| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 27 Apr 2011 13:46:52 +0300 From: nix@...roxylists.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: iPhone Geolocation storage > M$ are in the love in > > http://news.cnet.com/8301-31921_3-20057329-281.html > > On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivanhec@...il.com> wrote: > >> Interesting write up, and apparently old news.... >> >> If you have jailbroken your phone, just use cydia and search for tool 'Untrackerd' to fix this issue. This background process reset the file periodically. I have always said this, after you have JB'd your iPhone, then it becomes a phone :) I hated that apple's bullshit where your phone is completely tied to itunes unless you jailbroke. >> https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ >> >> On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis@...den.com> wrote: >> >>> yes, that's right. on one of the forensics lists someone pointed out >>> that >>> he started google maps for 6 seconds >>> and ended up with 1253 locations in the cache, all with the same time >>> stamp. those would be potential known >>> locations in your neighborhood. >>> >>> much fuller disclosure in >>> >>> http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf >>> >>> including that the some of the location data comes from.... google. >>> >>> it looks like everything gets anonymized, aggregated to 5 digit >>> zipcodes, >>> and max retention of 6 months, but don't >>> talk much about what the device does except when it uploads data. >>> >>> the congressional disclosure, while it makes me feel better about >>> location >>> data, contains a few choice items like >>> >>> >>> >>> it's unclear how apple can keep app developers from retaining location >>> data. which doesn't seem forbidden by apple, only by law. >>> >>> it's also unclear why they keep really old data in the cache on the >>> phone. >>> cache bloat results for little benefit. >>> >>> the android doesn't do time-based pruning either and has a similar >>> location cache with the same data it. >>> >>> it appears to me that since the keying is by mac address or the tower >>> id >>> that there will only be one timestamped item for >>> each of those. so if you go around the same neighborhood repeatedly, >>> the >>> same data will be in the cache. so not exactly >>> tracking, just recency. >>> >>> but it would seem prudent to both specify and implement the briefest >>> retention of the location data that was possible to perform >>> the function expected by the user. >>> >>> >>> On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote: >>> >>> > >>> > I've been poring over my phone's data, and I'm not sure if the >>> resolution is >>> > just very low, or if it's logging the locations of towers and not my >>> phone. >>> > >>> > Ex: http://imgur.com/2m5tO >>> > >>> > I'm going to xref with FCC databases soon to try and find out. >>> > >>> > B >>> > >>> > (Not speaking for Cisco, only for myself and with nobody's approval) >>> > >>> > On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor@...il.com> did >>> declare: >>> > >>> >> Already twitted today. >>> >> Pretty scary btw. I hope there's not the equivalent for Android. >>> >> >>> >> antisnatchor >>> >> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> >>> Thor (Hammer of God) <mailto:thor@...merofgod.com> >>> >>> April 20, 2011 9:05 PM >>> >>> >>> >>> >>> >>> For those of you who have not seen this yet: >>> >>> >>> >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html >>> >>> >>> >>> Description: Description: Description: >>> cid:image001.png@...BA43F.5B83F2A0 >>> >>> >>> >>> /There's no reason to think "outside the box" / >>> >>> >>> >>> /if you don't think yourself into it. / >>> >>> >>> >>> ** >>> >>> >>> >>> *My newest book: "Thor's Microsoft Security Bible >>> >>> < >>> http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597 >>> >>> 495727C:/Users/thor/Documents/Cakewalk>" >>> >>> * >>> >>> >>> >>> ** >>> >>> >>> >>> *Timothy Thor Mullen >>> >>> thor@...merofgod.com <mailto:thor@...merofgod.com>* >>> >>> >>> >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>* >>> >>> >>> >>> _______________________________________________ >>> >>> Full-Disclosure - We believe in it. >>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> _______________________________________________ >>> >> Full-Disclosure - We believe in it. >>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>> > >>> > _______________________________________________ >>> > Full-Disclosure - We believe in it. >>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> > Hosted and sponsored by Secunia - http://secunia.com/ >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists