lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 17:59:29 -0800
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Ed Carp <erc@...ox.com>, "Ivan ." <ivanhec@...il.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Feds 'Pinged' Sprint GPS Data 8 Million Times
 Over a Year

Except that if you look at the report, you see that one request was made just 37 seconds after the first, yet only 6 were made in the hour.  So who really knows?  They can obviously request whatever they want when they want.  Also, based on what the reported statement was, anyone with a logon can request location information for a sprint number - there was no mention of some back-end auditing process that ensures that only numbers with a valid search warrant are available; and I'm doubtful that is case since it is a nationally based system.  

This is what anonymous phones are for.

t

-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Ed Carp
Sent: Tuesday, December 01, 2009 5:31 PM
To: Ivan .
Cc: full-disclosure
Subject: Re: [Full-disclosure] Feds 'Pinged' Sprint GPS Data 8 Million Times Over a Year

If you read the article, that 8 million figure is the number of
samplings, not the number of requests or the number of subscribers
monitored.  The article says that they can get data every 3 minutes
over a 60 day period, which is 28,800 samples.  Diving that into 8
million gives you 278 individual subscribers, which is probably much
lower than the number of subscribers actually monitored.  If you
monitor a subscriber for 10 days (a typical number), you get 1667
subscribers monitored, a drop in the bucket of the 48 million
subscribers that Sprint claims it has.

Nothing to see here, I think ... move along, move along... ;)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists