[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] MachineID fingerprinting
- From: "Walt Williams" <walt.williams@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] MachineID fingerprinting
- Date: Wed, 8 Aug 2007 14:30:01 -0400
you may benefit from reading the defcon presentation on how easily
things like this are spoofed.
On 8/8/07, robert@xxxxxxxxxxxxx <robert@xxxxxxxxxxxxx> wrote:
> I am talking about device fingerprinting not IP fingerprinting.
> I am specifically looking for people who have reviewed such technologies and their experiences with them (not
> a vendor response).
>
>
> Regards,
> - Robert
> http://www.webappsec.org/
> http://www.cgisecurity.com/
> >
> > A web server can identify the IP address of incoming requests - maybe that
> > is what the Bank of America do. But this can easily be sidestepped if your
> > request goes through a proxy.
> >
> >
> > Robert Purvis
> > Principal Technical Specialist
> >
> >
> > Systems and Service Delivery
> > NHS Connecting for Health
> > 01392 206691
> > robert.purvis@xxxxxxx
> > www.connectingforhealth.nhs.uk
> >
> > -----Original Message-----
> > From: robert@xxxxxxxxxxxxx [mailto:robert@xxxxxxxxxxxxx]
> > Sent: 08 August 2007 05:24
> > To: websecurity@xxxxxxxxxxxxx
> > Subject: [WEB SECURITY] MachineID fingerprinting
> >
> > Yo list!
> >
> > Has anyone had any experience with machineid technologies on the list?
> > Specifically the ability to identify 1 machine and the ability to identify
> > multiple users on the same machine either using javascript or via an
> > installed application.
> >
> > For example Bank of america uses this technology to some exist to remember
> > your machine and provide additional challenge responses if it doesn't
> > recognize it. If you've evaluated a technology and found it to be worthless
> > I am also interested in finding out why.
> >
> > Thanks
> > - Robert
> > http://www.webappsec.org/
> > http://www.cgisecurity.com/
> >
> > ----------------------------------------------------------------------------
> > Join us on IRC: irc.freenode.net #webappsec
> >
> > Have a question? Search The Web Security Mailing List Archives:
> > http://www.webappsec.org/lists/websecurity/
> >
> > Subscribe via RSS:
> > http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >
> >
> >
> > **********************************************************************
> > This message may contain confidential and privileged information.
> > If you are not the intended recipient please accept our apologies.
> > Please do not disclose, copy or distribute information in this e-mail
> > or take any action in reliance on its contents: to do so is strictly
> > prohibited and may be unlawful. Please inform us that this message has
> > gone astray before deleting it. Thank you for your co-operation.
> >
> > NHSmail is used daily by over 100,000 staff in the NHS. Over a million
> > messages are sent every day by the system. To find out why more and
> > more NHS personnel are switching to this NHS Connecting for Health
> > system please visit www.connectingforhealth.nhs.uk/nhsmail
> > **********************************************************************
> >
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
--
Walt Williams, CISSP, SSCP
----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec
Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/
Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|