My dad works at google and he says thats not true

yeah just checc the Street View date on your street and if it's recent change your MAC

funny that I just started reading Hacking Exposed and this was one of the first attack vectors detailed

>>55089735
You can only make XHR request to 192.168.1.1 from 192.168.1.1.

>>55090019
Can someone confirm this?

>>55090056
Can't you? This shit is trivial.

>>55090056
Same Origin Policy confirms it.
Otherwise it would have been a major security risk

>literally broadcast your mac address over the air
>give a fuck that someone knows a 6 byte number that only tells them who manufactured my nic

Pick 1

>Request is made to 192.168.1.1
considering that's a reserved address it's not going to tell them shit about me unless they're on my lan already

>>55090142
>>considering that's a reserved address it's not going to tell them shit about me unless they're on my lan already
The request is going to fail for entirely different reason. 192.168.1.1 is not reserved.

>>55089735

You idiot, it's not for locating individual devices, it's for location finding without GPS data, or to assist faster pinpointing, by having a database of fixed wifi hotspots.

The technique was invented by a company called Skyhook, and is used by Apple (and others) for quick pinpointing while GPS locks in, and for devices without a GPS chip.

>>Boom, they know exactly where you live.

No, they know where device with MAC address 01-23-45-67-89-ab-cd-ef is approximately located. It's mostly used for triangulation of multiple devices and their signal strength to give you YOUR approximate location. It's not super accurite and it can break when devices change location or there's old data for the area.

If you don't want companies like this snooping your MAC address, because you're some kind of paranoid idiot or something, don't hide your MAC (because this will break basic networking), hide your SSID.

>>55090167
>192.168.1.1 is not reserved.

Uh, yeah it is. It's a Class C address and cannot be used on the Internet. It's for local LAN addresses only.

>>55090285
sup cisco

>>55090285
Just like any other LAN address. It's not special in any way - the web does not care if it's a LAN address or Internet address. That request will also fail if you make it from 192.168.1.40 to 192.168.1.1

>>55089953
My dad works for Fox news and says it's correct

>>55090285
So if that's the case can you give me an IP thats not reserved?

>>55089735
https://developers.google.com/maps/documentation/geolocation/intro#wifi_access_point_object for anyone who is interested, just took 5 minutes navigating Google's shitty API solution.

If anyone could get a live demo where you just put a MAC address in and retrieve location, then that would be cool, but you first need to know the mac address, and also Google's API doesn't even give you location data on the mac address, it just reports the signal; strength, age, channel and S-T-N ratio, Nor can you get nearby Wifi data through the use of the google street view.

You really think if this worked it wouldn't have been exploited by now?

>>55090335

You'll have to ask IANA.

>>55089735
MAC address is not important for this. It's the SSID's that are monitored. Even if you turn it off on your own router, still other people in your neighbourhood will have unique SSIDs, so they will still be able to pinpoint you.

Well, as long as they have acces to your network driver. I assume google has it for your android phone...

Scary shit!

>>55090360
They said no :(
http://www.networkworld.com/article/2985340/ipv6/arin-finally-runs-out-of-ipv4-addresses.html

>>55090405

I guess you're pretty fucked then.

Or you can go IPv6.

>>55089735
>A XHR Request is made to 192.168.1.1
That's some shitty browser AND router you got there to let that get through.
CORS would prevent your browser from making such a request, unless your router EXPLICITLY allows it. If that's the case, your route manufacturer must hate you.