Feeds

Researchers expose privacy flaws in Chatroulette

Block and tackle

Security for virtualized datacentres

Privacy shortcomings in Chatroulette expose users to security risks, according to a study by security researchers.

Boffins at the University of Colorado at Boulder and McGill University were able to show that a pre-recorded low-quality video of an attractive woman could fool the majority of participants into thinking the feed was live. The approach might be used as a prelude to phishing attacks, for example. The researchers also found it was possible to use an IP-mapping services to get a general location on another participant. A variety of man-in-the middle attacks, where hackers intercept and potentially manipulate the data stream between two participants, might also be possible.

The upshot of the research is the users of the video chat site may not be as anonymous as they would like to believe.

Chatroulette.com pairs random strangers for webcam-based conversations and IM chat. Either user can move on to the next randomly chosen participant. Women participants are comparatively rare and users are likely to quickly encounter naked young males knocking one off, a phenomenon lampooned on shows such as South Park.

It's not clear whether or not the serious, academic researchers were exposed to smut during their study. Andrey Ternovskiy, the Russian software developer who created Chatroulette, welcomed the research while downplaying its potential impact.

Ternovskiy told IT World that upcoming changes in the site, such as localised chat, will minimise the potential for phishing attacks, which typically rely on conning people about an attackers' location as well as identity. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.