funsec mailing list archives
Re: yeah, right.
From: Dan Kaminsky <dan () doxpara com>
Date: Sun, 16 May 2010 17:16:04 -0400
On Sun, May 16, 2010 at 4:53 PM, Florian Weimer <fw () deneb enyo de> wrote:
* Larry Seltzer:Actually, unless you dispute their factual claims about how it happened it seems perfectly plausible to me that it was a mistake.Apparently, gathering MAC addresses was no accident. Combined with location information from the car, wouldn't that allow tracing the whereabouts of mobile devices in some cases? It's been reported that the excess collection amounted to 600 GB over 3 years. To put this in perspective, I probably wouldn't notice if I retained 60 GB of unnecessary personal email (such as spam) during that time period. 8-/
Sometimes you get a beacon, sometimes you get data. Both have BSSIDs -- MAC addresses in the 802.11 space. There is effectively a 1 to 1 mapping between BSSIDs and SSIDs. The more frames you have -- of any type -- the easier it is determine the effective territory covered by a particular SSID. As anyone with even a lick of experience in radio knows, coverage maps are not simply "n meters from antenna" -- there are complex nonlinear reflections at play. You want lots of samples to build the bounding box. What likely happened here is that they were picking up all possible frames, just to get accurate data. They didn't scrub payloads because they weren't even thinking about payloads. Historically we've mostly cared about data release (thus why TCP log anonymizers aren't built into tcpdump but are external). There's been a bit of a bar move, which is fine, but mostly this is just Team NotGoogle making noise. Still not hearing anyone calling for WIGLE or Skyhook's head. --Dan
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- yeah, right. Paul Vixie (May 15)
- Re: yeah, right. chris (May 15)
- Re: yeah, right. Larry Seltzer (May 15)
- Re: yeah, right. Dave Dennis (May 15)
- Re: yeah, right. Steven Allison (May 15)
- Re: yeah, right. Nick FitzGerald (May 15)
- Re: yeah, right. Robert Graham (May 15)
- Re: yeah, right. Florian Weimer (May 16)
- Re: yeah, right. Larry Seltzer (May 16)
- Re: yeah, right. Dan Kaminsky (May 16)
- Re: yeah, right. Larry Seltzer (May 15)
- Re: yeah, right. chris (May 15)