|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
How would knowing the user's MAC address be helpful in any way or form for its intended purposes provided by Javascript/Silverlight/Flash? (Hint: it doesn't.)
- Flash/Silverlight are only used to Inject DLL into your system, and that DLL can go to a deeper level of your system to get everything from MAC to windows registry. You can't get MAC address solely through Flash/Silverlight, that's why they use some Flash Functionalities to Inject DLL into your system.
- JS has exploits too, Look at recent Intel exploits that gone wild over the web. https://react-etc.net/entry/exploiti...via-javascript
- https://www.theregister.co.uk/2018/0...vulnerability/
Anyways, DLL gather all info about hardware information, not just MAC and this can be used to track you easily. That's all it about!
|
The complete step-by-step guide to get back to selling today!
| |
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
I do not think there are still dumb people who do IP ban. They use fingerprinting too because IP's are dynamic and innocent users will have impact from this.
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts | And what exactly does this have anything to do with a website being able to find your MAC address exactly? Quote:
Originally Posted by iloveghosts 3. Yes, there are countries where you can do Ph.D. in Browser Fingerprinting. I have more degrees than this one. | And I'm the king of Nigeria, among with several other thrones in the world. Quote:
Originally Posted by iloveghosts 4. You are lazy, CTRL+F does not work 100% on PDF's | That PDF is entirely searchable. You just didn't even bother reading what you linked, as the keywords "MAC" and "silverlight" were simply not mentioned at all. Quote:
Originally Posted by iloveghosts Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix | What exactly are these? Googling these exact lines yields nothing. Quote:
Originally Posted by iloveghosts A part of that researcher paper which describes DLL Injection through Flash/Silverlight :
[omitted] | And once again, what does any of this anything to do with your MAC address being seeable by websites under normal circumstances? Security exploits within application frameworks has nothing to do with regular website tracking, and hackers have much better uses for them than trying to figure out what your MAC address is (at the risk of having a zero-day exploit being discovered and patched). Quote:
Originally Posted by iloveghosts I do not think there are still dumb people who do IP ban. They use fingerprinting too because IP's are dynamic and innocent users will have impact from this. | By your logic, you're literally calling every single server host dumb. Banning IPs (usually for an extended period of time) is simply the most straightforward and effective way to mitigate malicious network activities.
The firewall in your very own router in your house even bans remote IPs to mitigate potential attacks such as packet flooding, if it detects such pattern of activity. Are you also calling yourself dumb in this case?
Last edited by BiN4RY; 05-25-2018 at 02:42 AM.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
For those who think Canvas Add-ons can fix Canvas Problems, Check this http://kkapsner.github.io/CanvasBloc...ctionTest.html |
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY And what exactly does this have anything to do with a website being able to find your MAC address exactly?
And I'm the king of Nigeria, among with several other thrones in the world.
That PDF is entirely searchable. You just didn't even bother reading what you linked, as the keywords "MAC" and "silverlight" were simply not mentioned at all.
What exactly are these? Googling these exact lines yields nothing.
And once again, what does any of this anything to do with your MAC address being seeable by websites under normal circumstances? Security exploits within application frameworks has nothing to do with regular website tracking, and hackers have much better uses for them than trying to figure out what your MAC address is (at the risk of having a zero-day exploit being discovered and patched).
By your logic, you're literally calling every single server host dumb. Banning IPs (usually for an extended period of time) is simply the most straightforward and effective way to mitigate malicious network activities.
The firewall in your very own router in your house even bans remote IPs to mitigate potential attacks such as packet flooding, if it detects such pattern of activity. Are you also calling yourself dumb in this case? |
I have never seen such an ignorant ever in my life. We live in 21 century with ML solutions. There are ML solutions that detect and block attacks without banning IP's. Machine Learning is powerful, Nowadays people copy your face and voice with machine learning. (Deep⊗⊗⊗⊗).
Keywords MAC and Silverlight not mentioned on that paper, because they used an alternative paragraph to describe the working of that company in lengthy. Do you think researchers use Simple Words to describe everything? It will be not a research paper based on your logic.
Refer :
"are able to reveal information belonging to layers “below” the user’s browser –
including but not limited to hardware identifiers, machine name, Windows installation date and Digital Product Id, installed system drivers and so forth. "
Learn how to read Doctor. Nigerian Prince!
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
Originally Posted by iloveghosts View Post
Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix
What exactly are these? Googling these exact lines yields nothing.
Answer - You are dumb Canadian who does not listen to other people. You clearly can see what are those if you read that paper or you do not understand about Windows or Flash.
These all are trackers, that gets information from a deeper level of your system,
BLUECAVA tracker use SFP to get Windows Registry, and that article described they also inject DLL to get the more deep level of hardware information using Injected DLL.
iovation ReputationManager use SFP to get MSIE Product key, and that article described they also inject DLL to get the more deep level of hardware information using Injected DLL.
ThreatMetrix use Flash to get OS & kernel version, and Real IP (Demo http://browserleaks.com/flash)
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
And what exactly does this have anything to do with a website being able to find your MAC address exactly?
- you said that card Bruteforcing is impossible, so I provided you sources that make it possible...
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible?
At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.
PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means
Last edited by BiN4RY; 05-25-2018 at 03:16 AM.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
What does any of this anything to do with your MAC address being seeable by websites under normal circumstances?
This can be used to track you uniquely across users or make tracking your computer easier. Iovation can track you even you change your OS, Browser.
See page 2 : https://djnvkv0aa8g5w.cloudfront.net...tion-brief.pdf
Cookies are dead, Now people do not need care about Cookies. Honestly, I do not have access to source codes of Commerical Tracking Companies show you demo but you can contact authors of that research paper.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.
PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means | I'm not trolling anyone. I answered TC Question in more detailed. I'm also tired fighting with you!
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY At this point, I'm pretty convinced you're just a troll and this isn't worth my time anymore. I'm not sure what exactly you're trying to accomplish here, but good luck to whatever you're trying to do.
PS: still waiting for you to provide concrete proof on how you can get a MAC address through a website by normal means | I actually came to this forum to ask about fixing TCP fingerprint. I still waiting for someone who can help me out.
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts I actually came to this forum to ask about fixing TCP fingerprint. I still waiting for someone who can help me out. | TCP fingerprinting is only useful for inferring what the target OS is, since every implementation of the TCP stack uses different parameters for the packet's header.
Why does this bother you in the first place? Websites can get your OS version easily through trivial means, and the target OS inferred through TCP's header parameters serves no usefulness for further tracking purposes.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY TCP fingerprinting is only useful for inferring what the target OS is, since every implementation of the TCP stack uses different parameters for the packet's header.
Why does this bother you in the first place? Websites can get your OS version easily through trivial means, and the target OS inferred through TCP's header parameters serves no usefulness for further tracking purposes. | it bothers me because of TCP OS Mismatch with Browser Reported OS. I want to modify this. I heard this needed to modify in kernel level. PayPal definitely checks this one.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
TCP Fingerprint is still useful and is already used by dozens of companies including PayPal.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
TCP leaks Time, Language, Connection Type too not just OS.
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts it bothers me because of TCP OS Mismatch with Browser Reported OS. I want to modify this. I heard this needed to modify in kernel level. PayPal definitely checks this one. | You cannot change these parameters, and these inference does not always accurately identify your OS. You're honestly over-complicating things for yourself, and this isn't something you need to worry about.
If it makes you sleep better, use a virtual machine running the same OS as whatever OS you're trying to spoof. Quote:
Originally Posted by iloveghosts TCP leaks Time, Language, Connection Type too not just OS. | Information like system time and language are not part of the TCP header, thus it's not possible for them to be leaked by TCP itself. If this information does get out, some other networking services running above the transport layer leaked it instead.
|
05-25-2018
| | Executive [VIP] | | Join Date: Dec 2009
Posts: 76,088
Thanks: 5,945
Thanked 8,937 Times in 8,228 Posts
Activity: 100% Longevity: 83% | | Re: MAC address detection by eb/pp.. Possible?
Very nice IT talk going on back and forth with the lingo |
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
Not true. Check this tool witch.valdikss.org.ru as a demo.
Check this article too : https://wiki.mozilla.org/Fingerprinting
"Clock skew measurement exposed by the operating system at the TCP level"
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? https://patents.google.com/patent/US9596238
In case, you need more information check this out!
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
Holy moly. Patent was issued for Paypal. I just found that out!
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts | Do you ever read what you post, or do you always assume you know what an article is about just by reading the title alone?
This patent describes how your network latency (aka ping), not system clock, can be used to estimate your rough geographic location. If Paypal is in the US and you claim to be in the US, an average network latency of 500ms between you and Paypal indicates you may not be in the US after all.
This concept is nothing new, and will never be used as a strong indicator for tracking since it's also not reliable/consistent. A congested network route will also throw off your network latency, for example.
I'd expect you know about computers a lot better than this for someone that has a "PhD in Browser Fingerprinting".
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY Do you ever read what you post, or do you always assume you know what an article is about just by reading the title alone?
This patent describes how your network latency (aka ping), not system clock, can be used to estimate your rough geographic location. If Paypal is in the US and you claim to be in the US, an average network latency of 500ms between you and Paypal indicates you may not be in the US after all.
This concept is nothing new, and will never be used as a strong indicator for tracking since it's also not reliable/consistent. A congested network route will also throw off your network latency, for example.
I'd expect you know about computers a lot better than this for someone that has a "PhD in Browser Fingerprinting". | I highly doubt your reading skills. That patent talk about clock drift, clock skew, and network latency. So three things, They use TCP/ICMP Clock Skew and clock drift on Machine Plus they measuring network latency using one of following ways,
1. Time from the source sending a packet to the destination receiving it
2. Round-trip Time (the one-way latency from source to destination plus the one-way latency from the destination back to the source)
Clock Skew, Clock Drift, Network Latency are three different things and not related to each other.
To me, you are ignorant who don't want to believe in Advanced Fingerprinting. I honestly tell everyone that this guy is selfish, he does not want the truth to go out.
| | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts HTML code is Off | | | |