Re: MAC addresses and privacy...

Worth noting that this attack doesn't even involve any advanced web APIs.
It's a generic XSS against the web-based interfaces that home gateways
present.  The more general concern is of course the existence of
MAC-to-location databases.

On Oct 4, 2010 2:09 PM, "David Singer" <singer@apple.com> wrote:

I was actually quite disturbed when I entered the mac address of my *laptop*
on this page:

http://www.samy.pl/mapxss/

and it got my location to within one house (i.e. it attributed it to the
house next door).

This means anyone sniffing my mac address when I am traveling will have a
pretty good idea of where I am from.  My iPhone's MAC address did not
trace....

David Singer
Multimedia and Software Standards, Apple Inc.

Received on Monday, 4 October 2010 19:13:15 UTC