I'm always amaze at how many computer screens/keyboards are visible from windows. It would be so easy to plant a webcam with some good optics on an opposite building and just get the passwords of the victim quite easily. you could have easily a few dozens of victims on a single company with a single camera.
I notice these things too, but at the end of the day the sad news is nothing so exotic is necessary. There are far easier ways to get what you need from a modern office with typical security hygiene.
> There are far easier ways to get what you need from a modern office with typical security hygiene.
Far easier than looking through a window? I'm curious to know! I've seen banks where it would be possible! I expect most of their software to be internal and accessed through a VPN when outside but still.
Well you'd usually need to work to get access to a room to look through the window, so that's not a given :)
I think sending a parcel like in this article, or leaving a USB stick lying around is often an easier task. Even if you window-surf some credentials you most likely can't use them unless you're on the internal network already. At least at my place of work you'd need a VPN token to make any use of my details unless you have physical access to plug in a cable.
> Well you'd usually need to work to get access to a room to look through the window, so that's not a given :)
There's plenty of ways to enter in many buildings without "working there". As long as the physical security there is lower (and there's a ton of reason why it could be) or that it's already open to the public.
> I think sending a parcel like in this article,
That only give you physical proximity. Unless they have bad wifi securities like that article said... that won't give much. People don't talk about password regularly ;).
> leaving a USB stick lying around is often an easier task
That's just hoping right there, Windows autorun hasn't been a thing for a long time, an USB keys that open a terminal is freaking obvious and most people know not to plug any random USB keys. That most probably won't works for any high ranking official.
Almost no one talk about making sure windows doesn't see keyboards though... or even screens, and you'll see that usually, people with higher ranks do have windows closeby ;) (the perks of the ranks).
This is a real problem. While I was working at XBox, we made giant pictures over the windows using colored post-it notes. I remember a really good pixel art megaman that was my favorite. Internal offices sometimes used newspapers to cover over the windows (but maybe that was just advertising, here's someone who works on something you want to see!).
Our company has extremely deeply tinted and reflective exterior windows that even at night (outside) with lights inside, you can barely see in if your face is 1" away from the glass.
That seems like a pretty good way to handle this vulnerability!
I was thinking about how hard managing this risk was and except removing all windows (which I hope everyone will agree is quite bad), it's hard to protect ourself against this issue from all angle and that's even knowing the issue and trying to handle it (which most people won't even do).
