geo location tagging and IPhone :

I am sure lot of articles were written on geo location tagging of the iPhone pictures and with different opinions. For some it was convenience and for others it was privacy issue.

I believe in having a choice. As long as users have ability to turn on or off the given feature, it shouldn't matter. However Apple crossed the line when they stored this data on the phone without user's consent or knowledge. In this blog I am primarily going to talk about extracting metadata information , (including geo location tag ) from any pictures.

Metadata is data about a data, and in our case its data about the picture or photo itself. When was picture taken ? From Which camera it was taken? Where it was taken ?

Why it is important to know about this ? Well to start with , we dont need to upload the pictures on facebook and twitter mindlessly because it contains lot more information about you and your device than you think.

Another reason is that, same technique can be used to exchange information secretly ! Thats cool isn't it ? I can edit the metadata and send the picture to you while for others its just a picture, the receiver will exactly know what was communicated through metadata. To make things even more hard to crack we can use encrypted message in Metadata. Though this project will be for later date, I am going to focus on retrieving information from the pictures.

Today we are going to select any random picture and will determine its location and device identity. You ready?
Pre-requisite:
If you want to have some fun, download EXIF Viewer  and keep world Atlas open in the other window.

Experiment:
To start with, take a picture from your own cell phone or select any picture from your library (preferably picture taken from your Cell phone). I have downloaded the picture as below.

Now drag the picture on to your EXIF viewer and you will see information as below. Most importantly you will see device information in this case iPhone 3GS and the geo location tags where the picture was taken !

Now here comes the best part , take the coordinates in Latitude and Longitude and stick it in to World atlas. In our case it is ,  Latitude N 37 34.67 and Longitude W 122 2.35

You should see something as below. Clearly you know the location that the picture was taken in Fremont California!

Isn't it cool ?  I am sure there are ways and means to strip the metadata from the pictures. I would let you research on it  and if you think some of the metadata strippers are worth sharing then please provide the link in the comment section.

Design Inner security layers assuming outer security layers are already breached

Lockheed Martin, EMC, Sony: Design Inner Security Layer assuming Outer Layer is already breached.
Recent breach at Lockheed Martin, confirmed that the attacks we saw with Aurora and Stuxnet are just the beginning of the new era of the targeted attack. Now cybercriminals are executing perfect plan to get closer to the target without raising any red flags. In case of Aurora attack, more than 30 US companies were breached. Apparently Google lost its intellectual property (IP) in this attack. Attack was identified by McAfee. We were very sure that this is not the end but the beginning of the new era and paradigm shift is required as soon as possible.
Sure enough, there were series of attacks, such as Night Dragon, attack on EMC which put SecureID tokens at risk, Sony, and recently Lockheed Martin.
Lockheed Martin is very important for USA as a defense contractor. Some of the most critical information such as the arsenal used in Afghanistan war and future military technology information are residing in Lockheed Martin network. I don’t want to speculate how the attackers were able to break in. There are multiple theories, such as Spear-Phishing, and some of the blogs and reports are correlating Lockheed Martin attack with EMC breach and attackers came in via VPN. Lockheed Martin has officially neither confirm nor denied this. So we have to wait for this information to unfold.

However one thing is for sure, that we need paradigm shift. At McAfee we see 55,000 new malware every day. There are 2,000,000 (2 Million) malicious website detected every month. These numbers are just unmanageable by patches or blacklisting technology alone. But before we talk about solution let’s look at the anatomy of an attack. Any attack involves following three stages.
1. Exploit the service or application.
2. Drop and execute the payload either in the memory or on the disk and
3. Finally get p0wned!!

You should be able to dissect any attacks in to these three stages. Aurora, Night Dragon, Stuxnet, and possibly other future attacks. Let me briefly explain the protection. For blacklisting solution, we need to have a signature to stop the vulnerability or the behavior based detection to identify something is wrong but behavior based detection is not 100% and signature for zero day vulnerabilities are not available. So Attackers will be able to successfully be able to go to step 2 after exploiting the “zero” day vulnerability. Don’t forget, Stuxnet used four “Zero Day” Vulnerabilities. So it is not a story from Mission impossible or Sword Fish movie. This is real. Once the vulnerability is exploited it’s time to execute payload and connect to command and control center to download some more malicious code such as keyloggers and sniffers.
But with paradigm shift to application white-listing solution, you can protect against such attacks at all stages. Memory protection will prevent attacker from exploiting the vulnerability and in case attacker was successful in exploiting the vulnerability, the payload will not be able to execute from the disk or from the memory because payload is not part of the white list.
It’s time to change the paradigm, and we need combination of white-list and blacklisting solution.
Look out for the solution which can cater to your server and desktop environment and supports *nix and windows operating system.
For Lockheed Martin , there is a possibility that it is linked to RSA token breach or maybe not, but we have to design our defenses in layers in such a way that while designing internal layer we are assuming that outer defense layer is already breached. Application white-listing is definitely going to play huge role in security architecture in the years to come! So next time when you are designing the security architecture with VPN, Firewall and two factor authentication and Antivirus , ask yourself a simple question, if there is a zero day vulnerability, will that be prevented with any of these technology?