Finding Location Data In Google Maps SSL Sessions by Dennis Fisher February 13, 2012
In the last couple of years, Google and some other Web giants have moved to make many of their services accessible over SSL, and in many cases, made HTTPS connections the default. That's designed to make eavesdropping on those connections more difficult, but as researchers have shown, it certainly doesn't make traffic analysis of those connections impossible. One of the services that Google has made available over HTTPS is Google Maps. Users who are concerned that an attacker could look at their web requests and pinpoint their location can use SSL connections as a way to make that harder. However, researchers at IOActive have found that it's still a relatively simple matter to figure out what locations users are searching for, and therefore, perhaps where they're located themselves. Vincent Berg of IOActive has written a tool that can monitor SSL connections and make some highly educated guesses about the contents of the requests going to Google Maps, specifically looking at what size the PNG files returned by Google Maps are. The tool then attempts to group those images in a specific location, based on the grid and tile system that Google uses to construct its maps. ... https://threatpost.com/en_us/blogs/finding-location-data-google-maps-ssl-sessions-021312 _______________________________________________ Medianews mailing list [email protected] http://lists.etskywarn.net/mailman/listinfo/medianews
