| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Apr 2011 09:35:15 +1000 From: "Ivan ." <ivanhec@...il.com> To: nix@...roxylists.com Cc: full-disclosure@...ts.grok.org.uk Subject: Re: iPhone Geolocation storage stevie says it just a bug, a patented bug http://gawker.com/?_escaped_fragment_=5795442/apple-patent-reveals-extensive-stalking-plans#!5795442/apple-patent-reveals-extensive-stalking-plans On Wed, Apr 27, 2011 at 8:46 PM, <nix@...roxylists.com> wrote: >> M$ are in the love in >> >> http://news.cnet.com/8301-31921_3-20057329-281.html >> >> On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivanhec@...il.com> wrote: >> >>> Interesting write up, and apparently old news.... >>> >>> > > If you have jailbroken your phone, just use cydia and search for tool > 'Untrackerd' to fix this issue. This background process reset the file > periodically. > > I have always said this, after you have JB'd your iPhone, then it becomes > a phone :) I hated that apple's bullshit where your phone is completely > tied to itunes unless you jailbroke. > >>> https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/ >>> >>> On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis@...den.com> wrote: >>> >>>> yes, that's right. on one of the forensics lists someone pointed out >>>> that >>>> he started google maps for 6 seconds >>>> and ended up with 1253 locations in the cache, all with the same time >>>> stamp. those would be potential known >>>> locations in your neighborhood. >>>> >>>> much fuller disclosure in >>>> >>>> http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf >>>> >>>> including that the some of the location data comes from.... google. >>>> >>>> it looks like everything gets anonymized, aggregated to 5 digit >>>> zipcodes, >>>> and max retention of 6 months, but don't >>>> talk much about what the device does except when it uploads data. >>>> >>>> the congressional disclosure, while it makes me feel better about >>>> location >>>> data, contains a few choice items like >>>> >>>> >>>> >>>> it's unclear how apple can keep app developers from retaining location >>>> data. which doesn't seem forbidden by apple, only by law. >>>> >>>> it's also unclear why they keep really old data in the cache on the >>>> phone. >>>> cache bloat results for little benefit. >>>> >>>> the android doesn't do time-based pruning either and has a similar >>>> location cache with the same data it. >>>> >>>> it appears to me that since the keying is by mac address or the tower >>>> id >>>> that there will only be one timestamped item for >>>> each of those. so if you go around the same neighborhood repeatedly, >>>> the >>>> same data will be in the cache. so not exactly >>>> tracking, just recency. >>>> >>>> but it would seem prudent to both specify and implement the briefest >>>> retention of the location data that was possible to perform >>>> the function expected by the user. >>>> >>>> >>>> On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote: >>>> >>>> > >>>> > I've been poring over my phone's data, and I'm not sure if the >>>> resolution is >>>> > just very low, or if it's logging the locations of towers and not my >>>> phone. >>>> > >>>> > Ex: http://imgur.com/2m5tO >>>> > >>>> > I'm going to xref with FCC databases soon to try and find out. >>>> > >>>> > B >>>> > >>>> > (Not speaking for Cisco, only for myself and with nobody's approval) >>>> > >>>> > On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor@...il.com> did >>>> declare: >>>> > >>>> >> Already twitted today. >>>> >> Pretty scary btw. I hope there's not the equivalent for Android. >>>> >> >>>> >> antisnatchor >>>> >> >>>> >>> >>>> ------------------------------------------------------------------------ >>>> >>> >>>> >>> Thor (Hammer of God) <mailto:thor@...merofgod.com> >>>> >>> April 20, 2011 9:05 PM >>>> >>> >>>> >>> >>>> >>> For those of you who have not seen this yet: >>>> >>> >>>> >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html >>>> >>> >>>> >>> Description: Description: Description: >>>> cid:image001.png@...BA43F.5B83F2A0 >>>> >>> >>>> >>> /There's no reason to think "outside the box" / >>>> >>> >>>> >>> /if you don't think yourself into it. / >>>> >>> >>>> >>> ** >>>> >>> >>>> >>> *My newest book: "Thor's Microsoft Security Bible >>>> >>> < >>>> http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597 >>>> >>> 495727C:/Users/thor/Documents/Cakewalk>" >>>> >>> * >>>> >>> >>>> >>> ** >>>> >>> >>>> >>> *Timothy Thor Mullen >>>> >>> thor@...merofgod.com <mailto:thor@...merofgod.com>* >>>> >>> >>>> >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>* >>>> >>> >>>> >>> _______________________________________________ >>>> >>> Full-Disclosure - We believe in it. >>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >> _______________________________________________ >>>> >> Full-Disclosure - We believe in it. >>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>>> > >>>> > _______________________________________________ >>>> > Full-Disclosure - We believe in it. >>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists