Hak5

Google Maps "Show My Location" feature uses the W3C Geolocation API.

It's an application programming interface designed by the World Wide Web Consortium as a standard for retrieving a client's geographical location. The client will gather geographic information by IP address, WiFi access points, GSM and CDMA cells and GPS. The accuracy depends on the data available. If only IP address is known you'll likely only narrow the location down to your town. If WiFi data is available you're more likely to get within a block. GPS should be pretty spot on.

The API has been implemented in modern browsers; Firefox since version 3.5, Opera since 10.6, Internet Explorer since 9 and of course Google Chrome.

We can test the API with either some example javascript or the Google Maps feature ""Show My Location""

Determining a location based on wireless access points is done by referencing a database of known wifi base stations and their characteristics, such as the unique BSSID or MAC address. The technique of collecting these databases is called War Driving and I'm sure you're familiar with it. Our favorite tools for the job are NetStumbler for Windows, Kismet on Linux and Kismac on OSX.

On such company that collects and maintains WiFi station location databases is Skyhook. They provided the location information for the iPhone until iOS version 3.2, at which point Apple started using their own database.

Another database maintainer is Google, who formerly collected locations from Street View cars and currently using anonymous data captured by Android devices. The former is an opt-in feature of the Android OS.

Of course Skyhook, Apple and Google's databases are for the most part proprietary. There is however an open database. Wigle.net maintains a huge map and database of wireless access points and cell stations submitted by community members wardrive findings.

With all of this in mind, today we're attempting to spoof our location with faked access point information using a Faraday Cage and an MDK3 beacon flood.

Are you sick of using lame backup and recovery programs that cost way too much? Perhaps you're just not a fan of the new terms of service with Dropbox? Well, I found one that might float your boat! SpiderOak is a tool made specifically for backing up, syncing, and recovering your files through Windows, Mac, and Linux. SpiderOak was made by geeks for geeks, especially for the hacker minded. It's more customizable, storage is cheaper, and the privacy is much better than certain backup programs out there because they take a ""zero knowledge"" approach to all data. With that said, though, you're screwed if you forget your password!

There are a lot of features to be had:

Storage Redundancy Savings- SpiderOak will detect redundant copies of the same file and the extra copies wont take up any extra space. For example, if you have the same song uploaded to SpiderOak from your home computer and your work computer, the second one won't take any space. Multi platform synchronization lets you sync files and data from several different types of computers and mobile devices. It'll save historical file versions, just in case you save over something important.

In place of FTP to share and upload files for family and friends, SpiderOak lets you make anything you want public, and you can create a ShareRoom to be accessed via a web URL.

You can retrieve files from any device that's connected to the internets.

And my favorite, the comprehensive zero knowledge data encryption. Most online storage systems only encrypt your data during transmission, meaning anyone with physical access to the servers your data is stored on (such as the company's staff) could have access to it. Or, even if your data is encrypted during storage, your password (or set of encryption keys) is often stored along with your data, thus making its easily decoded by anyone with local access to those servers. With SpiderOak, you create a password on you rPC, not a web form. The password is encrypted so even physical access does nothing. This is why if you lost your password, you're screwed.

Now, pricing isn't too bad. It's less than other backup programs out there! 2 GB are free, or you can get 100 GB for $10 a month which increases per every 100 GB thereafter.

On to playing with the program! So there are several versions, including a 64 bit one. Just download the one that corresponds to your computer from the SpiderOak website.

I'm going to be playing with SpiderOak in this Ubuntu VM just to see how it works in Linux. I am going to download the 32bit version for Ubuntu and go through the installation process. So, as you can see, the installation process is plain and simple. Just follow the on screen instructions. You'll find SpiderOak under Applications-->Internet folder. When you first open it, you'll need to hop over to the website and create a new account. You'll enter your username and verification code (which gets emailed to you) into the program. Then, from the program, you can create a password.

If you've already created your account you can choose Existing User and just enter your UN and PW. It may take a few seconds to completely let you log in because during this process your information is being decrypted. Next you'll be able to install a new device (which means you'll name it, like mine is called Linux VM).

When you first log in, you'll get this nice listing that basically divides all of your files into categories. I prefer advanced mode, so I can choose exactly what I want to back up... My photo can be found on the desktop, so I'll choose it, then click save. Now, if I go to status I can watch the progress of the back up. Under the view tab, you can view all youre backups as well as view ongoing downloads with the downloads manager tool. The Sync tab will let you synchronize filetypes of your choice across various folders. This would be a good thing to use if you have a photo folder on your Linux computer and your Windows machine, and want to sync up both of the folderes to match so you don't have to go from one comp to the other.

Last is the share option. First create a name for your new share folder. Then choose 'New' to create the Shared link. Go through the on screen instruction and you'll see a link to the left side. This can be emailed, copied, and forwarded to other recipients.

So you can tell that SpiderOak is generally a very easy to use program but it's still packed with all the goodies that you'd need when uploading and syncing files.

If you're not familiar with a Faraday Cage it's basically a metal or mesh box that blocks, among other things, radio waves. It was invented back in the 1836 by the English scientist Michael Faraday.

My little faraday cage here is built from an IKEA picture frame and before we get any further: Stand Down HAM Radio Operators!

MDK3 is a tool that exploits weaknesses in 802.11 protocols. It was created by ASPj with the help of the aircrack-ng team and libraries. MDK3 can be found at Pedro Larig's homepage and is built in to the latest version of BackTrack from backtrack-linux.org.

Using the MDK3 beacon flood attack mode and information gathered from the Wigle.net database for the old HakHouse in Williamsburg, VA we'll attempt to spoof our location.