Security Basics mailing list archives

Re: Hacking Pictures?

From: Matthew Caron <Matt.Caron () sixnet com>
Date: Mon, 24 Jan 2011 09:19:56 -0500

On 01/21/2011 11:42 AM, Steven Bonici wrote:
> I was speaking to someone from DHS (not a tech) and he was telling me
> that there are applications that can "look" at a picture taken from a
> cell phone and can get the location of where the picture was taken.

Anything that can read exif tags, for one

http://en.wikipedia.org/wiki/Exchangeable_image_file_format

> Is this true?

Yes.

> If so, can someone provide more information?

Grab any picture you like, dump the exif data. It includes provisionsfor geotagging, and since all modern phones in the US have GPS'sincluded (for 911, even if not user accessible), they often tag pictures.


> If this can be
> done, people posting pictures from their cell phones to social sites
> should be aware of this...

You mean the stuff that Larry Pesce over at PaulDotCom has been workingon forever? ;-) Scraping twitpic to find out what folks are up to, andwhere, etc.


http://www.pcworld.com/article/205296/what_your_digital_photos_reveal_about_you.html

http://www.networkworld.com/community/blog/i-can-stalk-u-geotagged-pics-worth-more-1000-

They even found out where Adam Savage lived:

http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html
--
Matthew Caron
Build Engineer
Sixnet | www.sixnet.com
O +1 518 877 5173 Ext. 138
F +1 518 602 9209
matt.caron () sixnet com

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: Hacking Pictures?, (continued)
- Re: Hacking Pictures? Sven Aluoor (Jan 24)
- Re: Hacking Pictures? Brendan Coles (Jan 24)
- Re: Hacking Pictures? Gustavo Castro (Jan 24)
- Odp: Hacking Pictures? Adrian Ryniec (Jan 24)
- Re: Hacking Pictures? Sherwyn (Jan 24)
- RE: Hacking Pictures? Craig S Wright (Jan 24)
- Re: Hacking Pictures? Jon Janego (Jan 24)
- RE: Hacking Pictures? Murad (Jan 24)
- Re: Hacking Pictures? PacketNull (Jan 24)
  - RE: Hacking Pictures? Steven Bonici (Jan 26)
- Re: Hacking Pictures? Matthew Caron (Jan 24)
- Re: Hacking Pictures? Kim Guldberg (Jan 24)
- RE: Hacking Pictures? Matthew Reed (Jan 24)
- Re: Hacking Pictures? Jeff Stebelton (Jan 24)
- RE: Hacking Pictures? Synja (Jan 24)
- Re: Hacking Pictures? Justin Coffi (Jan 24)
- Re: Hacking Pictures? Joseph P. Cohen (Jan 24)
- Re: Hacking Pictures? Chris Teodorski (Jan 24)
- Re: Hacking Pictures? Tim Gonzales (Jan 24)
- Re: Hacking Pictures? Nibbler nib (Jan 24)
- Message not available
  - Fwd: Hacking Pictures? William Gibson (Jan 25)

(Thread continues...)