Who is samy? <ul><li>&quot;Narcissistic Vulnerability Pimp&quot; </li></ul><ul><li>(aka Security Researcher for fun) </li>...
Cyber Warrior <ul><li>Raided </li></ul><ul><li>Computer use lost (Hackers-style) </li></ul><ul><li>700 hours of community ...
Geolocation via XXXSS
Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans her local network for the type of r...
Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans her local network for the type of r...
 
Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans for router type </li></ul><ul><li>L...
Geolocation via XXXSS <ul><li>Remote JS uses AJAX to acquire MAC </li></ul>
Why MAC Address? <ul><li>Just Bing it! </li></ul><ul><li>Type  www.bing.com  in your URL bar </li></ul><ul><li>Type in “ G...
Why MAC Address?
Geolocation via XXXSS <ul><li>Upon MAC acquisition, ask the Google </li></ul><ul><li>See FF source for Location Services <...
Geolocation via XXXSS latitude:  36.0920029 longitude: -123.3461946
Geolocation via XXXSS
Geolocation via XXXSS
NAT Pinning: prevention <ul><li>Strict firewall – don’t allow unknown outbound connections </li></ul><ul><li>Client side –...
Fin phpwn:  samy.pl/phpwn NAT Pinning:   samy.pl/natpin Geolocation via XSS:  samy.pl/mapxss Samy Kamkar www.samy.pl [emai...
Upcoming SlideShare
Loading in...5
×

Samy Kamkar - Geolocation via XXXSS (2010, cutted part of it)

31,037

Published on

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
31,037
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • AMERICA, evercookie, why haven’t you done anything new
  • Probation Honorable people, Probation which was like AOL IRL
  • They know everything. Seriously.
  • How accurate is this?
  • Jack bauer-level triangulation
  • Well, zuckerberg said it best. Privacy is dead
  • Well, zuckerberg said it best. Privacy is dead
  • And that concludes
  • Samy Kamkar - Geolocation via XXXSS (2010, cutted part of it)

    1. 1. Who is samy? <ul><li>&quot;Narcissistic Vulnerability Pimp&quot; </li></ul><ul><li>(aka Security Researcher for fun) </li></ul><ul><li>Creator of The MySpace Worm </li></ul><ul><li>Author of Evercookies </li></ul><ul><li>Co-Founder of Fonality, IP PBX company </li></ul><ul><li>Lady Gaga aficionado </li></ul>
    2. 2. Cyber Warrior <ul><li>Raided </li></ul><ul><li>Computer use lost (Hackers-style) </li></ul><ul><li>700 hours of community service </li></ul><ul><li>Restitution </li></ul><ul><li>Probation </li></ul>
    3. 3. Geolocation via XXXSS
    4. 4. Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans her local network for the type of router she uses </li></ul>
    5. 5. Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans her local network for the type of router she uses </li></ul><ul><li>If necessary, log in with default credentials! </li></ul>
    6. 7. Geolocation via XXXSS <ul><li>Anna visits malicious site </li></ul><ul><li>XXXSS scans for router type </li></ul><ul><li>Logs in with default credentials (if necessary) </li></ul><ul><li>XSS router to load remote malicious JS </li></ul>
    7. 8. Geolocation via XXXSS <ul><li>Remote JS uses AJAX to acquire MAC </li></ul>
    8. 9. Why MAC Address? <ul><li>Just Bing it! </li></ul><ul><li>Type www.bing.com in your URL bar </li></ul><ul><li>Type in “ Google ” in the search box </li></ul><ul><li>Hit enter! </li></ul>
    9. 10. Why MAC Address?
    10. 11. Geolocation via XXXSS <ul><li>Upon MAC acquisition, ask the Google </li></ul><ul><li>See FF source for Location Services </li></ul>
    11. 12. Geolocation via XXXSS latitude: 36.0920029 longitude: -123.3461946
    12. 13. Geolocation via XXXSS
    13. 14. Geolocation via XXXSS
    14. 15. NAT Pinning: prevention <ul><li>Strict firewall – don’t allow unknown outbound connections </li></ul><ul><li>Client side – run up to date browser </li></ul><ul><li>Client side – use NoScript if using Firefox </li></ul><ul><li>Client side – run local firewall or tool like LittleSnitch to know if an application is accessing unknown ports </li></ul>PRIVACY IS DEAD
    15. 16. Fin phpwn: samy.pl/phpwn NAT Pinning: samy.pl/natpin Geolocation via XSS: samy.pl/mapxss Samy Kamkar www.samy.pl [email_address] twitter.com/SamyKamkar * No IRC channels were trolled in the making of this presentation.

    ×