Updated location applet « InterWeb Task Force

Updated location applet « InterWeb Task Force Heres a scenario – you go to a website and they have a signed java applet in their page. This applet could be any signed applet – from a chat application to a speedtest app through to a game. By the simple act of running that applet, you could be giving the website you are visiting your exact location – all thanks to the google location database and your Wifi router. Google’s wifi based location database is built up from two sources – android handsets that report back their location & MAC address of any nearby Wifi and the google streetview cars. So how difficult is it to leverage this information and circumvent your personal security? Shockingly easily actually. As many of you have likely experienced, when ‘signed’ Java applets run you get a nice pop up page from Java saying ‘do you wish to run this signed applet’. How many people just click OK to this and get on with using the applet? quite a few. Even if the applet is self signed, how many users who are less tech savvy will know the difference between a self signed certificate and an official certificate? So you probably noticed the Java applet request when you visited this page. If you clicked ‘yes’ to run it, you should see a box below with ‘show me on a map’. If you did not click yes to the java applet warning when you landed on this page, then you wont see anything where the applet should be. You may also need to enable java if you did not get a security pop up warning! Assuming all went well and you clicked yes, you should see a button at the bottom of this post saying ‘show me on a map’. Clicking it will open a popup window to google maps which will have the location it thinks you are at. Sadly, it still does not work on Macs, purely as I have not had a Mac to play with – though I would imagine the concept is sound on a mac (as under the hood thats BSD) but who knows. Perhaps someone can enlighten me? Id also like to clarify that i do nothing with the data the app gathers – it does not ‘talk back’ to my site, it does not record your location data, it just uses the data it gathers to show you a ‘one time’ map using google maps. Though my point is site operators or java applet makers could very very easily make a similar application talk back to them. This needn’t be a java applet – the concept works equally as well in regular java code that runs as a standalone package on your system. While the code may be clunky and isn’t very useful on its own, what im trying to prove here is the concept of how your location can be harvested remotely by any site where you run a signed Java applet. Sometimes its not going to get your exact location, this can be down to various factors – for example your ‘default gateway’ MAC not being in google’s database. The AppletYou should see the applet here. It may be grey for a bit until it performs its system calls and works out your router MAC. Again, this is likely going to work way way better if you are on Wifi or your wired and Wireless networks share the same default gateway MAC address. Hopefully you see ‘show me on a map’ in the box above and it gives you an accurate location. I hope you found this information useful and helps you better secure your privacy in future.


Карта сайта


Информационный сайт Webavtocat.ru