Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using XSS & Google To Find Physical Location

Posted by kdawson on from the how-i-met-your-girlfriend dept.

wiredmikey sends along a brief (and quite poorly written) report from Security Week on Samy Kamkar's talk at Black Hat last week. In the video, which is amusing, he demonstrates how to obtain location information (within 30 feet, in the example he shows) of a user who does no more than visit a malicious website. The technique involves sniffing out the local router, breaking into it to obtain its MAC address, and sending that to Google to extract the router's location from Google's Street View database.

1 of 77 comments (clear)

  1. Re:Not completely accurate by Hi_2k · · Score: 1, Troll

    Holy crap. I just gave it the mac of my parent's router, on a private road in the forests ~30 minutes outside Seattle, and it gave back the correct street address. Then again, what use does this have? Maybe a disoriented traveller could use it to find his way, but other than that I see no reason anyone would be able to abuse mapping MAC address to location. It's a new form of phone book; nothing more.

    --
    When life gives you crap, Make Crapade.
    Sluggy Freelance.