-
Notifications
You must be signed in to change notification settings - Fork 548
Privacy
tosiara edited this page Jan 3, 2023
·
10 revisions
When developers ask you to provide config files, logs or a core dump, please be sure to remove all sensitive private info from the uploaded files.
Potential issues are:
- Camera username and password stored in config: all them are in plain text
- netcam_url http://camera/stream?user=admin&password=admin
- netcam_url http://admin:admin@camera/stream
- netcam_userpass admin:admin
- stream_authentication admin:admin
- webcontrol_authentication admin:admin
- database_password admin
- Public IP address or domain name as part of netcam url: may be attacked, unauthorized access
- netcam_url http://camera.publicdomain.com/stream
- Log containing netcam url: it may leak credentials as part of url or base64 encoded
- Network Camera thread starting... for url (http://camera/stream?user=admin&password=admin)
- Authorization: Basic YWRtaW46YWRtaW4=
- Other private info may appear in log: server headers, user path, script parameters, etc
To verify, grep files before uploading:
grep -i "netcam_url\|netcam_userpass\|stream_authentication\|webcontrol_authentication\|database_password\|Network Camera\|Authorization: Basic\|http://\|https://\|ftp://\|password\|target_dir\|on_picture_save\|on_movie_end" motion.log motion.conf
Please replace all sensitive strings with ***removed***
- In case of a leaked password - change it as soon as possible
- If you reuse the same password across different accounts - change them too
If you need to encrypt a message for a developer, you can use Github's GPG key. Example:
$ curl --silent https://api.github.com/users/tosiara/gpg_keys | jq -r '.[0].raw_key' > tosiara.asc
$ gpg --import < tosiara.asc
$ echo "See my example video at https://youtube/blahblah" | gpg -e -a -r tosiara@users.noreply.github.com
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
hQEMAzwWtUGzwX+nAQf/ZHMgAZ8LoYr77n/jqkSbhYvgsnn7Ct6eY4JcXg2ioA40
J0zHy8P6d/VL5JSZByEuq24AB0e6do4M9dpWHcNbjI5VtzjiC3EsisMSpc2+fi4e
MUeYzGXHVTWSZqLTOX/mI6rbUQ52MLCzrW6RK4XQolQOcbjppOxz93f/Zy3mhctj
bFtgR0dXsRSuCzXX8Lk8sDnTmib2D7r/cmEkmBa7doD7Gr8dUzTzuncB+ek2S8LB
zfyw89KKA5jfYjnHLy3ZfT6p4fuJjzJb7YGI2uVFHFnllLvTvbAwPdkFKYbdGtzy
ngH2ekJAyc4NA6vsjJXmcMuPgFqW+fGgcAffiahB+tJpAR4AslTFyaZ2QoGL1w+Z
Vx1xjYX+ExK4hUebLPr63AoWsv82YRkbwgrln0UshFTjzym2aQGTo2+HYwNOfDlM
ABRO+sHyatUxcxvYk8EhwyvUbRMx6NVG/UhT/YaIz5Ir5hAYxI6aa/ZX
=bbxQ
-----END PGP MESSAGE-----