Location data tracked by iOS and Android devices

Security researchers discovered this week that iOS devices continuously track users physical location and store this data on the device. The data is also sync’d with your desktop if you use iTunes. What’s interesting is apparently this has been long known by Law Enforcement Agencies, who can use this data in investigations. This data is also transmitted back to Apple every 12 hours.

Android devices apparently also report location data back to Google – it sounds like WiFi MAC address location data is sent back to help triangulate a users location to provide location based services using this map of collected MAC addresses. This is similar to the MAC address collection that Google got into trouble for when they collected similar data from their StreetView cars (when they arguably collected far more than just MAC addresses and the location).

Browser security beaten in pwn2own hacker contest

Browser security topples this week, first Safari then IE8, in a contest to demonstrate the ability to execute native code and save files to the host machine’s file system via vulnerabilities in the browsers.

Safari was first to fall, followed by IE8. No results for Chrome yet, and no contestant signed up to challenge Firefox. Mobile phone browser next up.

Enabling SSL for Apache2 on Ubuntu

Edit /etc/apache2/apache2.conf – add:

LoadModule      ssl_module /usr/lib/apache2/modules/mod_ssl.so

Generate SSL certificates:

https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

Add SSL config and 443 port to a new Virtual Host in apache2.conf – for example:

<VirtualHost *:443>
ServerAdmin your_admin@email.com
DocumentRoot /var/www/your_doc_root
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile path/to/server.crt
SSLCertificateKeyFile path/to/server.key
ServerName your.server.name
DirectoryIndex index.php
</VirtualHost>

Add a listen port on 443 to /etc/apache2/ports.conf:

NameVirtualHost *:443