Privacy/Security on sites like Stickam

So I've lurked this site awhile and have learned a lot from all the knowledgeable posters here. Hoping one of you guys can help me out with this question.

There seems to be a lot of vulnerabilities related to cam sites such as stickam. The obvious solution would to just stay away from those sites, but what can be done to protect yourself?

Script Kiddies/Hackers/Programmers can easily obtain your IP Address just from you being in a chat. I'm not really sure how but I'm guessing it has to do with Flash leaking this information (correct me if I'm wrong). This is mere speculation but if flash is the culprit, a proxy wouldn't really work, would it? Is the only option using a VPN? I can't imagine all these people have access to a VPN.

Thanks for reading, any info or help would be appreciated.

 

The best thing you can do at a website like Stickam is just keep your personal info to yourself. Unless you have a best friend there, nobody there needs to know a thing about you, and probably shouldn't. As far as IP addresses, every website you go to already knows that, it shouldn't scare you. Knowing an IP address is just a start, if they want to try to hack you, they'll need more than that, and that will involve getting into your system, which is thwarted through your security setup like firewalls, routers and such.

In other words, you're perfectly fine so long as you've got your security ducks in a row and don't go blabbering out your full name and talking about your personal life.

 

Thanks for the reply.

I completely agree that the best thing one can do is not divulge any personal info when they're on the internet. I've always followed this rule, so that's not an issue for me.

Perhaps I'm giving these people too much credit. Many say there isn't much that can be done with an IP address alone, but I have read many accounts where a person's security was severely compromised just from knowing that bit of info. Stories about someone kicking a random person from a chat. Then, he returns and tells them their IP and demands an apology. When the person refuses, his network is "hacked" and he is no longer able to connect to the internet. In addition, the guy also obtained his phone number and started calling him from skype using a bot. Getting someones address, name and phone number just from an IP is scary.

Perhaps there's more to the story, but that was all seemingly done with just an IP address. Was that only because his security setup was vulnerable? And how would you protect yourself in the event of a DDoS attack? I realize it's illegal, but that is not a hindrance to many.

 

I can't get too technical because I'm not an expert at this sort of thing. But, yes, they have to get into your system to "hack your network", and they won't if your router is in place and you don't have any unused ports open, with vulnerable software using said ports. Hacking isn't magic, even the best hackers have to gain access to a system to "pwn" it, and if security is in place to deny that access, then they can't do much. There's far too many of these stories spread around, and the VAST majority of it is either complete BS or poor/non-existing security in place.

By reading all these "major warnings" that pop up in all the news websites about hackers being able to do this and that, and all the tricks to come out of the Black Hat conferences, one would think hackers can just enter a few keystrokes and take over the world. Well, they can't. They aren't gods, they still have to use the technology us mortals use, and if there aren't any holes to exploit, their playground gets shut down.

Get a good firewall, a good antivirus/anti-malware, use a safer browser like Firefox or Chrome, and don't execute files willy nilly, and you'll be perfectly alright. You should also keep any and all software on your system fully updated/patched, and, if you can take the hassle, only allow Javascript on websites you trust. All that and you'll be ready to go. If you really want to make things worse on them, add in a program like Sandboxie that will isolate your browser and keep bad things off your real system (with good configuration, which you can find out about here as well).

 

No, nothing more. Just a story, an urban myth.

 

Stickam will also log users data, if you want to know what they log and how long they store it for download this leaked guide from Cryptome:

Stickam Law Enforcement Guide:
http://cryptome.org/isp-spy/stickam-spy.pdf

 

That makes me feel a lot better. Actually, after I started reading this forum I started getting paranoid. I mean it made me think that there was malware and trojans everywhere..(viruses, trojans, and rootkits..OH MY! )

But what I am using is Eset nod antivirsus, PC Tools free firewall, Keyscrambler Premium, Sandboxie, Returnil, and Xerobank. Do you think that should suffice?

 

Oh sure, Caspian. Heck, Sandboxie alone will do the job for the biggest majority of issues. You will indeed get paranoid being here for any length of time. The way talks around here go sometimes, you risk getting infected just turning on your computer and there's no security measure on earth that can stop a handful of those "Oh my god, it's 2012" malware samples and POCs that sometimes get a thread or two of attention. Just about every seriously scary thing I've read on here regarding infections ended up being more bark than bite with just a little brain use.

 

I agree that if you have a good security setup, you'll be safe 99% of the time. It's that 1% of the time I worry about. Social networking sites, in particular, seem quite vulnerable. There's just so many trolls these days and they're becoming more intelligent and unified. I've seen people get their IP's pulled which led to a whole trickle down effect of other revealing info.

Isn't it true that if someone knows your MAC address, they can find out your physical location? What would happen if they found out your phone number and decided to flood your phone? I guess I'm asking a lot of different things here. You'd have to be specifically targeted for any of this to happen - but it CAN happen. Having sandboxie, a good firewall and antivirus are all good ways to protect your computer - but it wont stop someone truly determined to cause harm to you or your computer. What then? Is VPN the only option?

 

IF someone is willing to go to the lengths you are describing, not even a VPN is going to save you. You either have something someone wants VERY badly, or you were a very, very naughty person (we're talking about somewhat normal, non-dictator run countries here). In a case like that, you'd be wise to pack up, shed your identity and go elsewhere to start anew. Also, if you continually worry about that last 1%, you'll never be secure, and will just drive yourself insane.

 

Eh, you'd be surprised. Plenty of internet tough guys around with lots of time on their hands. It's not really going to great lengths for them - it's their way of life. The same way someone who plays WoW might spend all day leveling up a character. As for the reason? It could be over something as petty as talking to a girl they like.

Ah well.

 

Have you been spying on me? Kidding. I understand your point, but the type of people to do the things you mention need the tools and know-how to really come at you. This is, of course, providing you don't do some of the stupid things I mentioned near the beginning of this thread and haphazardly give out your personal data.

 

What can a person truly do with your IP address other than reveal your ISP? It does show your general location, but not you.

As for the MAC address. People here have said that it is not visible over the internet.

 

It depends on who they are. Your ISP might tell them who was using that IP address at particular times. What they do with that knowledge also depends on who they are, and what there agenda is.

That's true, generally. However, MAC addresses of wireless routers are visible to wardrivers, and also to geolocation websites, if your browser permits that. We've discussed that to death at least once

 

So if you use one of these MAC address changers, will that fool the geolocation service?

 

I gather that MAC addresses of some routers are configurable. Basically, check the manual, or wade through the setup tree, and see what's doable. However, doing that may mess up your router's relationships with other devices (perhaps your ISP, if it's also the broadband modem).

 

That's a good question. My elementary understanding is that one of the first pieces of information a hacker would want is a target's IP Address. Let's assume they can't get you to download a trojan or to visit a malicious site. Wouldn't they run a port scan to find any vulnerabilities on your computer?

 

Unless you really know what you're doing, you don't want to have anything more than a hardware firewall at your IP address, you don't want any ports open, and you don't want your firewall to even acknowledge that it has ports. Have a friend run a full/intense scan with nmap. There's an online nmap scanner, but it won't push very hard (and will only scan the IP that's connecting).

 

Would you also recommend Sheilds Up? https://www.grc.com/x/ne.dll?rh1dkyd2

 

Yes, I've used Shields Up! for many years. I suspect that nmap can push harder.

 

The MAC address is just a function of layer 2 which means that it provides the same function that an IP does but between hardware like switches and NICs. Just like IP (layer 3) it can be changed (if you really want) but it's impossible to get somebody's MAC over the internet because it's hardware-to-hardware not connection-to-connection like TCP/IP. Even if you were to get a MAC, it wouldn't really be able to tell you anything other than perhaps the region/country.