Samy Kamkar, a privacy and security researcher, highlighted new types attacks executed from the Internet. An attractive hack he demonstrated was the ability to extract extremely accurate geo-location data from a Web browser, while not using any IP geo-location information.
Kamkar, by convincing the victim to visit his malicious Website, used remote JavaScript and AJAX to acquire a routers MAC address. When the unsuspecting user visited his malicious Web site, JavaScript remotely scanned for the type of router used, accessed the routers MAC address and sent it directly to him. From there, he was able to exploit Google Street View information to find out the location of a router – in his case, precise within 30 feet.
Kamkar, author of an XSS worm that hit MySpace and created over 1 million friends for him in less than 24 hours, illustrates this hack in the video below.
No comments :
Post a Comment