Hacker Uses XSS and Google Street View Data to Determine Physical Location

Started by CrackSmokeRepublican, July 16, 2011, 12:56:40 AM

Previous topic - Next topic

CrackSmokeRepublican

Keep in mind... and keep a clip of 30 nearby...--CSR

------
Hacker Uses XSS and Google Street View Data to Determine Physical Location
By SecurityWeek Video on August 02, 2010
Tweet

Black Hat - How I met your GirlfriendSamy Kamkar, in an incredibly interesting session at Black Hat titled "How I Met Your Girlfriend," highlighted new types attacks executed from the Web. An interesting hack he demonstrated, was the ability to extract extremely accurate geo-location information from a Web browser, while not using any IP geo-location data.

Kamkar, by convincing the victim to visit his malicious Web site, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to utilize Google Street View data to determine the location of a router – in his case, accurate within 30 feet.

Kamkar, author of an XSS worm that hit MySpace and generated over 1mm friends for him in less than 24 hours, demonstrates this hack in the video below.

[youtube:1q2y83a2]http://www.youtube.com/watch?v=tRJMIMBVqFI[/youtube]1q2y83a2]
After the Revolution of 1905, the Czar had prudently prepared for further outbreaks by transferring some $400 million in cash to the New York banks, Chase, National City, Guaranty Trust, J.P.Morgan Co., and Hanover Trust. In 1914, these same banks bought the controlling number of shares in the newly organized Federal Reserve Bank of New York, paying for the stock with the Czar\'s sequestered funds. In November 1917,  Red Guards drove a truck to the Imperial Bank and removed the Romanoff gold and jewels. The gold was later shipped directly to Kuhn, Loeb Co. in New York.-- Curse of Canaan

Anonymous

Well not suprising, it is hardly ingenious.

Google has been mapping peoples networks while they have been driving around recording images for streetview as well, although it is not really related to each other. If you have a iphone or some other device, if you go in range of a wireless network, information from the router is transmitted which includes security setting such as wpa2, wep or unsecured and the mac address. Obviously he found a way to link up mac address to where google found the mac address and he put two and two together.

The most impressive thing was to get a persons mac address, the program must have installed somethng on his computer to transmit the ipconfig of his network and he copied the mac address of the gateway which is the router.