Home Business IT Security Google Maps - we know what you're looking at

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics

SSL traffic analysis is good enough to see exactly what location you're looking at on Google Maps.

As we all know, communication between Google Maps and any client is protected via SSL (secure socket layer) aka the browser padlock.  This means that the content of all communication via this session is completely hidden from view.

Well not entirely.  It's actually not immune to all kinds of cunning attacks. 

Today at Ruxcon (the computer security conference), Vincent Berg of scurity company IOactive demonstrated how so-called side-channel analysis can reveal far more than was intended.

What Berg found was that even though encrypted, the 256x256 pixel subsections used to build the map image on the client browser do not radically change their size compared to their un-encrypted cousins.  This meant that he was able to create a image-size map of potential locations and by capturing the data stream between Google and the user could identify the images and use nothing more than their size to re-create the map being viewed.

Currently Berg has built this as a simple proof-of-concept and has only pre-analysed a small number of European cities.  However there is no reason why this couldn't be extrapolated to the entire world at all resolutions, given enough disk storage and processing power.

It would probably be wise to assume every major government has already done this.

The author is attending Ruxcon as a guest of the organisers.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.

Connect