Hi,
when I enable "streaming" my computer opens a port (8081 as default).
When im running a portscan with no yawcam active, this port is listed"stealth", which means you shouldn't be able to use it from the outside.
When i enable yawcam streaming, this port turns into "open".
It's needed for other users to connect to the webstream, but...
is it possible for others to use this opened port of yawcam to infiltrate my computer, or do other evil stuff ?
Online portscan:
https://www.grc.com/x/ne.dll?bh0bkyd2
(Click Proceed)
Thanks.
Security issue ?
-
z3r0c00l12
- Moderator
- Posts: 1210
- Joined: Wed Jan 14, 2009 3:50 am
I'd say NO, but there is a slight chance that someone very smart or very knowledgeable can lookup yawcam's code, find a flaw, then exploit that flaw to send data through yawcam to your computer, but then again, this would only happen if yawcam was running and if there was a flaw.
When yawcam is off, the port is closed and not accepting any communications therefore making it secure.
When yawcam is running, the port is opened but binded to yawcam, so only yawcam can respond to communications on this port. Considering that yawcam runs it's own http server internally, and doesn't run any add-ons such as php which could be flawed, I say it is secure.
z3r0c00l12
When yawcam is off, the port is closed and not accepting any communications therefore making it secure.
When yawcam is running, the port is opened but binded to yawcam, so only yawcam can respond to communications on this port. Considering that yawcam runs it's own http server internally, and doesn't run any add-ons such as php which could be flawed, I say it is secure.
z3r0c00l12
As you say, the port has to be open to be able to show your webcam. And as soon as you open a port, there is a risk that someone can do something nasty if they find a flaw in the software.
Of course I have been careful to make sure this will not happen, however you can never be certain. Even big companies that put millions of dollars into security have security issues in their software. On the other hand they have much more complex software then Yawcam...
Yes, Yawcam runs it's own http server internally without support for scripting languages like php. No add-ons that can be flawed.
/malun
Of course I have been careful to make sure this will not happen, however you can never be certain. Even big companies that put millions of dollars into security have security issues in their software. On the other hand they have much more complex software then Yawcam...
Yes, Yawcam runs it's own http server internally without support for scripting languages like php. No add-ons that can be flawed.
/malun
