Social Zombies Gone Wild: Totally Exposed And Uncensored presented at OWASP Appsec 2010

by Kevin Johnson (SecurIdeas), Tom Eston (Fortune 500 Financial),

Tags: Security Social Media


Summary : Geolocation technology has significantly evolved over the years. Early use began with simple IP lookups and GPS coordinates. Today, it has evolved to determining your location from cell towers, Wifi access points and more. In fact, geolocation is one of the fastest growing technologies being implemented in everything from web browsers to mobile devices and of course, social networks. This is often implemented and enabled without the user even knowing it.

Social networks have jumped onto the geolocation bandwagon with location-based tweets, status updates, check-ins, mayorships, scavenger hunts and more. This doesn't take into account EXIF, QR codes, advancements in HTML 5 geo implementations and other technology. As social networks throw our location coordinates around like candy, it’s only natural that bad things will happen and abuse of this technology will become more popular.

This presentation will cover how social networks are currently using geolocation, what they plan on doing with it, and a discussion on the current privacy and security issues facing this technology. In addition, the latest tools, techniques and code released by the presenters will be discussed, which can be used to abuse geolocation for the ultimate in location-based stalking power.

Tom Eston: Tom Eston is a penetration tester for a Fortune 500 financial services organization. Tom currently serves as the security assessment team lead. Tom began his career over twelve years ago as a systems and network administrator for several large and medium size businesses. He began his career in security by helping form an information security department for a real estate development company. Tom is actively involved in the security community and focuses his research on the security of social media. He is a contributing author to a social media eBook and has written a Facebook Privacy & Security Guide which is used in several major universities as part of student security awareness programs. Tom is also a security blogger, co-host of the Security Justice podcast and is a frequent speaker at security user groups and conferences. Tom recently gave a talk at Notacon 6 titled "The Rise of the Autobots: Into the Underground of Social Network Bots".