[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] MachineID fingerprinting

From: <robert.purvis@xxxxxxx>
Subject: RE: [WEB SECURITY] MachineID fingerprinting
Date: Wed, 8 Aug 2007 10:51:57 +0100

A web server can identify the IP address of incoming requests - maybe that
is what the Bank of America do. But this can easily be sidestepped if your
request goes through a proxy. 


Robert Purvis 
Principal Technical Specialist 


Systems and Service Delivery 
NHS Connecting for Health 
01392 206691 
robert.purvis@xxxxxxx 
www.connectingforhealth.nhs.uk 

-----Original Message-----
From: robert@xxxxxxxxxxxxx [mailto:robert@xxxxxxxxxxxxx] 
Sent: 08 August 2007 05:24
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] MachineID fingerprinting 

Yo list!

Has anyone had any experience with machineid technologies on the list?
Specifically the ability to identify 1 machine and the ability to identify
multiple users on the same machine either using javascript or via an
installed application.

For example Bank of america uses this technology to some exist to remember
your machine and provide additional challenge responses if it doesn't
recognize it. If you've evaluated a technology and found it to be worthless
I am also interested in finding out why.

Thanks
- Robert
http://www.webappsec.org/
http://www.cgisecurity.com/

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



**********************************************************************
This message  may  contain  confidential  and  privileged information.
If you are not  the intended  recipient please  accept our  apologies.
Please do not disclose, copy or distribute  information in this e-mail
or take any  action in reliance on its  contents: to do so is strictly
prohibited and may be unlawful. Please inform us that this message has
gone  astray  before  deleting it.  Thank  you for  your co-operation.

NHSmail is used daily by over 100,000 staff in the NHS. Over a million
messages  are sent every day by the system.  To find  out why more and
more NHS personnel are  switching to  this NHS  Connecting  for Health
system please visit www.connectingforhealth.nhs.uk/nhsmail
**********************************************************************


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] MachineID fingerprinting
  - From: robert
- Re: [WEB SECURITY] MachineID fingerprinting
  - From: GadgetTrak

References:
- [WEB SECURITY] MachineID fingerprinting
  - From: robert

Prev by Date: [WEB SECURITY] MachineID fingerprinting
Next by Date: Re: [WEB SECURITY] MachineID fingerprinting
Previous by thread: [WEB SECURITY] MachineID fingerprinting
Next by thread: Re: [WEB SECURITY] MachineID fingerprinting
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site