[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] MachineID fingerprinting

From: robert@xxxxxxxxxxxxx
Subject: Re: [WEB SECURITY] MachineID fingerprinting
Date: Wed, 8 Aug 2007 13:25:07 -0400 (EDT)

I am talking about device fingerprinting not IP fingerprinting. 
I am specifically looking for people who have reviewed such technologies and their experiences with them (not
a vendor response).


Regards,
- Robert 
http://www.webappsec.org/
http://www.cgisecurity.com/
> 
> A web server can identify the IP address of incoming requests - maybe that
> is what the Bank of America do. But this can easily be sidestepped if your
> request goes through a proxy. 
> 
> 
> Robert Purvis 
> Principal Technical Specialist 
> 
> 
> Systems and Service Delivery 
> NHS Connecting for Health 
> 01392 206691 
> robert.purvis@xxxxxxx 
> www.connectingforhealth.nhs.uk 
> 
> -----Original Message-----
> From: robert@xxxxxxxxxxxxx [mailto:robert@xxxxxxxxxxxxx] 
> Sent: 08 August 2007 05:24
> To: websecurity@xxxxxxxxxxxxx
> Subject: [WEB SECURITY] MachineID fingerprinting 
> 
> Yo list!
> 
> Has anyone had any experience with machineid technologies on the list?
> Specifically the ability to identify 1 machine and the ability to identify
> multiple users on the same machine either using javascript or via an
> installed application.
> 
> For example Bank of america uses this technology to some exist to remember
> your machine and provide additional challenge responses if it doesn't
> recognize it. If you've evaluated a technology and found it to be worthless
> I am also interested in finding out why.
> 
> Thanks
> - Robert
> http://www.webappsec.org/
> http://www.cgisecurity.com/
> 
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/
> 
> Subscribe via RSS: 
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
> 
> 
> **********************************************************************
> This message  may  contain  confidential  and  privileged information.
> If you are not  the intended  recipient please  accept our  apologies.
> Please do not disclose, copy or distribute  information in this e-mail
> or take any  action in reliance on its  contents: to do so is strictly
> prohibited and may be unlawful. Please inform us that this message has
> gone  astray  before  deleting it.  Thank  you for  your co-operation.
> 
> NHSmail is used daily by over 100,000 staff in the NHS. Over a million
> messages  are sent every day by the system.  To find  out why more and
> more NHS personnel are  switching to  this NHS  Connecting  for Health
> system please visit www.connectingforhealth.nhs.uk/nhsmail
> **********************************************************************
> 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- RE: [WEB SECURITY] MachineID fingerprinting
  - From: White, Dain P
- Re: [WEB SECURITY] MachineID fingerprinting
  - From: Walt Williams

References:
- RE: [WEB SECURITY] MachineID fingerprinting
  - From: robert.purvis

Prev by Date: RE: [WEB SECURITY] MachineID fingerprinting
Next by Date: RE: [WEB SECURITY] MachineID fingerprinting
Previous by thread: RE: [WEB SECURITY] MachineID fingerprinting
Next by thread: RE: [WEB SECURITY] MachineID fingerprinting
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site