the customer uses the product for the first time, there's a wizard that guides them through this process, and it asks them if they want the product to be exposed to the net, then provides the option to try and autoconfigure everything using upnp, or to go to our website to read a guide on how to configure port forwarding on most routers. Same for our free DDNS service, it's
Re: (Score:2)
You mean in the same way that the US doesn't give a fuck? Or the EU. Or any other nation or continent you care to name.
No-one gives a fuck - that's the problem. If the collective we cared, security would be much higher, simply because insecure technology wouldn't sell.
Don't blame China - blame the retailers. Security costs money, and if retailers can save a thousand dollars on a million sales
Re: (Score:2)
That is simply not truth. I know many people that are proud of their country's engineering. I certainly am proud that my company manufactures high quality products right where I am and not in China.
Regardless, no country has lower standards than China.
Re: (Score:1)
works out of the box on anything Gecko or Webkit based plus Opera (IE not supported).
Glad to hear there are people who sell things without IE support to businesses. World's changing for the better.
Re: (Score:2)
We've been doing so since '08. We have four major products (our DVR/NVR family of products,an e-learning platform, an ERP, and a Digital Signage solution). If you access any of our products with IE it'll send you to a landing page explaining why it's not supported, why it's a bad idea to use it, and providing alternatives, plus links and easy installation instructions for every platform. Many people told us that policy would doom us. To the contrary, people loved the idea, and to this day we get emails from
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yes, we do, all of our products come with a self-signed certificate, and SSL by default, customers can upload their own signed certificate if they want.
Re: (Score:2)
You can change the default password policies in the product's config, and even disable it altogether and use IP based or no auth at all.
Our product is targeted towards sysadmins, the idea is to give them the power to force their users to change passwords if they want to in a simple way. The default setting is once every six months.
The logic behind this is simple: People get a new password, they use it in several places, they save it on several computers, they use it on insecure computers they don't own, the
Re: (Score:2)
I have a policy of not advertising on /., It's (yes, my standards are higher than those of the editors) for honest, serious discussion, not marketing.
If you are sincerely interested, mail me and I'll let you know.
Should have been explicit (Score:2)
Yeah, I know. I should have been more explicit in my post.
I'm not saying that port knocking should be the product API. Port knocking is a terrible security measure.
I'm saying that a backdoor could be hidden in such a way that it would be impossible to find - and port knocking is one of those methods. It's simple and effective - even if it's "security by obscurity".
Since this exploit is not well hidden, chances are it isn't a purpose-built backdoor, but more likely an oversight of some kind.
Re: (Score:2)
I thought the same approach could be used with user authentication on websites. You enter your (correct) password, it kicks you out saying "wrong password". You enter it a second time, this time is accepts you.
Right there, you've doubled the amount of time to bruteforce your password.
Or you could combine the port knocking approach. Pick 2 simple passwords. Enter first password, and get a "wrong password" message, enter the second password and you're accepted.
Remember folks, you first saw it here! (or not in
Re: (Score:1)
So, port knocking is secure as long as nobody is listening in anywhere at all between your computer and the remote computer?
Kickass security there. Wouldn't it just be easier to use telnet? Same level of security (just requires nobody between you and the end host), but at least it asks for a password, and a password has a lot more complexity than 65535^4 possibilities.
People smart enough to set up port knocking don't use it as a substitute for private/public key encryption, they simply use it to keep the system from having to fend off dictionary attacks, by keeping the target ports closed. Even after you knock a port open, you still need to authenticate.
UPnP (Score:2)
Is there really anyone in the world who hasn't turned this monstrous security hole off yet?
Re: (Score:1)
no big deal (Score:1)
This is EXACTLY what I've been afraid of! (Score:2)
The previous owner of the motel I work at got ripped off by a company that installed one of these 16 camera systems. The cameras never work right, and I knew something funny was was with the DVR when it said that you need IE and Active-X to watch it!
My current boss occasionally asks me to connect it up like the system his uncle (his boss) has, and I keep blowing him off, not because it would be hard, but because I'd both have to open a hole in the firewall to the outside world AND it would be fully accessi
Re: (Score:1)
Erm...full disclosure, I worked in casinos, and also don't feel like being constantly under surveillance, either...
Just WHERE in a casino can you WORK and not be under constant surveillance?
Re: (Score:3)
Erm...full disclosure, I worked in casinos, and also don't feel like being constantly under surveillance, either...
Just WHERE in a casino can you WORK and not be under constant surveillance?
In the surveillance room?
Cyber War (Score:1)
Next movie plot (Score:2)
Awesome! So will we have a remake of Rising Sun with China as the antagonist instead of Japan?
Let's see, we can work in say a Chinese router manufacturer, and a major U.S. database manufacturer, which buys the tech for a major software platform like say Java, and tie in purchases of real estate by Chinese cartels under assumed names, and uh, the Chinese military of course, and we can have some hot Chinese or maybe Taiwanese-American engineer at some corporate lab or maybe U.S. university.. it all seems to b
It's absurd (Score:1)
Q-See vulnerable too (Score:3, Informative)
I have the QC444 and you can telnet to it as root with no password.
Also when you access the camera, your creds go out via cleartext and you can easily see what your password is.
ActiveX is used to log in and manage the box remotely, also if you use a password longer than 6 characters, you cannot use the PSS software that they put otu on their web site.
There was also some weirdness with it trying to talk to IP address 70.151.24.203
Not a bug... (Score:2)
... but a feature. How else are the cops supposed to erase footage that condemns them and exonerates you?
UPnP (Score:2)
This is the *first thing* I turn off on a router. UPnP is basically a security hole by design.
Thought everyone knew already, been hacking at it (Score:2)
Yahoo group was created in 2009 for some hacking into these.
http://tech.groups.yahoo.com/group/q_see_hack [yahoo.com]
that reminds me of (Score:1)
"Attack" assumes barrier to entry (Score:3)
A local electronics/computer chain (now bankrupt) had all their security webcams on an open wifi network, and all the webcams had the default administrator password ("admin" of course). From a bench outside I was able to see everything going on in the store without even guessing the admin password.
So, Person Of Interest... (Score:2)
....is a documentary, then. Who knew?
Re: (Score:3)
it's not like you should have anything unprotected by a firewall.
Re:well ... (Score:5, Informative)
That these system will punch holes in a upnp capable router is part of the problem. Many people may not realize their DVR is even accessible from outside. Step number one on any home routers I setup is to disable upnp because malicious software also likes to punch holes.
Re:well ... (Score:5, Interesting)
UPNP can trivially allow incoming ports on the firewall. And so what? You allow outbound connections, don't you?
There is very little difference between malicious programs being able to create its own outbound connections and being able to accept inbound connections: In either case, the malicious software is able to communicate and can accomplish whatever nefarious task its creators envision.
Why would I trust a program to create connections but not enough accept them?
In practice, I leave UPNP turned on. If I were paranoid enough to disable it, I'd also be sufficiently paranoid to never, ever execute any code that I'd not written or reviewed myself, with a firewall that denies everything by default in both directions...and I just don't have time for that.
UPNP makes things work better: From BT to software updates to gaming on a PS3, UPNP helps keep the clusterfuck of NAT from being absolutely horrible.
So the score, so far, for UPNP seems to be this:
Problems that UPNP solves for me: Several.
Problems that UPNP creates for me: None.
Meanwhile, TFA is more about the fact that some hardware devices that may never see a software upgrade have one or more security holes which can be exploited over the network...which is interesting and all, but really has nothing to do with UPNP: If such devices were secure and trustworthy to begin with, there would never be a reason to firewall them at all, let along worry about UPNP.
Re: (Score:2)
There is very little difference between malicious programs being able to create its own outbound connections and being able to accept inbound connections: In either case, the malicious software is able to communicate and can accomplish whatever nefarious task its creators envision.
Bullshit. If your device has a reason to create an outbound connection, it is (for the most part) limited to one connection to one place for a specific purpose. (Disregarding intentionally buggered on-board software designed with malicious intent). So your cloths dryer can send you an email telling you its on fire, or your tablet can fetch your email, and stuff like that. However, as pointed out in the present article, even a disbeliever like you should see that opening an inbound port is an entirely di
Re: (Score:3)
> An inbound port is open to the entire world, anyone can connect, and, (baring any on-device security),
> they can do pretty much anything the device is capable of doing.
And 9 times out of 10, unless the homeowner couldn't figure out how to do it, any device that accepts incoming connections on a port probably has a port from the router's public IP address forwarded to its internal IP address *anyway*.
Yes, barring device security, they can do whatever they'd like. That's why the device HAS security. S
Re: (Score:2)
I wish to ${deity} that routers had a "reverse https proxy" function that would accept inbound https connections, strip the ssl, and transparently forward the traffic to the same port of an internal IP address where there's a device that's too stupid to know how to do SSL.
Have you considered setting up a VPN? Routers with integrated VPN functions are affordable these days (e.g. http://www.google.co.uk/products/catalog?q=dsl+router+vpn&sugexp=chrome,mod%3D11&um=1&ie=UTF-8&cid=11302817784067722053&sa=X&ei=Z3UHUfSWJrGp0AWNzYCwAw&ved=0CGMQ8wIwAw [google.co.uk] ). Alternatively, it wouldn't be too hard to set up the system you describe on a server inside your network and just forward your ports on the router to that system.
Re: (Score:2)
Easily fixed with tape or a pen.
It's how I fix the issue I have with 99% of all electronic equipment these days, as they seem to insist on being able to illuminate a room with their "LOOK AT ME!!!" lights. And I think that's the first time in pretty much forever, I've ever wanted to use the blink-tag.
Re: (Score:2)
The best feature of my NEC 2090UXi monitor (other than its beautiful IPS LCD panel) is that the power indicator can be adjusted from a glaring eye-burning blue to either amber or green, and then dimmed to such an extent that it ceases to be bothersome and becomes a useful status indicator. (These functions are part of its on-screen menu
Re: (Score:2)
The single worst offender I can remember, was a mouse with an LED behind the company nameplate so intense, that you could read the name (mirrored) on the ceiling in daylight.
Re: (Score:2)
Bullshit. If your device has a reason to create an outbound connection, it is (for the most part) limited to one connection to one place for a specific purpose. (Disregarding intentionally buggered on-board software designed with malicious intent).
You're disregarding exactly the situation the GGP post was describing as the reason he turned UPNP off. GP's reply was a reasonable response: if you're assuming that software inside your network is malicious, it doesn't need UPNP to cause mischief... it'll probably hook up to an IRC server or similar in order to accept incoming commands, so that isn't a good reason to disable UPNP.
Now, this situation is (presumably) not malicious, but that doesn't make GP's response invalid. OTOH, I have to query how rare
Re: (Score:2)
An outbound port is also open to the entire world: Hence, how your clothes drier can send you an email to tell you that it is on fire (and get a buffer overflow from a compromised SMTP server in exchange, possibly with the help of a poisoned DNS server, MITM attack, etc).
*shrug*
If a device can't be trusted to behave itself on the Big, Bad Internet, it probably shouldn't be trusted in a common LAN environment either (what, with WEP being trivially broken and WPA attackable with surprisingly small effort).
In
Re: (Score:2)
There are several solutions to your problem.
One is to disallow password authentication via SSH. Then you can have weak passwords locally on the machine, and use public key authentication for remote access.
A second one is to only allow remote access to a special account with a long password, and then, when logging in remotely, su to the main account with the short password. This is a bit brittle, but would work.
A third is to re-examine how you're using your system -- you probably don't actually need to suppl
Re: (Score:2)
Re: (Score:3)
Meanwhile, TFA is more about the fact that some hardware devices that may never see a software upgrade have one or more security holes which can be exploited over the network...which is interesting and all, but really has nothing to do with UPNP: If such devices were secure and trustworthy to begin with, there would never be a reason to firewall them at all, let along worry about UPNP.
The connection to UPNP is that these devices are needlessly exposing themselves to attack by automatically opening inbound ports through the router using UPNP.
Re: (Score:3)
Re: (Score:2)
And the root problem there is that the device itself is not secure, not that UPNP allowed the device to be attacked. That a device is going to be attacked should always be assumed as a given, whether or not it is exposed to the Internet as a whole.
If a device that is intended to operate on securely on a network, it had better actually do so securely.
Re: (Score:2)
And the root problem there is that the device itself is not secure, not that UPNP allowed the device to be attacked.
No, both of those are the problem.
Re:well ... (Score:5, Informative)
The difference is simple (but huge). To allow a program or device to make an outgoing NAT connection, i have to assume that it is not malicious. To allow programs and devices map incoming ports via upnp i have to assume that it is not malicious AND it is not buggy enough to allow gazillion script kiddies access to my network. So thanks, but no thanks on the upnp front - i keep my open tcp ports to a minimum.
Re: (Score:1)
You oversimplification is astounding. You act as if you've never heard of PDF, Java, Flash, browser-based, [...] exploits, when in fact there is a broad history of non-malicious programs with various bugs that can allow a
Re: (Score:2)
I did not say that closed TCP ports are an end to all security woes - i do not know where you took that from. I did not quote any probability of different attack vectors. I merely compared upnp on vs. upnp off situation and said that upnp off on the router is more secure than upnp on.
What you are saying, is essentially - "I have my front door key under the mat - and the only three people who used this key are people who i would have let in anyway. And that key under the mat is just common sense as the crook
Re: (Score:2)
Your words, not mine.
The only sane approach (if there is a sane approach) is to mistrust every program, because a buggy program with network access is still buggy whether it can accept external connections or not: If uses
Re: (Score:2)
Again - all i said is that having upnp off is preferrable to having it on. I also hinted that the amount of buggy programs (PC software as well as software in devices like printers, DVRs, etc) is much larger than the amount amount of malicious programs.
I have not talked about any other security measures that are or are not, should or should not be in place. Instead of arguing my point - how and why is upnp on preferred to manually opening minimum number of ports - you attribute me a lot of things i have NOT
Re: (Score:2)
What is the cost to prevent inbound connections, practically nil. If something wants in, I can make a judgement and allow it. I can limit the type of traffic or source of inbound traffic on a specific port. I don't have to trust random developer to use tight restrictions.
Allowing upnp on any sort of "secure" settin
Re:well ... (Score:5, Informative)
Of course the point was that with most standard firewalls in their default setting, this automatically punches it's own holes through the firewall, it's a feature....
So it's more like "it's not like you shoud have this unprotected by a firewall that you have carefully setup yourself without any autoconfiguration options"
Re: (Score:3)
Alternative headline: 58,000 networks needlessly vulnerable because of UPnP usage.
Re: (Score:2)
Of course anyone interested at all in security should have disabled UPnP a long time ago. There's hardly a point to having a firewall if any compromised application can ask for a nice big hole in it whenever it wants.
Re: (Score:2)
WTF?
On another note, "from the your-curtains-are-ugly dept.", my curtains are lovely, thank you.
ON TOPIC, mods, read the headline AND the subtitle!
Re:shunky (Score:5, Funny)
I really don't care about cameras watching rock crushers...
Can someone please post a short-list of the ones covering strip clubs? 58,000 is a lot to sort through. Thanks in advance.
Re: (Score:3)
Or edit the timestamp so that the ATM camera shows you there at the time the cops know that the suspect in the "Chainsaw Castrator" case made a withdrawal. (No hackers involved, that I know of, but back in the early 1990s, the Daily News ran a front-page photo of the suspect in a serial rape case, based on ATM footage. Except, oops, the time stamp was wrong and the poor shmuck was completely innocent.) (http://www.nytimes.com/1991/08/16/nyregion/man-in-photo-is-not-a-suspect.html) Now, consider what could b