Security Basics mailing list archives
RE: Hacking Pictures?
From: Steve Armstrong <stevearmstrong () LOGICALLYSECURE COM>
Date: Mon, 24 Jan 2011 16:08:40 +0000
Eitan, Steven, Most of the main social networks do strip the info, however, it is forums and smaller php based sites that do little upload validation and sanitation (why they are also susceptible to RFI vulnerabilities). A quick check using freeware software will reveal who is not doing what. I run this browser: http://www.snapfiles.com/get/exifbrowser.html when running a recon before a pentest while we are spidering the whole site - it's quite slick and easy to use. Steve Armstrong Logically Secure Ltd | Cheltenham | Gloucestershire | England -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Eitan Adler Sent: 23 January 2011 00:50 To: Steven Bonici Cc: security-basics () securityfocus com Subject: Re: Hacking Pictures? On Fri, Jan 21, 2011 at 11:42 AM, Steven Bonici <sbonici () ilaonline org> wrote:
I was speaking to someone from DHS (not a tech) and he was telling me that there are applications that can "look" at a picture taken from a cell phone and can get the location of where the picture was taken. Is this true? If so, can someone provide more information? If this can be done, people posting pictures from their cell phones to social sites should be aware of this...
Google EXIF data. IMHO social networks should strip this data unless the user requested otherwise but not much can be done about the problem other than user education.
Thanks - Steven
-- Eitan Adler ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ The information contained in this e-Mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in this e-mail is intended to conclude a contract on behalf of Logically Secure Ltd or make Logically Secure Ltd subject to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or incorporates a formal Purchase Order. For persons other than the intended recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful. Registered in England and Wales No: 05967368. Registered Office: Festival House, Jessop Avenue, Cheltenham, Gloucestershire, GL50 3SH
Current thread:
- Hacking Pictures? Steven Bonici (Jan 21)
- Re: Hacking Pictures? Robert Barrow (Jan 24)
- Re: Hacking Pictures? Archangel Amael (Jan 24)
- Re: Hacking Pictures? Morten Wegelbye Nissen (Jan 24)
- Message not available
- Re: Hacking Pictures? Marcel Grabher (sallas) (Jan 24)
- Re: Hacking Pictures? Matthias Appel (Jan 26)
- Message not available
- Re: Hacking Pictures? David Kovar (Jan 24)
- Re: Hacking Pictures? Stephen (Jan 24)
- Re: Hacking Pictures? Robert Craddock (Jan 24)
- Re: Hacking Pictures? Eitan Adler (Jan 24)
- RE: Hacking Pictures? Steve Armstrong (Jan 24)
- Re: Hacking Pictures? Hendrik.Lemelson (Jan 24)
- Re: Hacking Pictures? Sven Aluoor (Jan 24)
- Re: Hacking Pictures? Brendan Coles (Jan 24)
- Re: Hacking Pictures? Gustavo Castro (Jan 24)
- Odp: Hacking Pictures? Adrian Ryniec (Jan 24)
- Re: Hacking Pictures? Sherwyn (Jan 24)
- RE: Hacking Pictures? Craig S Wright (Jan 24)
- Re: Hacking Pictures? Jon Janego (Jan 24)
- RE: Hacking Pictures? Murad (Jan 24)
- Re: Hacking Pictures? PacketNull (Jan 24)