[access-uk] BBC News - Web attack knows where you live update.
- From: Colin r. Howard <colin@xxxxxxxxx>
- To: access-uk@xxxxxxxxxxxxx
- Date: Wed, 04 Aug 2010 17:15:36 +0100
To: <"Undisclosed-Recipient:;"@gold.pobox.com>
Subject: Fw: BBC News - Web attack knows where you live (update)
From: "Dave Pardy" <pardy@xxxxxxxxxxxx>
Date: Wed, 4 Aug 2010 16:21:01 +0100
One of my really computer literate friends was onto this already & came up
with the following information - Dave
Dave,
On 4 Aug 2010, at 08:46, David Pardy wrote:
Here's a worrying development - D
I could do with a bit more information on this topic. I rather think
something like it has come up before.
There is mention of geo-location on the Firefox help site (see
http://tinyurl.com/34ma83o), but I'm not sure how relevant this is.
Q&A 1:
23 of Sep, 200923 of Sep, 2009
Can someone please tell me just how toggling the geo location setting to
false is supposed help my browsing ? Is it supposed to hide my IP address
from the world or not ?
At a forum I belong to, one of the members has a little utility that spits
your location info back at you via your IP address. The utility is run by a
company called IP2Location.com. Now, even after I toggled my geo location
setting to false AND started a private browsing session, this utility still
picked up my IP address and had me pegged in seconds.
08 of Jun, 2010
A Web server will ALWAYS have access to your source IP.
If that website has some code to map your location based on your Source
IP, this has NOTHING to do with FireFox's Geo Location Services.
That same website can identify your location if you were running IE5.
If you really want to "hide" your source IP, you need an Anonymous Proxy.
The FireFox GeoLocation service is meant to work in conjunction with
websites where you WANT to provide your location for such things as
localized search results, local maps, Google Latitude and similar friend
tracking functions, etc.
Q 2 (not yet answered):
03 of Aug, 2010
This BBC news article http://www.bbc.co.uk/news/technology-10850875 says
that Samy Kamkar has found a way to use the geo-location facility within
Firefox to find out where you live.
It does not take much imagination to see the use criminal hackers can make
of this newly exposed security flaw.
Therefore, does Firefox plan to do anything about this flaw and if so then
how soon will it be fixed?
There are a number of other similar queries, but nobody seems to have
mentioned the router in this context. And I'm not sure, investigating
further, that it's relevant anyway.
However, one of the reportsI found says:
First of all he tricked the user he wanted to locate the whereabouts of,
into visiting a booby trapped website he had already set up, and once they
clicked on that link, Kamkar demonstrated how he can use Google?s tools to
reveal the exact location of that user.
Even I cannot get my Media Access Control (MAC) address from my router
without the password. (I I know a lot of people leave their routers with the
default password.) I wonder if all this implies that someone else can? One
article says:
Web users whose MAC addresses has been logged by the cars and have not
changed the default password for the router are at risk.
Another says:
Of course, a few things have to happen for the attack to work. First, the
router needs to be set to use the default administrative password, or it
needs to be a model that doesn't require credentials to access its system
information page.
(Second), the router's MAC address must already have been recorded by
Google's ubiquitous fleet of Street View cars, which roam the earth snapping
pictures and sniffing select Wi-Fi data.
It would be interesting to see if my MAC address is known to the Google
database, but I've no idea how to find this out. Hopefully it is not,
because I suspect that the cars only gleaned information from routers that
were using WiFi that exposed their presence.
You may like to visit http://www.google.com/privacy-lsf.html and
http://tinyurl.com/2al368o.
However, one of the reports very sensibly observes:
Kamakar described the tactic as ?Geo-location gone terrible?. That said,
targets would have to be using a recent, geolocation-enabled browser and
have the feature enabled. They?d also need to have a stalker with hacking
skills after them. While it?s frightening to think this might happen,
chances are you can relax safe in the knowledge that nobody is likely to be
that interested in tracking you down ? and even if they are they probably
don?t have access to this hack.
I'm afraid this isn't all that clearly set out, but I suspect that I will
continue to sleep easy at nights...
John.
This email has been sent to you by Colin Howard, who lives in a small place
about 8 miles east of Southampton in Southern England.
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
Other related posts:
- » [access-uk] BBC News - Web attack knows where you live update. - Colin r . Howard
