It seems that some people are having trouble following the conversation and a basic stream of topical logic.
The initial premise was that somebody could see your passwords by pwning your machine… And using that to… Turn on webcam so they could steal your password so they could… pwn your machine?
I cannot remember the specifics because it’s going back almost 15 years now but at one point…crontab (edit and other various vital tools) was disabled by policy.
To get necessary processes/cleanup done at night, I used a scheduled task on a Windows PC to run a BAT that opened a macro program which opened a remote shell and “typed” the commands.
When they did this for the stated reason of preventing data theft via thumb drive, the mice & keyboards were still plugged into their respective USB ports, and if I really wanted I could just unplug my keyboard and pop in a thumb drive. Drag, drop, data theft, done.
Further to this madness, half of the staff had USB hubs attached to their machines within a week which they had purchased at dollar stores. Like…?
At any time, if I had wanted to steal data I could have just zipped it and uploaded it to a sharing site. Or transferred it to my home PC through a virtual machine and VPN. Or burned it using the optical drive. Or come up with 50 other ways to do it under their noses and not be caught.
Basically just a bunch of dingbat IT guys in a contest to see who could find a threat behind every bush. IT policy via SlashDot articles. And the assumption that the very employees that have physical access to the computers… are the enemy.
Okay I’ll concede that SOMEWHERE in the world there exists a condition where somebody has to prevent the insertion of an unauthorized thumb drive, they don’t have access to the BIOS, they don’t have the password, or that model does not allow the disabling of the ports. No other necessary devices are plugged in by USB. Policy isn’t or can’t be set to prevent new USB devices from being added to the system. And this whole enchilada is in a high-traffic area with no physical security and many with unknown actors.
The point is if they’re going to get access to your PC it’s not going to be to turn on a webcam to see a sticky note on your monitor bezel. They’re gonna do other nefarious shit or keylog, etc.
Oh shit, you just reminded me of the time that I had to PHONE Macromedia to manually activate software because of the firewalling. This was after waiting days to get administrative permission to install it in the first place.
“Thank you” for helping resurface those horrible memories!