Re: [Full-disclosure] Geolocation Question

From: mrx <mrx_at_nospam>
Date: Thu Jan 07 2010 - 22:50:25 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Kaminsky wrote:
> On Thu, Jan 7, 2010 at 11:12 PM, <Valdis.Kletnieks@vt.edu> wrote:
>
>> On Thu, 07 Jan 2010 23:07:01 +0100, Dan Kaminsky said: >>> No, he uses an XSS against the router to pull its wireless MAC, and then >>> puts that into Firefox's location services API. That bounces off various >>> wardriving sources and comes up with a latlong. >> OK, so it only works against wireless routers that have been wardriven >> already. Makes you wonder what's on those Google Street-View trucks >> besides a camera. ;) >>
>
> www.wigle.net and SkyHook have been doing this stuff for a while. Though I
> suppose there is that rule, "It's only creepy if Google does it"
>

Disabling ssid broadcast doesn't mitigate detection either, well not by more than a couple of minutes. If you don't need wireless access disable it.

I used to think Microsoft were creepy. I still think Microsoft are creepy, especially after discovering the phone home features in Win 7. Google on the other hand are plain scary, thankfully unlike Microsoft they are entirely altruistic.

mrx

-- Mankind's systems are white sticks tapping walls. Thanks Roy http://www.propergander.org.uk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS0ZlMbIvn8UFHWSmAQJBhQf+KewhGZYaTYtX7pkBgeGacEwvN4NEe7p8 tL2pWU/XHjrvZZ/N6q0okH0/Pw6KKgEd9zgPVkwst3HnM3af6d5NbGnczlP1NDWg vTljj602USAuFn0U7EaubQf2PbaFLbXHCKfe/0JOar3U4fxu27UAOegm214QcIsM 1oWp+FSSgh6+CaWwkBA5DGMtceyp+fPMQ5ktwIG0r4Yy02OGMojatMAPc+QRx8OA EEbwP8oh9QWYPrp4RX3YjcrOTYEx8kVBXdt/LL2A6wq34LeBcv6mRBIOyeULrKjn PMeC1s2fiKT5dJhr3ze1K3oum8wiNgiUE/Jrj8f6ueO0aFi/Knv72Q== =nLhe
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: ZDI Disclosures: "[Full-disclosure] ZDI-10-001: Novell iManager eDirectory Plugin Remote Code Execution Vulnerability"
Previous message: Dan Kaminsky: "Re: [Full-disclosure] Geolocation Question"
In reply to: Dan Kaminsky: "Re: [Full-disclosure] Geolocation Question"
Next in thread: Paul Schmehl: "Re: [Full-disclosure] Geolocation Question"
Reply: Paul Schmehl: "Re: [Full-disclosure] Geolocation Question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]