Session: How To Track Down Your Ex(if) :: Adding Jpeg Exif detection to your penetration regiment and learning how to practice Safe (s)Exif
Abstract: We unintentionally distribute GPS data with every photograph, including indoor pictures. This talk will describe a real-world scenario involving remote education site where teachers & students exposed their confidential home address via profile pictures. Two new ZAP & Burp plug-ins will be released to automate the GPS data discovery during normal security assessments. In addition, suggestions for websites to protect their users and to remove the GPS data will also be provided.
