lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BANLkTi=k=XKO=YZee91oBh_baP2vGR4=aA@mail.gmail.com>
Date: Fri, 29 Apr 2011 09:39:50 +1000
From: "Ivan ." <ivanhec@...il.com>
To: nix@...roxylists.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: iPhone Geolocation storage

and now tom tom as well

http://crave.cnet.co.uk/cartech/tomtom-admits-to-sending-your-routes-and-speed-information-to-the-police-50003618/

On Thu, Apr 28, 2011 at 9:35 AM, Ivan . <ivanhec@...il.com> wrote:
> stevie says it just a bug, a patented bug
>
> http://gawker.com/?_escaped_fragment_=5795442/apple-patent-reveals-extensive-stalking-plans#!5795442/apple-patent-reveals-extensive-stalking-plans
>
> On Wed, Apr 27, 2011 at 8:46 PM,  <nix@...roxylists.com> wrote:
>>> M$ are in the love in
>>>
>>> http://news.cnet.com/8301-31921_3-20057329-281.html
>>>
>>> On Tue, Apr 26, 2011 at 8:12 PM, Ivan . <ivanhec@...il.com> wrote:
>>>
>>>> Interesting write up, and apparently old news....
>>>>
>>>>
>>
>> If you have jailbroken your phone, just use cydia and search for tool
>> 'Untrackerd' to fix this issue. This background process reset the file
>> periodically.
>>
>> I have always said this, after you have JB'd your iPhone, then it becomes
>> a phone :) I hated that apple's bullshit where your phone is completely
>> tied to itunes unless you jailbroke.
>>
>>>> https://alexlevinson.wordpress.com/2011/04/21/3-major-issues-with-the-latest-iphone-tracking-discovery/
>>>>
>>>> On Fri, Apr 22, 2011 at 1:59 PM, mark seiden <mis@...den.com> wrote:
>>>>
>>>>> yes, that's right.  on one of the forensics lists someone pointed out
>>>>> that
>>>>> he started google maps for 6 seconds
>>>>> and ended up with 1253 locations in the cache, all with the same time
>>>>> stamp.  those would be potential known
>>>>> locations in your neighborhood.
>>>>>
>>>>> much fuller disclosure in
>>>>>
>>>>> http://markey.house.gov/docs/applemarkeybarton7-12-10.pdf
>>>>>
>>>>> including that the some of the location data comes from.... google.
>>>>>
>>>>> it looks like everything gets anonymized, aggregated to 5 digit
>>>>> zipcodes,
>>>>> and max retention of 6 months, but don't
>>>>> talk much about what the device does except when it uploads data.
>>>>>
>>>>> the congressional disclosure, while it makes me feel better about
>>>>> location
>>>>> data, contains a few choice items like
>>>>>
>>>>>
>>>>>
>>>>> it's unclear how apple can keep app developers from retaining location
>>>>> data.  which doesn't seem forbidden by apple, only by law.
>>>>>
>>>>> it's also unclear why they keep really old data in the cache on the
>>>>> phone.
>>>>>  cache bloat results for little benefit.
>>>>>
>>>>> the android doesn't do time-based pruning either and has a similar
>>>>> location cache with the same data it.
>>>>>
>>>>> it appears to me that since the keying is by mac address or the tower
>>>>> id
>>>>> that there will only be one timestamped item for
>>>>> each of those.  so if you go around the same neighborhood repeatedly,
>>>>> the
>>>>> same data will be in the cache.   so not exactly
>>>>> tracking, just recency.
>>>>>
>>>>> but it would seem prudent to both specify and implement the briefest
>>>>> retention of the location data that was possible to perform
>>>>> the function expected by the user.
>>>>>
>>>>>
>>>>> On Apr 20, 2011, at 12:34 PM, Brandon Matthews wrote:
>>>>>
>>>>> >
>>>>> > I've been poring over my phone's data, and I'm not sure if the
>>>>> resolution is
>>>>> > just very low, or if it's logging the locations of towers and not my
>>>>> phone.
>>>>> >
>>>>> > Ex: http://imgur.com/2m5tO
>>>>> >
>>>>> > I'm going to xref with FCC databases soon to try and find out.
>>>>> >
>>>>> > B
>>>>> >
>>>>> > (Not speaking for Cisco, only for myself and with nobody's approval)
>>>>> >
>>>>> > On 4/20/11 12:11 PM, "Michele Orru" <antisnatchor@...il.com> did
>>>>> declare:
>>>>> >
>>>>> >> Already twitted today.
>>>>> >> Pretty scary btw. I hope there's not the equivalent for Android.
>>>>> >>
>>>>> >> antisnatchor
>>>>> >>
>>>>> >>>
>>>>> ------------------------------------------------------------------------
>>>>> >>>
>>>>> >>> Thor (Hammer of God) <mailto:thor@...merofgod.com>
>>>>> >>> April 20, 2011 9:05 PM
>>>>> >>>
>>>>> >>>
>>>>> >>> For those of you who have not seen this yet:
>>>>> >>>
>>>>> >>> http://radar.oreilly.com/2011/04/apple-location-tracking.html
>>>>> >>>
>>>>> >>> Description: Description: Description:
>>>>> cid:image001.png@...BA43F.5B83F2A0
>>>>> >>>
>>>>> >>> /There's no reason to think "outside the box" /
>>>>> >>>
>>>>> >>> /if you don't think yourself into it. /
>>>>> >>>
>>>>> >>> **
>>>>> >>>
>>>>> >>> *My newest book: "Thor's Microsoft Security Bible
>>>>> >>> <
>>>>> http://www.amazon.com/Thors-Microsoft-Security-Bible-Infrastructures/dp/1597
>>>>> >>> 495727C:/Users/thor/Documents/Cakewalk>"
>>>>> >>> *
>>>>> >>>
>>>>> >>> **
>>>>> >>>
>>>>> >>> *Timothy Thor Mullen
>>>>> >>> thor@...merofgod.com <mailto:thor@...merofgod.com>*
>>>>> >>>
>>>>> >>> *http://www.hammerofgod.com <http://www.hammerofgod.com/>*
>>>>> >>>
>>>>> >>> _______________________________________________
>>>>> >>> Full-Disclosure - We believe in it.
>>>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> >>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>> >> _______________________________________________
>>>>> >> Full-Disclosure - We believe in it.
>>>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> >> Hosted and sponsored by Secunia - http://secunia.com/
>>>>> >
>>>>> > _______________________________________________
>>>>> > Full-Disclosure - We believe in it.
>>>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> > Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Full-Disclosure - We believe in it.
>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ