Hello, welcome to the Thursday, February 16th, 2017 edition of the Santernet Storm Center's

Stormcast. My name is Johannes Ulrich, and the day I'm recording from San Francisco, California.

In case you missed the RSA keynote panel today with at Mike Allen and myself, there is a summary

on the Sands website with what we talked about.

Also, RSA will have a follow-up webcast within about a month. The exact date hasn't been set yet.

We got, I think, far over 100 questions, so only got through a couple of them and hopefully will be able

to answer some of the remaining question during that follow-on webcast.

But with that, Xavier also had a great diary today with preferred network lists.

That's a problem that you have in a lot of wireless clients where

they remember the last few Wi-Fi networks they connected to and then try to

reconnect to them when they come online now if you sniff for that and that's what

Xavier goes through here you will be able to enumerate the SSIDs they're trying to connect to.

And then with public services, you'll be able to geolocate them.

Of course, once the client connects to your Wi-Fi network, you may get additional information,

particular iOS and OS10 devices, of a sort of the device name, which is usually, or at least

the default configuration, the name of the owner of the device.

So by combining those two datasets, you essentially know who the owner is of the device and

can then check what prior networks that owner connected to.

And that's essentially what Xavier is talking about here.

Not really a new problem.

These preferred network lists are very well known,

but Xavier sort of walks you through the process

...