Web attack knows where you live

For discussions about security.
Post Reply
Message
Author
2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

Web attack knows where you live

#1 Post by 2byte »

Heads up folks.
First demonstration of the true purpose of Google's data gathering?

http://www.bbc.co.uk/news/technology-10850875
'Creepy' attack

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed.

He then coupled the ID information, known as a Mac address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service

This database links Mac addresses of routers with GPS co-ordinates to help locate them. During the demonstration, Mr Kamkar showed how straightforward it was to use the attack to identify someone's location to within a few metres.

Top
PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#2 Post by PaulBx1 »

Now the question is, which routers are vulnerable? Is there a way to check our router? etc...
Top
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#3 Post by jpeps »

I just installed Ghostery plugin, which offers some help regarding trackers.
Top
User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:
Contact Lobster

#4 Post by Lobster »

jpeps wrote:I just installed Ghostery plugin, which offers some help regarding trackers.
Perhaps . . .
Ghostery FAQS

What is Better Advertising?

Better Advertising is a new type of company that brings trust to online advertising. We are an intermediary between consumers, advertisers, industry self-regulatory programs and government. We help consumers protect their privacy and keep quality content ad-supported and free.
http://www.ghostery.com/faq

Perhaps not . . .
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D
Top
jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#5 Post by jpeps »

Lobster wrote:
jpeps wrote:I just installed Ghostery plugin, which offers some help regarding trackers.
Perhaps . . .
Ghostery FAQS

What is Better Advertising?

Better Advertising is a new type of company that brings trust to online advertising. We are an intermediary between consumers, advertisers, industry self-regulatory programs and government. We help consumers protect their privacy and keep quality content ad-supported and free.
http://www.ghostery.com/faq


Perhaps not . . .
Paragraph 2:

"Better Advertising is not involved in the collection or sale of any information for advertising purposes. We are not an advertising network or data collection service. We do not collect any data (behavioral or otherwise) for ad targeting, either by ourselves or by third parties."

So far, the ad-on has been helpful blocking lots of trackers. It also gives you information about each site it finds.
Top
User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#6 Post by Pizzasgood »

Change your router's default password, and that will solve the bulk of the problem from what I can tell. But I wouldn't be surprised if the router's MAC can be obtained in other ways.

Another thing you can do is simply change your router's MAC address. Many routers have that as an option in their web-based configuration. That would make any data Google has about it obsolete. And from what I understand, this data was obtained by the streetview crew, so if you live in a region that has not ben street-viewed (such as out in the boondocks where I grew up) you have no issue. Also, if you don't have a wireless router, or have changed it since they mapped you, you also have no issue. Your MAC address is useless to them, as they don't know it.


Here is the URL to his webpage about that attack vector, which apparently contains a demo for people using a Verizon FiOS router. I have encrypted the URL with ROT13 as a safety precaution, because this guy has been convicted of hacking in the past and I don't want some nooblet whining to me if anything happens while they're over there.

uggc://fnzl.cy/znckff/
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Top
John Lewis
Posts: 148
Joined: Mon 03 Dec 2007, 10:19
Location: Albany West Australia

#7 Post by John Lewis »

Grabbed this from Mepis forum. I gave it a try and the coods for me were pretty close.

John

Does Google know where you are? Try this terminal command and find out.
Edit: make sure curl is installed.
Working wifi device is required, too.

Link: http://foss-boss.blogspot.com/2010/08/b ... treet.html


Basically it sends an iwlist scan of nearby wifi signals to Google, and then Google compares that with its known database.
Top
tubby
Posts: 317
Joined: Sat 24 Jan 2009, 15:49

#8 Post by tubby »

Basically it sends an iwlist scan of nearby wifi signals to Google, and then Google compares that with its known database.
And if you weren't on it you could be now, nice one :lol:
Top
John Lewis
Posts: 148
Joined: Mon 03 Dec 2007, 10:19
Location: Albany West Australia

#9 Post by John Lewis »

tubby wrote:
Basically it sends an iwlist scan of nearby wifi signals to Google, and then Google compares that with its known database.
And if you weren't on it you could be now, nice one :lol:
Yes, Guess it might now have the list of nearby wifi but they won't be keyed to the GPS location as it would have been if it was working when they did your street.

I did notice that the street address they gave me was quite a way off.

John
Top
Post Reply

Return to “Security”