This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Social Zombies Gone Wild: Totally Exposed and Uncensored

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Owasp logo normal.jpg
Geolocation technology has significantly evolved over the years. Early use began with simple IP lookups and GPS coordinates. Today, it has evolved to determining your location from cell towers, Wifi access points and more. In fact, geolocation is one of the fastest growing technologies being implemented in everything from web browsers to mobile devices and of course, social networks. This is often implemented and enabled without the user even knowing it.

Social networks have jumped onto the geolocation bandwagon with location-based tweets, status updates, check-ins, mayorships, scavenger hunts and more. This doesn't take into account EXIF, QR codes, advancements in HTML 5 geo implementations and other technology. As social networks throw our location coordinates around like candy, it’s only natural that bad things will happen and abuse of this technology will become more popular.

This presentation will cover how social networks are currently using geolocation, what they plan on doing with it, and a discussion on the current privacy and security issues facing this technology. In addition, the latest tools, techniques and code released by the presenters will be discussed, which can be used to abuse geolocation for the ultimate in location-based stalking power.

Kevin Johnson and Tom Eston

Kevin Johnson is a security consultant and founder of Secure Ideas. Kevin came to security from a development and system administration background. He has many years of experience performing security services for fortune 100 companies, and in his spare time he contributes to a large number of open source security projects. Kevin's involvement in open-source projects is spread across a number of projects and efforts. He is the founder of many different projects and has worked on others. He founded BASE, which is a Web front-end for Snort analysis. He also founded and continues to lead the SamuraiWTF live DVD. This is a live environment focused on Web penetration testing. He also founded Yokoso and Laudanum, which are focused on exploit delivery. Kevin is a certified instructor for SANS and the author of Security 542: Web Application Penetration Testing and Ethical Hacking. He also presents at industry events, including DEFCON and ShmooCon, and for various organizations, like Infragard, ISACA, ISSA, and the University of Florida.

Tom Eston is a Senior Security Consultant for SecureState. Tom has previously served in many security roles for large enterprises including leading a penetration testing team for a Fortune 500 financial institution. Tom is actively involved in the security community and focuses his research on the security of social media. He is the founder of which is a website dedicated to exposing the insecurities of social media. Tom is also a security blogger, co-host of the Security Justice and Social Media Security podcasts and is a frequent speaker at security user groups and national security conferences including Notacon, OWASP AppSec, Defcon and Shmoocon.