Apple security flaw in wifi implementation

Hi- The article you sent indicates that there is uncertainty whether Mac computers broadcast a previously connected SSID. But this post http://seclists.org/dailydave/2012/q1/65 from Wuegler says it does but has not publicly released a demonstration of this. Macs do send a unicast packet to the MAC address of the 3 most recently connected routers or APs (probably due to apple dhcp autoconfig) , thus exposing the mac address of those devices. And I'm not so sure "linksys" will be unique enough to find a home address :) Actually one thing I'm curious about. - Does anyone know whether Google actually provides an api to allow searches of the data it uses for location services - I know it used to provide a geolocation lookup service(address to geo-coordinates), and there are generalized ip to geocode services out there, but I don't see how just anyone can get access to the MAC and SSID info Google appears to be collecting from android handsets? http://support.google.com/maps/bin/answer.py?hl=en&answer=1725632 I found this which says no longer available http://code.google.com/apis/gears/api_geolocation.html - I would be curious to actually look at that db. -- Shanna Leonard ssl@email.arizona.edu ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

WiGLE.net does allow searches. We all were amused to see our neighbor's SSID's on there. Based on changes to our wireless environment here at SSU that are reflected on that site, it's accurate to inside of a year. The guys over on the Security list pretty much scoffed at this as an issue. I won't editorialize, but my personal opinion is, if the flaw is easy to exploit, then we should be concerned. I hide my SSID ;) -Brian