| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 29 Apr 2011 08:25:04 +0200
From: Christian Sciberras <uuf6429@...il.com>
To: "Ivan ." <ivanhec@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: iPhone Geolocation storage
Speak about bullshit. Tomtom has that listed in their EULA, unlike Apple
(who needs an EULA when fanboys follow blindly?)
Besides of which, the police already can be granted (upon request) access to
servers (where your data is already stored in plain text), so I don't see
the big deal.
But hey, if a fridge or a microwave oven is spying on you, it must make big
news. Bigger of course than retards wasting time on Youtube anyway.
On Fri, Apr 29, 2011 at 1:39 AM, Ivan . <ivanhec@...il.com> wrote:
> and now tom tom as well
>
>
> http://crave.cnet.co.uk/cartech/tomtom-admits-to-sending-your-routes-and-speed-information-to-the-police-50003618/
>
> On Thu, Apr 28, 2011 at 9:35 AM, Ivan . <ivanhec@...il.com> wrote:
> > stevie says it just a bug, a patented bug
> >
> >
> http://gawker.com/?_escaped_fragment_=5795442/apple-patent-reveals-extensive-stalking-plans#!5795442/apple-patent-reveals-extensive-stalking-plans
> >
> > On Wed, Apr 27, 2011 at 8:46 PM, <nix@...roxylists.com> wrote:
> >>> M$ are in the love in
> >>>
> >>> http://news.cnet.com/8301-31921_3-20057329-281.html
> >>>
> >>> On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivanhec@...il.com> wrote:
> >>>
> >>>> Interesting write up, and apparently old news....
> >>>>
> >>>>
> >>
> >> If you have jailbroken your phone, just use cydia and search for tool
> >> 'Untrackerd' to fix this issue. This background process reset the file
> >> periodically.
> >>
> >> I have always said this, after you have JB'd your iPhone, then it
> becomes
> >> a phone :) I hated that apple's bullshit where your phone is completely
> >> tied to itunes unless you jailbroke.
> >>
> >>>>
> https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/
> >>>>
> >>>> On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis@...den.com> wrote:
> >>>>
> >>>>> yes, that's right. on one of the forensics lists someone pointed out
> >>>>> that
> >>>>> he started google maps for 6 seconds
> >>>>> and ended up with 1253 locations in the cache, all with the same time
> >>>>> stamp. those would be potential known
> >>>>> locations in your neighborhood.
> >>>>>
> >>>>> much fuller disclosure in
> >>>>>
> >>>>> http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf
> >>>>>
> >>>>> including that the some of the location data comes from.... google.
> >>>>>
> >>>>> it looks like everything gets anonymized, aggregated to 5 digit
> >>>>> zipcodes,
> >>>>> and max retention of 6 months, but don't
> >>>>> talk much about what the device does except when it uploads data.
> >>>>>
> >>>>> the congressional disclosure, while it makes me feel better about
> >>>>> location
> >>>>> data, contains a few choice items like
> >>>>>
> >>>>>
> >>>>>
> >>>>> it's unclear how apple can keep app developers from retaining
> location
> >>>>> data. which doesn't seem forbidden by apple, only by law.
> >>>>>
> >>>>> it's also unclear why they keep really old data in the cache on the
> >>>>> phone.
> >>>>> cache bloat results for little benefit.
> >>>>>
> >>>>> the android doesn't do time-based pruning either and has a similar
> >>>>> location cache with the same data it.
> >>>>>
> >>>>> it appears to me that since the keying is by mac address or the tower
> >>>>> id
> >>>>> that there will only be one timestamped item for
> >>>>> each of those. so if you go around the same neighborhood repeatedly,
> >>>>> the
> >>>>> same data will be in the cache. so not exactly
> >>>>> tracking, just recency.
> >>>>>
> >>>>> but it would seem prudent to both specify and implement the briefest
> >>>>> retention of the location data that was possible to perform
> >>>>> the function expected by the user.
> >>>>>
> >>>>>
> >>>>> On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote:
> >>>>>
> >>>>> >
> >>>>> > I've been poring over my phone's data, and I'm not sure if the
> >>>>> resolution is
> >>>>> > just very low, or if it's logging the locations of towers and not
> my
> >>>>> phone.
> >>>>> >
> >>>>> > Ex: http://imgur.com/2m5tO
> >>>>> >
> >>>>> > I'm going to xref with FCC databases soon to try and find out.
> >>>>> >
> >>>>> > B
> >>>>> >
> >>>>> > (Not speaking for Cisco, only for myself and with nobody's
> approval)
> >>>>> >
> >>>>> > On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor@...il.com> did
> >>>>> declare:
> >>>>> >
> >>>>> >> Already twitted today.
> >>>>> >> Pretty scary btw. I hope there's not the equivalent for Android.
> >>>>> >>
> >>>>> >> antisnatchor
> >>>>> >>
> >>>>> >>>
> >>>>>
> ------------------------------------------------------------------------
> >>>>> >>>
> >>>>> >>> Thor (Hammer of God) <mailto:thor@...merofgod.com>
> >>>>> >>> April 20, 2011 9:05 PM
> >>>>> >>>
> >>>>> >>>
> >>>>> >>> For those of you who have not seen this yet:
> >>>>> >>>
> >>>>> >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html
> >>>>> >>>
> >>>>> >>> Description: Description: Description:
> >>>>> cid:image001.png@...BA43F.5B83F2A0
> >>>>> >>>
> >>>>> >>> /There's no reason to think "outside the box" /
> >>>>> >>>
> >>>>> >>> /if you don't think yourself into it. /
> >>>>> >>>
> >>>>> >>> **
> >>>>> >>>
> >>>>> >>> *My newest book: "Thor's Microsoft Security Bible
> >>>>> >>> <
> >>>>>
> http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597
> >>>>> >>> 495727C:/Users/thor/Documents/Cakewalk>"
> >>>>> >>> *
> >>>>> >>>
> >>>>> >>> **
> >>>>> >>>
> >>>>> >>> *Timothy Thor Mullen
> >>>>> >>> thor@...merofgod.com <mailto:thor@...merofgod.com>*
> >>>>> >>>
> >>>>> >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>*
> >>>>> >>>
> >>>>> >>> _______________________________________________
> >>>>> >>> Full-Disclosure - We believe in it.
> >>>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>> >> _______________________________________________
> >>>>> >> Full-Disclosure - We believe in it.
> >>>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>> >
> >>>>> > _______________________________________________
> >>>>> > Full-Disclosure - We believe in it.
> >>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>> > Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Full-Disclosure - We believe in it.
> >>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>> Hosted and sponsored by Secunia - http://secunia.com/
> >>>>>
> >>>>
> >>>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >>
> >> _______________________________________________
> >> Full-Disclosure - We believe in it.
> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists