OwNd by EXIF – Understand What You Leave Behind

Who are you, Where are you, What are your habits?  It’s no secret these days that your entire life is tracked one way or another, especially if you live in the US.  Your bank knows how much you pay for electricity, what foods you eat, and where you buy gas.  The search engines and social media sites know what you are looking for, what you like, and what your friends like.  And if you were not aware, those photos posted all over the internet provide detail about where you are at a particular time.

Forensic evidence analysis of logs and metadata provide the authorities and criminals everything they need to know.  Look at the CBS local news article from earlier this year that is linked below.  It explains how a suspected member of Anonymous sent a photo to the FBI, which ultimately led to an arrest.


What about your kid’s photos?  Look at this example posted by the FBI in 2011.


Masquerading IP addresses, eliminating log traces, scrubbing tags, and hiding metadata, these are all key skills every hacker or concerned parent must understand.  These skills are not new to those in the hacker community. EXIF news postings have been around for years, however with all the new avenues of media and mobile devices anyone can be caught off guard.  Therefore, caution leaving unknown tracks and understand what your kids may be posting online.

In terms of EXIF there are tools such as Pixelgarde that can change or remove geo tags on your Android and IOS devices. 


Also most mobile phones have features to disable the GPS tracking, but sometimes these features are also used for tracking stolen devices.

Crypto, Encryption, DLP, and Privacy Laws

Doing a project that requires knowledge of international crypto laws.  Here is a great resource that has captured information from several sources and put it on a Google map. 


How about trying to figure out all those privacy laws for DLP?  Here is another map by Simon Hunt for detailing the major international DLP related privacy laws.


Take a look at the DLP map below.

Upcoming Privacy and Security Panel in Las Vegas

For those who are interested I will be sitting on a panel in
Las Vegas on May 22nd.  The topic is “Privacy and Security” Are you Ready!.


This should be a good discussion!  The other panel members are from the FBI and a CPP (Certified Privacy Professional).  The audience is geared more toward auditors, but I will also be talking about how hackers access the data as well as how to secure your privacy data.  See the link below for the 29th annual Gaming Conference.  The time slot for the panel is 10:30 to 11:20am.




I will post another reminder the week before the conference.  If you are going to be there and have any specific topics you want to discuss let me know and I will see if I can accommodate.