gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 27, 2024, 06:30:50 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Web attack knows where you live
gfx
gfxgfx
 

Author Topic: Web attack knows where you live  (Read 1664 times)

0 Members and 1 Guest are viewing this topic.

Offline DaBees-Knees

  • WMW Team
  • *****
Web attack knows where you live
« on: August 07, 2010, 07:19:35 am »
http://www.bbc.co.uk/news/technology-10850875

Quote
One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown.

The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number. It uses this number and widely available net tools to find out where a router is located.

Demonstrating the attack, Mr Kamkar located one router to within nine metres of its real world position.

'Creepy' attack

Many people go online via a router and typically only the computer directly connected to the device can interrogate it for ID information.

However, Mr Kamkar found a way to booby-trap a webpage via a browser so the request for the ID information looks like it is coming from the PC on which that page is being viewed. He then coupled the ID information, known as a MAC address, with a geo-location feature of the Firefox web browser. This interrogates a Google database created when its cars were carrying out surveys for its Street View service.

 The attack uses data gathered by Google's Street View cars This database links Mac addresses of routers with GPS co-ordinates to help locate them. During the demonstration, Mr Kamkar showed how straightforward it was to use the attack to identify someone's location to within a few metres.

"This is geo-location gone terrible," said Mr Kamkar during his presentation. "Privacy is dead, people. I'm sorry."

Mikko Hypponen, senior researcher at security firm F Secure, attended the presentation and said it was "very interesting research". "The thought that someone, somewhere on the net can find where you are is pretty creepy," he said.  "Scenarios where an attack like this would be used would be stalking or targeted attacks against an individual," he added.

"The fact that databases like Google Streetview's Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly," said Mr Hypponen.

Mr Kamkar detailed the attack during a presentation at the Black Hat hacker conference. In 2005, Mr Kamkar created a worm that exploited security failings in web browsers to garner more than one million "friends" on the MySpace social network in one day.

Prosecuted for the hack, Mr Kamkar was given three years' probation, did 90 days of community service and paid damages. He was also banned from using the net for personal purposes for an undisclosed amount of time.

It seems Googles data collecting is far from innocent regardless of their protests otherwise.  8)


Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Web attack knows where you live
« Reply #2 on: August 07, 2010, 07:42:02 pm »
You mean I,m safe for a change Stripes by using Ie6 ??  My, the world has gone mad  :lol: :lol: :lol:

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Web attack knows where you live
« Reply #3 on: August 07, 2010, 08:46:18 pm »
Thanks Stripes, much appreciated as i'm a firefox user.



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Web attack knows where you live
« Reply #4 on: August 07, 2010, 09:01:18 pm »
as long as you are up to date on all security patches for 6 .... you actually one-upped me... ;)

TBH this is the one 'feature' of html 5 that i hate... it was idiotic to have ever put it in.... others would argue otherwise of couse and true geolocation does have good uses (911* emergency anyone?) but overall... no... i cant find them..

*999 or 112 in uk -- numbers differ slightly elsewhere; http://en.wikipedia.org/wiki/Emergency_telephone_number

--edit--

@max no prob :)

Offline Bluey_412

  • Forum Member
  • I'm Watching...
Re: Web attack knows where you live
« Reply #5 on: August 07, 2010, 11:26:26 pm »
IE8?

(About 6 to 8 PC's in this house using it)
What you think is important is rarely urgent
But what you think is Urgent is rarely important

Just remember that...

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Web attack knows where you live
« Reply #6 on: August 08, 2010, 01:05:06 am »
i dont think any current release of IE supports html 5 geolocation... (someone in the know plz correct me if im wrong)... IE9 may support it but its still in alpha...

as far as security with IE goes just keep up with the security updates microsoft puts out and its as safe as you can get... of course a resident virus scanner is always a good thing too ;)

http://bcheck.scanit.be

browser security test... may crash the browser but the test notifies you of this possibility and what it was that crashed it so you can fix it... ...if there is a fix...

http://secunia.com/vulnerability_scanning/online/?task=intro

this tests more than the browser... needs java (may work with activex... i havent tried..) for insecure software.. trust me when i say take this things advice if it says it found insecure software (note: this will claim winmx is 'end of life' ... technically true... and ofc safe to ignore... other software thats declared 'end of life' you might want to think about...)

Offline Bieb

  • Forum Member
Re: Web attack knows where you live
« Reply #7 on: August 10, 2010, 10:46:10 pm »
I don't see why people still use IE6. So many security holes.. and so much lack of modern html support.   Glad IE9 will not work on xp, maybe then people may upgrade...

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Web attack knows where you live
« Reply #8 on: August 11, 2010, 04:16:21 am »
ie9 is no reason to upgrade the os... esp when 3rd party browsers already outpace it on XP... even with 3d acceleration... firefox using cairo (tries to use GL .. falls back to DX on windows if no GL available... uses GL on linux ofc) for example... opera uses its own thing (not sure what it is but it works and its damn fast)... current gen on xp already have what IE9 needs direct2d to do ;)

as for security.... well.... as long as the web browser is builtin to the OS there will always be security issues...

and for IE6 not supporting standards? yeah... it... sucks.... really really sucks... (position:fixed anyone?) but chrome frame can take care of that and not look like a mutant web browser was just installed (IE7+ UI leaves much to be desired)... ;)

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Web attack knows where you live
« Reply #9 on: August 11, 2010, 06:58:14 am »
"Upgrade" is not a word I use when I speak of MS's newer offerings, they are usually as bug ridden or worse than the previous versions hence scenarios such as this weeks multiple patch releases, creating bloatware has that effect and may make intel and MS plenty of money but in truth delivers little more in the way of functionality to the consumer.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Web attack knows where you live
« Reply #10 on: August 11, 2010, 05:44:30 pm »
if you want a 'new' windows to make up for what xp cant do... like hdds bigger than 2tb or more than 4 (actually 3) gigs of ram... take a side step to server 2003... its been around for a while so patches abound (support ends in 2015)... and win7 and vista have made it easier to get ahold of 64bit drivers for the 64bit verison....

xp 64bit is 2k3 with the luna skin so go for 2k3 unless you want your eye candy...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Web attack knows where you live
 

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.009 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!