Publications

My vacation photos

Yes, it’s that time of the year again! People from all around the world try to escape the heat and pollution of the big cities and find much more enticing options. Once the vacation is over and we are all back to work, what does everybody do first?

Publish photos, of course!

Few people know though, there’s more to a photo than just the image. Each photo taken with a digital camera has a number of interesting information inside. Most of this interesting information can be found in the EXIF field of the JPG file:

There are many programs that read the EXIF fields of a photo, for instance, IrfanView. In the case of the photo from above, we can see it was taken with a Sony DSC-W300 camera. This is a small, compact Point and Shoot camera from Sony that has been discontinued. Due to the financial crisis or maybe other reasons, the person who took the photo did not chose to buy a newer model yet.

The date is also interesting. It was taken at 1:30am (camera time, GMT+2), on September 18, 2009, but the sun is still shining. There are some people in the sea but very few on the beach, meaning, it is either very early in the morning or late, around sunset. In this particular case, the local time was 18:30; I’ll let you all guess the location.

What other information can be found inside a photo? iPhones are particularly interesting because they embed the GPS coordinates for the place where the photo was taken. In the case of the photo above, the GPS coordinates would have looked like this:

Why is this important? Well, a photo taken in your home or at your vacation apartment might include the exact GPS position, giving clues to thieves or other malicious people. Another case is when, say, an American citizen travelling to Cuba might not want to share that information publicly, though she/he might still want to share the photos nevertheless.

There are quite a few free tools to wipe the EXIF information from a photo before uploading it. One such tool is “JHead” – by Matthias Wandel.

Interestingly, when you upload a photo on Facebook, it wipes the EXIF information by default. Not so on other websites though, such as Flickr and Twitpic.

So, be careful out there when you publish your photos online if you don’t want the people to know where they’ve been taken, when and which camera you used!

PS: The first person that finds the exact location where the beach photo in the blog was taken and comments will get a prize from us. 🙂

Update, Aug 2 2010: Thanks all for sending your answers! The correct answer was Varadero, Cuba. Congratulations to Deane Mallinson who was the fastest to comment with the correct location and to Chainer for a very precise answer. Deane and Chainer, we’ll get in touch with you regarding the prize!

My vacation photos

Your email address will not be published. Required fields are marked *

 

Reports

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Andariel evolves to target South Korea with ransomware

In April 2021, we observed a suspicious Word document with a Korean file name and decoy. It revealed a novel infection scheme and an unfamiliar payload. After a deep analysis, we came to a conclusion: the Andariel group was behind these attacks.

Subscribe to our weekly e-mails

The hottest research right in your inbox