Russell Mickler 2/2/14 Russell Mickler 2/2/14

Remove GPS Data from iPhone Pictures

The iPhone, like many modern cell phones, can take pictures. When those pictures are taken, information about the location of where the picture was taken is embedded into the photo. This is called metadata, and specifically it's referred to as a geotag.

Geotags are an interesting feature in that they can be pulled up on a map, then, sequenced in time to replay where you were when the photo was taken, even down to the very accurate location of a room within a household.

Very clever and fun. Until you start thinking about children using iPhones - their privacy and security become compromised in that it lays out a predictable pattern of their whereabouts.

Photos (along with the metadata) are uploaded conveniently into social media networks and distributed to whomever in uncontrolled ways.

This date is also used by professional computer forensics technicians (hey, like me!) to identify potential evidence in the court of law.

Further, if someone wanted to "case" another (a term used in hacking meaning we collect personal private information about individuals in order to break into their accounts), geotagging provides a unique and easy exploit. Imagine a stalker determining the predictable locations and timing to harm a victim?

So ... You may be curious on how to turn off geotagging on your iPhone or iPad.

1. Go to Settings.

2. Privacy.

3. Location Services.

4. Camera Setting and flip to OFF position.

Doing this will prevent the device from storing geo-tag metadata in future photographs. The photos you've already taken and uploaded probably already have the geotag information in them and it cannot be removed, other than deleting the photo, or, Using an app like deGeo (you can find it in the iTunes App Store).

It's not perfect, but it is one step you can take to control the distribution of your whereabouts, and the whereabouts, safety, and privacy of your children.

Russell Mickler 2/20/08 Russell Mickler 2/20/08

2007 CSI Computer Crime Survey

The 2007 CSI Computer Crime Survey is available for public consumption. Further, an Oct 9, 2007 Webcast is available for viewing.

Interesting about this year's survey:

1. The gradual decline of reported incidents (page 14). All of the usual threat metrics are either in a downward trend or are stable (virus attacks, phishing, IM abuse, telecom fraud, etc.). In terms of reported incidents, what is up this year and quite dramatically are insider (employee) abuses of Internet access.

2. The fact that 74-percent of respondents only spent 0%-5% of their annual IT budgets on IT security this last year (page 8). This number is surprising to me. It suggests that the security problem has either become a non-issue or lacks total priority. If the metrics are any indicator, it would seem that in terms of reported incidents, technical vulnerabilities are being contained in corporate America better than ever before, and this places less emphasis on the security function. Good news for consumers and businesses; bad news for information security consultants and technology professionals. Automation and better-designed products/services are fixing the glaring problems.

3. The effects of SOX on IT security (page 26). This was actually spotted by one of my students - credit where credit is due. The survey would suggest that many respondents do not feel that increased IT governance has improved the IT security problem, nor do they feel that the emphasis has moved away from security to governance. The transparency offered by SOX and better IT governance isn't making a better difference in information security for a bulk of respondents? Eh? Seems contradictory to the academic, but maybe techheads in the field feel that the frontline battles are still fought tooth and nail, and have nothing to do with better oversight or management? This one is a little hard to read and is counter-intuitive, but is interesting nonetheless.

Russell Mickler 5/22/06 Russell Mickler 5/22/06

26 Million Records for Veterans Lost

Extraordinary: http://msnbc.msn.com/id/12916803/

A Veteran's Affairs Analyst had a disk of greater than 26 million PPI (Personal Private Information) records for veterans stollen from their own home. This kind of problem demonstrates the lack of attention paid to basic Administrative, Technical, and Physical (ATP) controls that technology strategists use to guarantee the confidentiality, integrity, and availability of the information system. Indeed, it really reflects a lack of Administrative control placed over the movement of data.

Yet, almost certainly, there will be no prosecution of a negligence case either against the government agency or the individual who took the unauthorized information home with them.

Simply extraordinary. A pat on the wrist and "an abundance of caution" warning to veterans, and a slap on the wrist. Amazing this isn't being prosecuted under HIPAA given the data came from medical records.

R
www.micklerandassociates.com