|
|
Introductory Guide to Securing Leopard
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
I like it; nice job with your site. You don't post much, do you?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
Definitely not enough. Will have to hang around here more often
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
Slightly off topic, but regarding a security topic I'm wondering what you think about this report:
How Do Smartphone Stalkers Target You? | FOX 11 News
Fox 11 Los Angeles likes to sensationalize news and often gets a lot of things wrong with their tech reporting, but I was wondering what other informed people think about a story like this. They seem to imply that someone can do a whois on a phone number and get the GPS coordinates from it. Is this generally credible information?
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
The last company I worked for did a lot of research into smartphone stalking. To some extent it's a real issue, as smartphones don't yet have the level of security that exists on computers. That said, the iPhone and the Blackberry are currently more resilient to those types of attacks than Androis and the very vulnerable webOS.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
The security researcher implied that you didn't even need to compromise the handset and that all you need is a phone number to get GPS coordinates for the phone - that it was a network information vulnerability rather than security problems with the handsets. That's what I found compelling about the story.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
In the case of the report you mentioned, it's a completely different matter. It has nothing to do with mobile phone security, or what type of phone it is. That 'attack' simply takes advantage of the way the telephone network is designed, and essentially performs a massive brute-force/data mining attack.
By default the phone networks pass each other caller ID information. What these guys have done is set themselves up with their own PBX, and then spoof calls to themselves FROM your number. They are then able to obtain the caller ID information, and they can also do a reverse phone number lookup. They also receive the MSC (Mobile Switching Center) ID for a large amount of phone numbers. Although the MSC doesn't provide an actual location, they're able to deduce which MSCs refer to which areas. By correlating a user's original address information (obtained from reverse lookups), together with deduced locations based on the MSC, they're able to track where you go as you move between MSCs.
Service providers will need to make a few changes (eg. masking the MSC), in order to prevent this kind of data mining from happening.
If you want full details on how this is done, check out this white paper: http://www.thecarmensandiegoproject....go_Project.pdf
(
Last edited by S_J; Nov 18, 2010 at 06:20 PM.
Reason: Added Link)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Mar 2003
Location: Down by the river
Status:
Offline
|
|
I used the advice from the National Security Agency (NSA) for securing OSX. They also have same info for Windows and a couple Linux distros.
Of course, this a US Governmental organization we're talking so they probably left one backdoor open for their sole use
|
"Like a midget at a urinal, I was going to have to stay on my toes." Frank Drebin, Naked Gun 33 1/3: The Final Insult
|
|
|
|
|
|
|
|
Fresh-Faced Recruit
Join Date: Nov 2007
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|