Page 2 of 3 [ 36 posts ]  Go to page Previous  1, 2, 3  Next

StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

03 Aug 2010, 6:01 am

"One visit to a booby-trapped website could direct attackers to a person's home, a security expert has shown. The attack, thought up by hacker Samy Kamkar, exploits shortcomings in many routers to find out a key identification number. It uses this number and widely available net tools to find out where a router is located. Demonstrating the attack, Mr Kamkar locate one router to within nine metres of its real world position." http://www.bbc.co.uk/news/technology-10850875

In plain talk, a web page obtains the Mac address of your router, which is not hard, and cross-references with either Skyhook or Google maps database. My IP address locates to the capital city of my country, and nobody has surveyed access point Mac addresses here yet.

I have always taken the approach that nothing on the web is ever untraceable or anonymous, if anybody were actually interested enough in finding out.



Ichinin
Veteran
Veteran

User avatar

Joined: 3 Apr 2009
Gender: Male
Posts: 3,653
Location: A cold place with lots of blondes.

03 Aug 2010, 10:59 am

StuartN wrote:
I have always taken the approach that nothing on the web is ever untraceable or anonymous, if anybody were actually interested enough in finding out.


Good approach. One should not delude oneself that there is privacy on the net.


_________________
"It is far better to grasp the Universe as it really is than to persist in delusion, however satisfying and reassuring" (Carl Sagan)


Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

03 Aug 2010, 11:02 am

Ichinin wrote:
StuartN wrote:
I have always taken the approach that nothing on the web is ever untraceable or anonymous, if anybody were actually interested enough in finding out.


Good approach. One should not delude oneself that there is privacy on the net.


Or at least, not at least you really know what you're doing, are extremely paranoid, and use multiple proxies.



Jookia
Velociraptor
Velociraptor

User avatar

Joined: 7 Jan 2007
Age: 29
Gender: Male
Posts: 410

04 Aug 2010, 12:22 am

StuartN wrote:
In plain talk, a web page obtains the Mac address of your router, which is not hard, and cross-references with either Skyhook or Google maps database.


Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

04 Aug 2010, 2:40 am

Jookia wrote:
StuartN wrote:
In plain talk, a web page obtains the Mac address of your router, which is not hard, and cross-references with either Skyhook or Google maps database.


Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?


I thought the same about them not being obtainable by webpages actually, glad to hear I was right. They can, however, be used to trace you with services such as SkyHook.



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

04 Aug 2010, 4:01 am

Asp-Z wrote:
Jookia wrote:
StuartN wrote:
In plain talk, a web page obtains the Mac address of your router, which is not hard, and cross-references with either Skyhook or Google maps database.


Mac addresses can't be acquired by web pages and if they could, they certainly can't be used to locate you. Where are you getting this information?


I thought the same about them not being obtainable by webpages actually, glad to hear I was right. They can, however, be used to trace you with services such as SkyHook.


The Mac address is readily obtained by any device on the same subnet, using a command like nmap. The exploit (linked to in my post) is a web script that spoofs a local subnet IP address, to which the router responds by delivering its Mac address. So yes, you can also obtain the Mac address over a web page - I once used a web service for tracking email that returned the Mac address (plus IP address, operating system, browser options and installed software) of all recipients. There is a pile of software that can map the internal structure of an organisation from the outward facing IP address, although doing so may be illegal - ISPs can legally log the Mac addresses connecting to their servers, for instance.

Mac addresses are also locally available from all wireless access points within range - you can see them in your network manager. Both Skyhook and Google have collected Mac addresses in bulk from roadside surveys. A mobile phone with wireless access can provide approximate location (without using GPS) by looking up the location of Mac addresses in the Skyhook or Google database. If your router was switched on when they surveyed your street, then your router's Mac address is probably in there.



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

04 Aug 2010, 4:37 am

StuartN wrote:
The Mac address is readily obtained by any device on the same subnet, using a command like nmap. The exploit (linked to in my post) is a web script that spoofs a local subnet IP address, to which the router responds by delivering its Mac address. So yes, you can also obtain the Mac address over a web page - I once used a web service for tracking email that returned the Mac address (plus IP address, operating system, browser options and installed software) of all recipients. There is a pile of software that can map the internal structure of an organisation from the outward facing IP address, although doing so may be illegal - ISPs can legally log the Mac addresses connecting to their servers, for instance.


So running something like NoScript will prevent this?

Quote:
Mac addresses are also locally available from all wireless access points within range - you can see them in your network manager. Both Skyhook and Google have collected Mac addresses in bulk from roadside surveys. A mobile phone with wireless access can provide approximate location (without using GPS) by looking up the location of Mac addresses in the Skyhook or Google database. If your router was switched on when they surveyed your street, then your router's Mac address is probably in there.


Yup, that's how iPod touches and other iDevices without GPS can get your location.



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

04 Aug 2010, 7:43 am

Asp-Z wrote:
StuartN wrote:
The Mac address is readily obtained by any device on the same subnet, using a command like nmap.


So running something like NoScript will prevent this?


Of course not. That exploit collected assumed geographic location as people visited a web site, but targeted IP scanning just needs the machine switched on (run ZoneAlarm or similar and you will see that your own machine is probably probed once in a while).

The Mac address is public data with limited availability, but necessarily available as part of the network protocol. The Mac address of your router is known to any network that the router joins, i.e. your ISP (and therefore anyone with sufficient authority or access). Anyone else could try ping 1.2.3.4 ; arp -a, which may list the Mac address at IP address 1.2.3.4, or nmap -O -T5 1.2.3.4 to get the operating system, open ports and Mac address of a compliant machine. If 1.2.3.4 is not on your local network, then a port scan may breach the contract with your ISP, or be illegal.

However, I think a lot of this is entirely beside the point - the internet requires ID data of some form to make and maintain every connection, and the vast majority of ID data can be logged if the target is of interest. Nobody should ever assume that anything written on the internet is untraceable or anonymous. Even where information passes through anonymizing systems, there may still remain some ID data that can be matched to another source.



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

04 Aug 2010, 8:11 am

StuartN wrote:
Asp-Z wrote:
StuartN wrote:
The Mac address is readily obtained by any device on the same subnet, using a command like nmap.


So running something like NoScript will prevent this?


Of course not. That exploit collected assumed geographic location as people visited a web site, but targeted IP scanning just needs the machine switched on (run ZoneAlarm or similar and you will see that your own machine is probably probed once in a while).

The Mac address is public data with limited availability, but necessarily available as part of the network protocol. The Mac address of your router is known to any network that the router joins, i.e. your ISP (and therefore anyone with sufficient authority or access). Anyone else could try ping 1.2.3.4 ; arp -a, which may list the Mac address at IP address 1.2.3.4, or nmap -O -T5 1.2.3.4 to get the operating system, open ports and Mac address of a compliant machine. If 1.2.3.4 is not on your local network, then a port scan may breach the contract with your ISP, or be illegal.

However, I think a lot of this is entirely beside the point - the internet requires ID data of some form to make and maintain every connection, and the vast majority of ID data can be logged if the target is of interest. Nobody should ever assume that anything written on the internet is untraceable or anonymous. Even where information passes through anonymizing systems, there may still remain some ID data that can be matched to another source.


That's pretty scary, actually.



kra17
Veteran
Veteran

User avatar

Joined: 14 Feb 2010
Age: 31
Gender: Male
Posts: 594
Location: Sweden

04 Aug 2010, 10:21 am

StuartN wrote:
Both Skyhook and Google have collected Mac addresses in bulk from roadside surveys. A mobile phone with wireless access can provide approximate location (without using GPS) by looking up the location of Mac addresses in the Skyhook or Google database. If your router was switched on when they surveyed your street, then your router's Mac address is probably in there.


Hmm, I thought they were collecting the SSID's, not MAC adresses?


_________________
:bigsmurf: :bigsmurf:


Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

04 Aug 2010, 10:54 am

kra17 wrote:
StuartN wrote:
Both Skyhook and Google have collected Mac addresses in bulk from roadside surveys. A mobile phone with wireless access can provide approximate location (without using GPS) by looking up the location of Mac addresses in the Skyhook or Google database. If your router was switched on when they surveyed your street, then your router's Mac address is probably in there.


Hmm, I thought they were collecting the SSID's, not MAC adresses?


Nah, SSIDs change and multiple people can have the same one, whereas MAC addresses stay the same (in theory anyway, though in practice it's fairly trivial to change), and you generally won't find more than one person with the same one.

I am happy to report, however, that Skyhook's location attached to my MAC address is completely wrong :D



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

04 Aug 2010, 11:20 am

Asp-Z wrote:
kra17 wrote:
Hmm, I thought they were collecting the SSID's, not MAC adresses?


Nah, SSIDs change and multiple people can have the same one, whereas MAC addresses stay the same (in theory anyway, though in practice it's fairly trivial to change), and you generally won't find more than one person with the same one.

I am happy to report, however, that Skyhook's location attached to my MAC address is completely wrong :D


How did you check your Mac location data? Is there a convenient Skyhook (or Google Location) page?

The Mac address is a unique invariant burned into each ethernet device at manufacture. Skyhook's FAQ: How does WPS identify access points? Each access point has a unique Media Access Control (MAC) address which serves as a serial number for that piece of hardware, such as 00-08-74-4C-7F-1D. It broadcasts every 100 milliseconds. WPS uses this MAC address to identify individual routers. ... How many 802.11 access points are known reference points in WPS? Skyhook's reference database contains tens of millions of access points. The coverage area includes tens of thousands of cities and towns across North America, Europe, and Asia.

But seriously everyone, this is a tangent. Consider the very clever Panopticlick Browser Identifier at the Electronic Frontier Foundation - http://panopticlick.eff.org/ - and the methods used to determine uniqueness. All of us have habits (boards we frequent, passwords, usernames) that can almost uniquely link two sets of data. One slip into comfort is enough to de-anonymize an entire alternate identity. From a policing perspective, your computer equipment is unique. From a social networking perspective, your online ID is unique. If you use the same computer or the same online ID in two locations, those two locations are (in principle) linkable, if anyone has the interest, the resources and the power or access to bother.

Try nmap on another PC in your home, try WireShark on your home network, look at the data that your network manager displays about your neghbour's wireless access points. Do a Google on an online ID (for instance stuartn might, or might not, tell you a hell of a lot about me, even reveal enough to guess my password, which I might be stupid enough to use on my home router, and you can get the brand and model name from nmapping my IP address if you want to reprogram it...).



Asp-Z
Veteran
Veteran

User avatar

Joined: 6 Dec 2009
Age: 31
Gender: Male
Posts: 11,018

04 Aug 2010, 11:26 am

StuartN wrote:
How did you check your Mac location data? Is there a convenient Skyhook (or Google Location) page?


iPod touches use it to track your location in the Maps app as they have no GPS hardware, so I tried it on mine and it took me to some random address.

Quote:
The Mac address is a unique invariant burned into each ethernet device at manufacture. Skyhook's FAQ: How does WPS identify access points? Each access point has a unique Media Access Control (MAC) address which serves as a serial number for that piece of hardware, such as 00-08-74-4C-7F-1D. It broadcasts every 100 milliseconds. WPS uses this MAC address to identify individual routers. ... How many 802.11 access points are known reference points in WPS? Skyhook's reference database contains tens of millions of access points. The coverage area includes tens of thousands of cities and towns across North America, Europe, and Asia.


It is easy to spoof a MAC address though, that's what I meant.

Quote:
But seriously everyone, this is a tangent. Consider the very clever Panopticlick Browser Identifier at the Electronic Frontier Foundation - http://panopticlick.eff.org/ - and the methods used to determine uniqueness. All of us have habits (boards we frequent, passwords, usernames) that can almost uniquely link two sets of data. One slip into comfort is enough to de-anonymize an entire alternate identity. From a policing perspective, your computer equipment is unique. From a social networking perspective, your online ID is unique. If you use the same computer or the same online ID in two locations, those two locations are (in principle) linkable, if anyone has the interest, the resources and the power or access to bother.

Try nmap on another PC in your home, try WireShark on your home network, look at the data that your network manager displays about your neghbour's wireless access points. Do a Google on an online ID (for instance stuartn might, or might not, tell you a hell of a lot about me, even reveal enough to guess my password, which I might be stupid enough to use on my home router, and you can get the brand and model name from nmapping my IP address if you want to reprogram it...).


All very true, which is why I never use the same username on more than one site, and I have different passwords on each site, many randomly generated.



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

13 Aug 2010, 3:50 pm

I just found this blog posting: http://fasmz.org/~pterjan/blog/?date=20100813#p01 which contains the following command to access the Google database for the MAC address of the poster's router:

Quote:
curl -X POST -d '{
"version": "1.1.0",
"host": "perdu.com",
"request_address": true,
"address_language": "en_GB",
"wifi_towers": [
{
"mac_address": "56:7a:e8:68:15:4B"
}
]
}' http://www.google.com/loc/json


The output of this command (and equally accurate output for my router) is:

Quote:
{"location":{"latitude":48.868646,"longitude":2.355392,"address":{
"country":"France","country_code":"FR","region":"Ile-de-France","county":"Paris",
"city":"Paris","street":"Rue Sainte-Apolline","street_number":"2","postal_code":"75003"
},"accuracy":150.0},"access_token":"2:yWOkYM4kI79VH1Bj:cvMZFkJhXSflywZB"}


EDIT: And I have just tested this for each of the mobile devices in our family, and they are also listed (with different street names within 150 metres). My eldest daughter's laptop, who is occasionally here, is listed with this address and the (correct) latitude and longitude for her own address in another city.



Seattle_Chris
Yellow-bellied Woodpecker
Yellow-bellied Woodpecker

User avatar

Joined: 18 Jul 2010
Age: 51
Gender: Male
Posts: 51

18 Aug 2010, 8:45 am

I didn't read most of the post, so sorry if this has already been said. But unless you're openly plotting to kill the president or something of that level, the most awesome and easy way to surf anonymous enough for 90% of all people is to get a diamond account with Giganews if you don't already have one. It's like $25 a month. Then you get a free VPN to their servers. Viola'! You're anonymous except vs. serious hackers that are after you and or a long list of federal warrants. :D



StuartN
Veteran
Veteran

User avatar

Joined: 20 Jan 2010
Age: 60
Gender: Male
Posts: 1,569

18 Aug 2010, 4:12 pm

Seattle_Chris wrote:
But unless you're openly plotting to kill the president or something of that level, ...


I think the best and safest course of action is to assume that nothing you do on the internet is anonymous or untraceable. If you work from that assumption and act appropriately, then you are unlikely to attract any attention and unlikely to come to harm.

I can't conceive of many reasonable, legal activities that would be limited by assuming your behaviour is traceable (and that includes reasonable, legal behaviour like accessing pornography or engaging in intimate, personal discussions on a web forum). If I was seriously concerned about anonymity, then I would use a completely separate ID created and used exclusively in library or web cafe computers - anonymity is destroyed the moment you use the same ID from home, or your home ID in the web cafe.