Smartphones with GPS can tag your pictures with the exact PIC location

Article Re Published By Popular Demand 

Originally Published January 20 2012 in Yahoo News

Author's comment:

Due to recent 2021 court cases, both criminal and civil, this subject is more relevant than ever. Follow the instructions given in the article and you will be able to edit the picture metadata. I just checked the Exif Tag Remover link in the article and is alive and working, January 2022.

By Cesar Ortiz

Smartphones GPS chips can tag your shared pictures with the precise location where your picture was taken. Most of the features comes as default "active" on smartphpones and digital cameras. This also applies to pictures taken with modern digital cameras who have GPS features built in. On older digital cameras, geotagging, as it is called, is also used but will provide mostly details of the camera who took the picture, information about the picture name assigned in your PC and date and time the photo was taken. Do you want to share that information with others?  If not, use one of the free geotagg or metadata  viewing software available to see what your camera is tagging in hidden form., I use the one from "Jeffrey's".

If you don't like the hidden information in the picture, remove the metadata or geotagg function from your digital stand alone camera by checking your user manual or vendor.On digital photos already taken, you can edit your picture using a Windows or Mac built in photo editor and remove the metada by hand or buy any of the many #metadata removing tools available in the web.  I use the EXIF Tag Remover Free Trial,  if you decide to buy is $19.95. Your pretty picture taken in your home and posted  in Twitter, Facebook and other social media may be telling the world where do you exactly live. Always assume that a picture you are "sharing" with friends can be intercepted and compromised by posting it somewhere by your friend.

Sadly, there are bad people that look for that type of information. If you comment the photo with "I will be away for such and such days" you are providing an invitation for a burglary. Please notice that disabling Location Services will affect any application that uses GPS. Personally, I don't disable the "Location" option in my devices, I just edit the pictures taken and remove the Geotagg info inserted by Location Services. To remove the  geotagging option or function, (to prevent the device from inserting the info in your picture at all times), on smart phones follow the steps below:
On the Iphone= Go to Settings, General, Location Service and turn off Geotagging.
On Android= Go to Options, Device, Location Settings, Location Services, select "Location Off".

On other smart phones the instructions to remove the geotagging function permanently are similar. Check with your phone provider.
(c) Cesar Ortiz

Vulnerability in a Browser(s) and Users Tricked to Copy-Paste a JavaScipt May Explain The Facebook Wave of Pornographic and Violent Spam.

Article first published as "Browser Vulnerability, Tricked Users May Explain Disturbing Facebook Spam" on Technorati.
By Cesar Ortiz
Facebook claims to have found an explanation of the current wave of spam attacks, including explicit hardcore porn images, videos, photo shop created photos of celebrities like Justin Bieber in sexual situations, pictures of extreme violence and even photographs of animal cruelty. These are among many gross pictures being propagated. Users tend to see the images posted on a friend’s account, visible to everyone but the friend in question. Facebook’s latest statement says the root of the attack is a malicious JavaScript that some users were tricked into copy and then paste to their browser URL address bar. Facebook released this statement:

 Beginning of quote

“Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this spam attack users were tricked into pasting and executing malicious java script in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.”

End of quote

Hackers are tricking users to manually do a copy-paste. This cross-site scripting mainly allows an attacker to execute JavaScript code in your browser that can access and control the website you are interacting with. Facebook says that users were being tricked to copy and paste the offending JavaScript into their address location bar in the affected web browser, but does not identify the specific browser.

The modus operandi of the hackers is to entice you to do a copy- paste. Users are manually spreading the scam unwillingly. Users are told to “"Erase everything in your address bar, copy and paste the code below, and press enter" this is not just any URL, its full-fledged JavaScript code that will initiate the posting of the porno and violent spam to your friend’s news feed. Why the scammers use the “copy-paste” option? Scammers are using a java script. Users are in fact entering and executing the script for the scammers. The “click to a link” method makes the whole task very hard and leaves ID traces, therefore the use of the copy-paste option. The hook to prompt users to do the copy-paste is changed constantly, may be “free Starbucks coffee for a month” or to warn fellow media users of “some danger”, etc. If someone, even a friend, in any social media asks you to do a copy-paste, beware!

Who is behind this campaign? Facebook uses the word “coordinated” to describe the attack. It could mean several servers, possibly in several locations, at the same time. This time is not that a hacker or a scammer wants to steal your hard earned money or your identity. This is a concerted sophisticated effort to harm and disgrace facebook.

Users who are victims of this scam should do the following (1) Remove any related items from your facebook Newsfeed wall page (2) Notify your friends and make sure you explain that you sent them the scam posting unwillingly (3) Run your Anti-Virus in full mode and set it to real time scanning.