[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [WEB SECURITY] MachineID fingerprinting

From: "Billy Hoffman" <Billy.Hoffman@xxxxxxxxxxxxxxx>
Subject: RE: [WEB SECURITY] MachineID fingerprinting
Date: Wed, 8 Aug 2007 16:04:59 -0400

Here is a fun one that I have JavaScript code for. It's not secure or
unspoofable. Rather I came up with it as more of unique id for the web
analytics field.

>From JavaScript I gather all of the following:

-All installed browser plugins
-User Agent String
-Intranet IP

Concat them together, MD5.

All the other solutions I've seen here involve installing something on
the client's machine.

Enjoy,
Billy Hoffman
--
Lead Researcher, SPI Labs
SPI Dynamics Inc. - http://www.spidynamics.com
Phone:  678-781-4800
Direct:   678-781-4845
Attend SPICON 2.0 - SPI Dynamics' User Conference - and earn CPE
credits. 
Sign up today at http://www.spicon2007.com/.

-----Original Message-----
From: robert@xxxxxxxxxxxxx [mailto:robert@xxxxxxxxxxxxx] 
Sent: Wednesday, August 08, 2007 12:24 AM
To: websecurity@xxxxxxxxxxxxx
Subject: [WEB SECURITY] MachineID fingerprinting 

Yo list!

Has anyone had any experience with machineid technologies on the list?
Specifically the ability to identify 1 machine
and the ability to identify multiple users on the same machine either
using javascript or via an installed application.

For example Bank of america uses this technology to some exist to
remember your machine and provide
additional challenge responses if it doesn't recognize it. If you've
evaluated a technology and found
it to be worthless I am also interested in finding out why.

Thanks
- Robert
http://www.webappsec.org/
http://www.cgisecurity.com/

------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] MachineID fingerprinting
  - From: robert

References:
- [WEB SECURITY] MachineID fingerprinting
  - From: robert

Prev by Date: Re: [WEB SECURITY] MachineID fingerprinting
Next by Date: Re: [WEB SECURITY] MachineID fingerprinting
Previous by thread: Re: [WEB SECURITY] MachineID fingerprinting
Next by thread: Re: [WEB SECURITY] MachineID fingerprinting
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site