|
04-08-2016
| Junior Member | | Join Date: Apr 2016
Posts: 13
Thanks: 12
Thanked 2 Times in 2 Posts
Activity: 0% Longevity: 46% | | MAC address detection by eb/pp.. Possible?
Found an old thread from 2012 that all participants agree this is not possible..
Would like to have an updated input on the matter by members..
Has eb/pp technology/techniques progressed that far so they are today able to detect their users mac address?
|
The complete step-by-step guide to get back to selling today!
| |
04-08-2016
| | Super Moderator | | Join Date: Oct 2013
Posts: 5,552
Thanks: 1,073
Thanked 1,657 Times in 1,251 Posts
Activity: 22% Longevity: 61% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by PolMart Has eb/pp technology/techniques progressed that far so they are today able to detect their users mac address? | No absolutely no. They can't see your MAC address.
|
04-08-2016
| Senior Member | | Join Date: Jan 2016
Posts: 78
Thanks: 5
Thanked 14 Times in 10 Posts
Activity: 0% Longevity: 48% | | Re: MAC address detection by eb/pp.. Possible?
Nope not MAC detection, as yet. |
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
Yes. It's possible to get your MAC with following scenarios.
1. Internet Explorer ActiveX
2. Flash & Silverlight
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
I want to add another method. There is another way to get this using Bruteforcing but this requires a lot of computer power.
Lastly, Some advertisers can see your mac address when you log in to manage the router. This depends on your ISP. I do not think they share that info with PayPal. I just talking about possibilities.
|
05-24-2018
| | Executive [VIP] | | Join Date: Nov 2013
Posts: 8,983
Thanks: 2,744
Thanked 3,109 Times in 2,282 Posts
Activity: 0% Longevity: 60% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts Yes. It's possible to get your MAC with following scenarios.
1. Internet Explorer ActiveX
2. Flash & Silverlight
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell. | Do you work for the government or hide from the government?
|
05-24-2018
| | Administrator | | Join Date: Jan 2007
Posts: 11,373
Thanks: 3,072
Thanked 4,230 Times in 1,792 Posts
Activity: 1% Longevity: 100% | | Re: MAC address detection by eb/pp.. Possible?
The thing is we access these "WEBSITES" using a web browser. The apps/plugins that were weak before are generally not used anymore because people could learn more about you than what is allowed by your web browser.
Your web browser protects you believe it or not. Now if you use a web app or mobile app, those are not web browsers.. those generally give a lot more information about you away.
Currently, unless you purposely give away permission, mac address is not given away by your web browser.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by aspkin The thing is we access these "WEBSITES" using a web browser. The apps/plugins that were weak before are generally not used anymore because people could learn more about you than what is allowed by your web browser.
Your web browser protects you believe it or not. Now if you use a web app or mobile app, those are not web browsers.. those generally give a lot more information about you away.
Currently, unless you purposely give away permission, mac address is not given away by your web browser. | I know that these plugins not enabled by default, but some people tend to click on it and enable on some sites and there are flash exploits that begin sold by Zerodium to companies.
I know one exploit being used by Iovation, that they use flash and inject DLL into your system and that DLL gather everything from hard drive to mac.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by yankee Do you work for the government or hide from the government? |
I have a PhD in browser fingerprinting.
|
05-24-2018
| | Senior Member | | Join Date: Jul 2016
Posts: 990
Thanks: 169
Thanked 412 Times in 270 Posts
Activity: 0% Longevity: 45% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts I have a PhD in browser fingerprinting. | What was you old username? MLADen?
He wrote more elegantly than you do though.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by nate What was you old username? MLADen?
He wrote more elegantly than you do though. | I do not remember it either.
|
05-24-2018
| | Senior Member | | Join Date: Jul 2016
Posts: 990
Thanks: 169
Thanked 412 Times in 270 Posts
Activity: 0% Longevity: 45% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts I do not remember it either. | That was a joke... He's the one who created the Canvas Fingerprint Chrome addon.
You said you had a PHD in browser fingerprinting....
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by nate That was a joke... He's the one who created the Canvas Fingerprint Chrome addon.
You said you had a PHD in browser fingerprinting.... | That addon produces ⊗⊗⊗⊗ canvas fingerprint that easily can be analyzed and mark as ⊗⊗⊗⊗.
I did not make any add-ons, but most canvas add-ons are produced ⊗⊗⊗⊗ canvas which not looks real to analytic systems.
|
05-24-2018
| | Administrator | | Join Date: Jan 2007
Posts: 11,373
Thanks: 3,072
Thanked 4,230 Times in 1,792 Posts
Activity: 1% Longevity: 100% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts
I know that these plugins not enabled by default, but some people tend to click on it and enable on some sites and there are flash exploits that begin sold by Zerodium to companies.
I know one exploit being used by Iovation, that they use flash and inject DLL into your system and that DLL gather everything from hard drive to mac. | It's good that we tell people not to do that not only in eBay Stealth but throughout this forum. This is a non issue.
|
05-24-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts 1. Internet Explorer ActiveX | ActiveX is more or less dead at this point, so this is not something to be worried about. Quote:
Originally Posted by iloveghosts 2. Flash & Silverlight | No, you cannot get MAC address from either of these. Quote:
Originally Posted by iloveghosts 3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell. | This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.
People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances.
Last edited by BiN4RY; 05-24-2018 at 01:21 PM.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY ActiveX is more or less dead at this point, so this is not something to be worried about.
No, you cannot get MAC address from either of these.
This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.
People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances. | You need to understand that you have to go into School. There are many Flash & Silverlight tricks to get your mac address, hard drive id, as well as there, are zero-day exploits that can escape browser sandbox and do anything.
[1] http://consideredharmful.info/papers...%20Monster.pdf
This [1] article shows how they use Flash and Silverlight to access Mac
[2] https://krebsonsecurity.com/
Brian Krebs everyday post news about Flash, Silverlight exploits. You can follow him.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY ActiveX is more or less dead at this point, so this is not something to be worried about.
No, you cannot get MAC address from either of these.
This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.
People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances. | Passwords can get using brute force. Nowadays people brute-force even your card details so it's not surprising.
MAC address is not a big thing. so no software company cares. Nowadays you can view your mac address from xnfiity.com and you may able to see third-party scripts loaded on xnfitiy.com grab and record everything.
|
05-24-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible?
I hate when people say no to everyone. Everything is possible, and I posted options that can be used to get this MAC address. I also mentioned that PayPal unlikely do illegal things to get this mac.
|
05-24-2018
| Senior Member | | Join Date: Sep 2011
Posts: 3,126
Thanks: 11
Thanked 761 Times in 582 Posts
Activity: 0% Longevity: 73% | | Re: MAC address detection by eb/pp.. Possible? I have a PhD in browser fingerprinting.
There's no such degree. Why don't you post your doctoral dissertation. We'd all LOVE to read it.
And your diploma too, we'd love to see that "Browser Fingerprinting Doctorate" of yours.
To the OP, no, they don't see your MAC address. Otherwise we'd all be toast, wouldn't we?
|
05-24-2018
| | Executive [VIP] | | Join Date: Sep 2010
Posts: 14,302
Thanks: 1,110
Thanked 4,934 Times in 3,399 Posts
Activity: 0% Longevity: 79% | | Re: MAC address detection by eb/pp.. Possible?
LOL, Now iloveghosts is on this thread.
|
05-25-2018
| Executive [VIP] | | Join Date: May 2009
Posts: 2,578
Thanks: 214
Thanked 673 Times in 502 Posts
Activity: 0% Longevity: 86% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by iloveghosts You need to understand that you have to go into School. There are many Flash & Silverlight tricks to get your mac address, hard drive id, as well as there, are zero-day exploits that can escape browser sandbox and do anything.
[1] http://consideredharmful.info/papers...%20Monster.pdf
This [1] article shows how they use Flash and Silverlight to access Mac
[2] https://krebsonsecurity.com/
Brian Krebs everyday post news about Flash, Silverlight exploits. You can follow him. | What this post actually translates to:
"I have absolutely no idea what I'm talking about, so I'm going to pretend to know what I'm saying by berating others and linking a generic paper on some completely unrelated topic, as well as the homepage to some popular security website but not any particular articles".
FYI, a quick ctrl+f on "silverlight" and "MAC" returned literal results on that paper of yours. Good job reading your own sources before even posting it. Quote:
Originally Posted by iloveghosts Passwords can get using brute force. Nowadays people brute-force even your card details so it's not surprising. | lmao no, nobody brute forces CC numbers or passwords across a network. You'll get IP banned after only a few tries, and the number of possible combinations would take you years to even count to. Quote:
Originally Posted by iloveghosts Nowadays you can view your mac address from xnfiity.com and you may able to see third-party scripts loaded on xnfitiy.com grab and record everything. | Hmm, your ISP knows the MAC address of the modem/router they provided for you that forms a direct connection to your house. Yeah I have NO IDEA how they can possibly know the MAC address. Quote:
Originally Posted by iloveghosts I hate when people say no to everyone. Everything is possible, and I posted options that can be used to get this MAC address. I also mentioned that PayPal unlikely do illegal things to get this mac. | Then maybe should step down your ⊗⊗⊗⊗ high horse and stop being so pretentious first? You have absolutely no idea what you're talking about, you're just assuming how technology works. Funny how you're telling others to go back to school
Before you post anything else purely out of uneducated specualtions, go read about the OSI network models first and learn how the different networking layers work with each other. When you're done, try answering these questions to check your understandings:
Which network layer is the MAC address used in, and why is it needed?
What networking layer would Javascript/Silverlight/Flash reside in, and (roughly speaking) what functionalities do they provide?
How would knowing the user's MAC address be helpful in any way or form for its intended purposes provided by Javascript/Silverlight/Flash? (Hint: it doesn't.)
Last edited by BiN4RY; 05-25-2018 at 02:09 AM.
|
05-25-2018
| Junior Member | | Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0% Longevity: 34% | | Re: MAC address detection by eb/pp.. Possible? Quote:
Originally Posted by BiN4RY What this post actually translates to:
"I have absolutely no idea what I'm talking about, so I'm going to berate others by linking a generic paper on some completely unrelated topic, as well as the homepage to some generic security research website but not any articles".
FYI, a quick ctrl+f on "silverlight" and "MAC" returned literal results on that paper of yours. Good job reading your own sources before even posting it.
lmao no, nobody brute forces CC numbers or passwords across a network. You'll get IP banned after only a few tries.
Hmm, your ISP knows the MAC address of the modem/router they provided for you that forms a direct connection to your house. Yeah I have NO IDEA how they can possibly know the MAC address.
Then maybe should step down your ⊗⊗⊗⊗ high horse and stop being so pretentious first? You have absolutely no idea what you're talking about, you're just assuming how technology works. Funny how you're telling others to go back to school
Before you post anything else purely out of uneducated specualtions, go read about the OSI network models first and learn how the different networking layers work with each other. |
1. https://techcrunch.com/2016/12/05/a-...n-six-seconds/
2. That's why we have proxies to prevent IP ban.
3. Yes, there are countries where you can do Ph.D. in Browser Fingerprinting. I have more degrees than this one.
4. You are lazy, CTRL+F does not work 100% on PDF's.
Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix
A part of that researcher paper which describes DLL Injection through Flash/Silverlight :
Nikiforakis et al. found that some vendors (BlueCava and Iovation) attempted
to gain additional information about “deeper” layers of the user’s system. This was achieved through special plugins, which were distributed with (and able to invoke) DLLs that function essentially as native fingerprinting libraries. These libraries have access to a great amount of information about the user’s system, and are able to reveal information belonging to layers “below” the user’s browser – including but not limited to hardware identifiers, machine name, Windows installation date and Digital Product Id, installed system drivers and so forth. While this highly intrusive method requires the
user to “opt-in” at some point (as the plugins have to be installed first), it is possible to bundle them with “desired” software (as has been done with e. g. browser toolbars in the past) and thereby place
them onto a user’s system. Nikiforakis et al. furthermore found that the plugins may attempt to conceal their purpose (by identifying themselves as “identity shields” or similar, which is only technically true), casting this practice in a very questionable light. (cf. Nikiforakis et al. 2013 p. 5) However, the information obtained through these plugins is highly machine-specific (possibly unique) and likely to change frequently and is therefore extremely useful for fingerprinting. I told everyone this method only works if you click "ALLOW ACCESS TO FLASH OR SILVERLIGHT" otherwise these methods not works.
Your ISP knows MAC address of every device that connected to a router and this includes NetBIOS Name (Your computer name), Computer Model, Running OS too.
If you want to prevent ISP leak, just use extended wifi router. This way ISP can't get your devices MAC's, they only able to get MAC of extended wifi router.
There are browser exploits including VM Escape begin sold by Zerodium to Government's and companies which can be used to infect your system with a virus. So anyone who has access to special exploits can view your mac address and hack into your computer. It's not a big mystery, and man you have no idea what you talking about. The Brian Krebs clearly mentioned on his blog about Flash/Silverlight exploits that were used to infect your computers with a virus and other dozens of proposes. So it's 100% possible to get MAC anyway but PayPal not willing to use Illegal exploits to get this, PayPal only able to get this with your own permission or ISP like Comcast share data with advertising companies then PayPal can use them too. | | |
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts HTML code is Off | | | |