So today I took a look at CyberCoders, on my workstation. (Debian Stable x64, Iceweasel, uBlock Origin configured to block all third-party content by default.) About a second after the website rendered, the workstation's webcam turned on for a few seconds. Around the same time, the workstation's outbound firewall blocked a bunch of ICMPv6 pings. After unplugging the webcam, I tried to log in, and was met with an invalid cert SSL error. Needless to say, I did not log in. ... Looking at the logs of my external firewall, I only see stuff going out to CyberCoders domains during that time. Which is as it should be, since uBlock was blocking all the other embedded stuff. But needless to say I'm a bit rattled. I see two possibilities. 1) CyberCoders was compromised, and I got to see some kind of watering hole attack. This makes me quite unahppy, seeing as I'd spent five hours last night cleaning up after another compromise. 2) More sinister: CyberCoders deliberately takes a snapshot of you when you go to their site, and the SSL error was a coincidence. This seems less likely, but cannot be discounted, and the idea makes me even less happy than the previous one; not in the least because I've already gotten some interviews through CyberCoders. ... Needless to say, I am quite interested in hearing what people have to say about this. And in the mean time I will stick with other job sites. Oh, pro tip: make sure your firewall is logging the packets it lets through, not just those it blocks. You may be unpleasantly surprised what you see.