Archive for April, 2011

Google location tracking can invade privacy, hackers say

Posted in IT Security on April 23, 2011 by cobra

If you’ve got a Wi-Fi network, chances are Google has used its top-selling Android mobile operating system to store your router’s precise location and broadcast it for all the world to see.

Google has been compiling the publicly accessible database of router locations in its quest to build a service, a la Skyhook, that pinpoints the exact location of internet users who use its sites. Now, hobbyist hacker Samy Kamkar has developed a site that demonstrates just how comprehensive Google’s catalog is.

Plug the MAC address of your router into Kamkar’s website, and chances are it will pull up its precise location, courtesy of Google Maps.

In October, Google pledged to stop using its world-roving Street View vehicles to collect Wi-Fi data and said it instead would rely on Android handsets to get the information. When phones running the Google OS detect any wireless network, they beam its MAC address, signal strength and GPS coordinates to Google servers, along with the unique ID of the handset.

Google has long given assurances that it will use the geolocation database only when users give their explicit consent, such as when they want to be spared the hassle of typing in their current address when getting driving directions. But Kamkar has demonstrated at least two hacks that allow operators of unscrupulous websites to pilfer the information from Google’s database anyway, allowing them to know the precise whereabouts of vulnerable visitors.

Click here to read the full article on this matter.


Hacker Pleads Guilty To Theft of 600K Credit Cards, Could Get 10 Years

Posted in IT Security on April 23, 2011 by cobra

Credit cardsA 26 year-old Georgia man pleaded guilty in federal court in Virginia to the theft of hundreds of thousands of credit cards and a years-long fraud scheme that netted him more than $100,000 in illicit profits – money he used to buy himself a BMW and luxury clothing.

Rogelio Hackett of Lithonia, Georgia, admitted to stealing 676,443 credit card accounts and selling that information online. Credit card companies say that stolen accounts were linked to tens of thousands of fraudulent charges that total close to $37 million. Hackett could face ten years in prison and fines of $500,000 when he is sentenced and be asked to make restitution to credit card companies for the tens of millions of dollars in losses, according to a signed statement from the U.S. Attorney.

According to a statement of facts, signed by Hackett, his crime spree began in the late 1990s. A talented hacker, Hackett searched out vulnerable SQL databases online and exploited security vulnerabilities in them to gain access to credit card data.

Click here to read the full article.

IPv6 intro creates spam-filtering nightmare

Posted in IT Security on April 12, 2011 by cobra

The migration towards IPv6, which has been made necessary by the expansion of the internet, will make it harder to filter spam messages, service providers warn.

The current internet protocol, IPv4, has a limited address space which is reaching exhaustion* thanks to the fast uptake of internet technology in populous countries such as India and China and the more widespread use of smartphones. IPv6 promises 3.4 x 1038 addresses compared to the paltry 4.3 billion (4.3 x 109) addresses offered by IPv4.

While this expansion allows far more devices to have a unique internet address, it creates a host of problems for security service providers, who have long used databases of known bad IP addresses to maintain blacklists of junk mail cesspools. Spam-filtering technology typically uses these blacklists as one (key component) in a multi-stage junk mail filtering process that also involves examining message contents.

Please click here to continue reading this full article.