[AusNOG] Google creepier than Conroy?

phil colbourn philcolbourn at gmail.com
Sun May 30 16:15:55 EST 2010


I think you need a lot of packets and a lot of time to crack WEP if you are
simply listening. Active system exist, but still take minutes and they send
a lot of packets - so this would be seen as a deliberate attempt to
intercept.


On Sun, May 30, 2010 at 3:23 PM, Matthew Moyle-Croft
<mmc at internode.com.au>wrote:

>
> On 30/05/2010, at 1:33 PM, Bevan Slattery wrote:
>
> >
> > Phil,
> >
> >>> The data or data fragments that Google may have collected was
> >> unintentional - they clearly don't need it to do geo-location
> >> - and it would be difficult to associate it with a particular
> >> individual or business - like taking a photo in a public place.
> >
> > First, grabbing such information isn't so they can use it to create a
> > geo-reference.  They capture it so they can attach it to a
> > geo-reference.  Having someone's MAC address or IP address along with
> > the 'photo' taken at that time, along with the position of the car,
> > which is then cross referenced to the GNAF database is what is going on
> > here.  So they will know that at any physical address where a photo is
> > captured, so too is the IP address, MAC address and whatever other
> > information was transmitted.  Handy to know that when you log-in to your
> > Gmail account or any of the millions of sites that run ad-words.
>
> I don't think the MAC address would be useful in doing geolocation.
>
> IP address maybe, but most IPs on unsecured wifi would be, at the moment,
> behind NAT, so you might see a lot of 192.168 addresses for example for the
> "customer" side.
>
> So, you'd have to capture a fair bit of data in order to look deeper into a
> bit stream to find other data to cross reference to generate much more
> useful data.  (eg.  http cookies etc).   You'd need a bit longer to grab
> that kind of frame level.
>
> Probably much more than you'd get driving past for a few seconds at each
> house.    You'd have to see some frames with http cookies or something.
> You'd also have to be driving past whilst something was communicating and
> using an insecure wifi service.   Except for basic WEP, if you're using
> something more modern (WPA etc) then my understanding is that you'd need
> more than a few seconds of data to get enough to reverse engineer the keys.
> (note: I'm not entirely up on the research here).
>
> Given that the Google cars were driving around during the day (for good
> light), it seems the data would be fairly incomplete (most people aren't at
> home during the day) compared to looking at 802.11 itself for doing
> Geolocation based on basic 802.11 details.
>
> So, it's not clear to me if they actually recorded data which would have
> been that useful.
>
> MMC




-- 
Phil

http://philatwarrimoo.blogspot.com
http://code.google.com/p/snmp2xml

"Someone has solved it and uploaded it for free."

"If I have nothing to hide, you have no reason to look."

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke - Who does magic today?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100530/215e6e46/attachment.html>


More information about the AusNOG mailing list