Personal privacy could now be considered as dead following the demonstration of extraction of geolocation information from a web browser without using IP geolocation data.
He commented that people do not change their router credentials, and if a user visits a malicious website that creates a form and you can now login to someone's router. “Their browser is compelling this exploit for you, but this is not a geolocation XXXSS attack. Depending on the router you may not need to login at all,” he said.
Kamkar has previously served three years' probation, ending in January this year, for developing the Samy cross-site scripting worm that propagated across the social networking site MySpace.
Mac security firm Intego said that since Google's photo cars recorded MAC addresses, and this information is publicly available, the MAC address can be correlated with the location where it was detected. In many cases, this can be very precise, especially if you 'are in a sparsely populated area.
Graham Cluley, senior technology consultant at Sophos told SC Magazine that social networking is now becoming more geographically specific, with Four Square tipped to be the next website to rise in popularity. He said: “It is now about the ‘World Where Web' and about location, we have seen documented cases where people have posted a status update and been robbed and also been the victim of physical violence. It is one of the growth areas and it is beginning to gain in momentum.”
See original article on scmagazineus.com
Geolocation threats rise following demonstration of router hacking that can pinpoint a person's home
By Dan Raywood on Aug 11, 2010 1:38PM