MAC address detection by eb/pp.. Possible? - eBay Suspended & PayPal Limited Forums
eBay Suspension & PayPal Limited Forums  
Join Today
Register Subscribe
     

Registration is fast, simple and absolutely free so please, join our community today!


Go Back   Home > Marketplace Discussions > PayPal Talk

PayPal Talk PayPal Forums. General issues related to PayPal.

Reply
 
Thread Tools
  #1  
Old 04-08-2016
Junior Member
 
Join Date: Apr 2016
Posts: 13
Thanks: 12
Thanked 2 Times in 2 Posts
Activity: 0%
Longevity: 28%
iTrader: (0)
Default MAC address detection by eb/pp.. Possible?

Found an old thread from 2012 that all participants agree this is not possible..

Would like to have an updated input on the matter by members..

Has eb/pp technology/techniques progressed that far so they are today able to detect their users mac address?
Reply With Quote
The complete step-by-step guide to get back to selling today!

  #2  
Old 04-08-2016
ilcarletto's Avatar
Super Moderator
 
Join Date: Oct 2013
Posts: 4,644
Thanks: 823
Thanked 1,388 Times in 1,019 Posts
Activity: 56%
Longevity: 47%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by PolMart View Post
Has eb/pp technology/techniques progressed that far so they are today able to detect their users mac address?
No absolutely no. They can't see your MAC address.
Reply With Quote
  #3  
Old 04-08-2016
Senior Member
 
Join Date: Jan 2016
Posts: 80
Thanks: 5
Thanked 14 Times in 10 Posts
Activity: 0%
Longevity: 29%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Nope not MAC detection, as yet.
Reply With Quote
  #4  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Yes. It's possible to get your MAC with following scenarios.

1. Internet Explorer ActiveX
2. Flash & Silverlight
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell.
Reply With Quote
  #5  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

I want to add another method. There is another way to get this using Bruteforcing but this requires a lot of computer power.

Lastly, Some advertisers can see your mac address when you log in to manage the router. This depends on your ISP. I do not think they share that info with PayPal. I just talking about possibilities.
Reply With Quote
  #6  
Old 05-24-2018
yankee's Avatar
Executive [VIP]
 
Join Date: Nov 2013
Posts: 7,815
Thanks: 2,274
Thanked 2,614 Times in 1,916 Posts
Activity: 40%
Longevity: 46%
iTrader: (2)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post
Yes. It's possible to get your MAC with following scenarios.

1. Internet Explorer ActiveX
2. Flash & Silverlight
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell.
Do you work for the government or hide from the government?
Reply With Quote
  #7  
Old 05-24-2018
aspkin's Avatar
Administrator
 
Join Date: Jan 2007
Posts: 10,635
Thanks: 2,885
Thanked 3,672 Times in 1,568 Posts
Activity: 46%
Longevity: 100%
iTrader: (24)
Default Re: MAC address detection by eb/pp.. Possible?

The thing is we access these "WEBSITES" using a web browser. The apps/plugins that were weak before are generally not used anymore because people could learn more about you than what is allowed by your web browser.

Your web browser protects you believe it or not. Now if you use a web app or mobile app, those are not web browsers.. those generally give a lot more information about you away.

Currently, unless you purposely give away permission, mac address is not given away by your web browser.
__________________

Notice: Do not PM me. I get too many PMs to answer.
Please go to https://support.aspkin.com and submit a ticket instead.
Reply With Quote
  #8  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by aspkin View Post
The thing is we access these "WEBSITES" using a web browser. The apps/plugins that were weak before are generally not used anymore because people could learn more about you than what is allowed by your web browser.

Your web browser protects you believe it or not. Now if you use a web app or mobile app, those are not web browsers.. those generally give a lot more information about you away.

Currently, unless you purposely give away permission, mac address is not given away by your web browser.
I know that these plugins not enabled by default, but some people tend to click on it and enable on some sites and there are flash exploits that begin sold by Zerodium to companies.

I know one exploit being used by Iovation, that they use flash and inject DLL into your system and that DLL gather everything from hard drive to mac.
Reply With Quote
  #9  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by yankee View Post
Do you work for the government or hide from the government?

I have a PhD in browser fingerprinting.
Reply With Quote
  #10  
Old 05-24-2018
nate's Avatar
Senior Member
 
Join Date: Jul 2016
Posts: 895
Thanks: 138
Thanked 335 Times in 222 Posts
Activity: 1%
Longevity: 26%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post
I have a PhD in browser fingerprinting.
What was you old username? MLADen?

He wrote more elegantly than you do though.
Reply With Quote
  #11  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by nate View Post
What was you old username? MLADen?

He wrote more elegantly than you do though.
I do not remember it either.
Reply With Quote
  #12  
Old 05-24-2018
nate's Avatar
Senior Member
 
Join Date: Jul 2016
Posts: 895
Thanks: 138
Thanked 335 Times in 222 Posts
Activity: 1%
Longevity: 26%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post
I do not remember it either.
That was a joke... He's the one who created the Canvas Fingerprint Chrome addon.

You said you had a PHD in browser fingerprinting....
Reply With Quote
  #13  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by nate View Post
That was a joke... He's the one who created the Canvas Fingerprint Chrome addon.

You said you had a PHD in browser fingerprinting....
That addon produces ⊗⊗⊗⊗ canvas fingerprint that easily can be analyzed and mark as ⊗⊗⊗⊗.

I did not make any add-ons, but most canvas add-ons are produced ⊗⊗⊗⊗ canvas which not looks real to analytic systems.
Reply With Quote
  #14  
Old 05-24-2018
aspkin's Avatar
Administrator
 
Join Date: Jan 2007
Posts: 10,635
Thanks: 2,885
Thanked 3,672 Times in 1,568 Posts
Activity: 46%
Longevity: 100%
iTrader: (24)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post


I know that these plugins not enabled by default, but some people tend to click on it and enable on some sites and there are flash exploits that begin sold by Zerodium to companies.

I know one exploit being used by Iovation, that they use flash and inject DLL into your system and that DLL gather everything from hard drive to mac.
It's good that we tell people not to do that not only in eBay Stealth but throughout this forum. This is a non issue.
__________________

Notice: Do not PM me. I get too many PMs to answer.
Please go to https://support.aspkin.com and submit a ticket instead.
Reply With Quote
  #15  
Old 05-24-2018
Executive [VIP]
 
Join Date: May 2009
Posts: 2,576
Thanks: 211
Thanked 668 Times in 500 Posts
Activity: 4%
Longevity: 81%
iTrader: (5)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post
1. Internet Explorer ActiveX
ActiveX is more or less dead at this point, so this is not something to be worried about.

Quote:
Originally Posted by iloveghosts View Post
2. Flash & Silverlight
No, you cannot get MAC address from either of these.

Quote:
Originally Posted by iloveghosts View Post
3. Weak Windows Passwords also allows anyone to get your mac address remotely using Powershell Commands. Assume you are using the same password for both PayPal and Windows. If they wanted, they can use your password to get this mac using PowerShell.
This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.


People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances.

Last edited by BiN4RY; 05-24-2018 at 01:21 PM.
Reply With Quote
  #16  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by BiN4RY View Post
ActiveX is more or less dead at this point, so this is not something to be worried about.



No, you cannot get MAC address from either of these.



This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.


People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances.
You need to understand that you have to go into School. There are many Flash & Silverlight tricks to get your mac address, hard drive id, as well as there, are zero-day exploits that can escape browser sandbox and do anything.

[1] http://consideredharmful.info/papers...%20Monster.pdf

This [1] article shows how they use Flash and Silverlight to access Mac


[2] https://krebsonsecurity.com/

Brian Krebs everyday post news about Flash, Silverlight exploits. You can follow him.
Reply With Quote
  #17  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by BiN4RY View Post
ActiveX is more or less dead at this point, so this is not something to be worried about.



No, you cannot get MAC address from either of these.



This is also a nonissue. Knowing your user password is only one of a hundred steps needed for someone to maliciously access your terminal remotely.


People need to understand that MAC address is a link layer address. This is a network layer lower than the IP layer, and no web applications running exclusively on the IP layer and above can see anything below it under normal circumstances.
Passwords can get using brute force. Nowadays people brute-force even your card details so it's not surprising.

MAC address is not a big thing. so no software company cares. Nowadays you can view your mac address from xnfiity.com and you may able to see third-party scripts loaded on xnfitiy.com grab and record everything.
Reply With Quote
  #18  
Old 05-24-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

I hate when people say no to everyone. Everything is possible, and I posted options that can be used to get this MAC address. I also mentioned that PayPal unlikely do illegal things to get this mac.
Reply With Quote
  #19  
Old 05-24-2018
Senior Member
 
Join Date: Sep 2011
Posts: 3,126
Thanks: 11
Thanked 750 Times in 578 Posts
Activity: 0%
Longevity: 63%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

I have a PhD in browser fingerprinting.

There's no such degree. Why don't you post your doctoral dissertation. We'd all LOVE to read it.

And your diploma too, we'd love to see that "Browser Fingerprinting Doctorate" of yours.

To the OP, no, they don't see your MAC address. Otherwise we'd all be toast, wouldn't we?
Reply With Quote
  #20  
Old 05-24-2018
MM78's Avatar
Executive [VIP]
 
Join Date: Sep 2010
Posts: 14,135
Thanks: 1,107
Thanked 4,820 Times in 3,333 Posts
Activity: 2%
Longevity: 71%
iTrader: (4)
Default Re: MAC address detection by eb/pp.. Possible?

LOL, Now iloveghosts is on this thread.
Reply With Quote
  #21  
Old 05-25-2018
Executive [VIP]
 
Join Date: May 2009
Posts: 2,576
Thanks: 211
Thanked 668 Times in 500 Posts
Activity: 4%
Longevity: 81%
iTrader: (5)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by iloveghosts View Post
You need to understand that you have to go into School. There are many Flash & Silverlight tricks to get your mac address, hard drive id, as well as there, are zero-day exploits that can escape browser sandbox and do anything.

[1] http://consideredharmful.info/papers...%20Monster.pdf

This [1] article shows how they use Flash and Silverlight to access Mac


[2] https://krebsonsecurity.com/

Brian Krebs everyday post news about Flash, Silverlight exploits. You can follow him.
What this post actually translates to:

"I have absolutely no idea what I'm talking about, so I'm going to pretend to know what I'm saying by berating others and linking a generic paper on some completely unrelated topic, as well as the homepage to some popular security website but not any particular articles".

FYI, a quick ctrl+f on "silverlight" and "MAC" returned literal results on that paper of yours. Good job reading your own sources before even posting it.

Quote:
Originally Posted by iloveghosts View Post
Passwords can get using brute force. Nowadays people brute-force even your card details so it's not surprising.
lmao no, nobody brute forces CC numbers or passwords across a network. You'll get IP banned after only a few tries, and the number of possible combinations would take you years to even count to.

Quote:
Originally Posted by iloveghosts View Post
Nowadays you can view your mac address from xnfiity.com and you may able to see third-party scripts loaded on xnfitiy.com grab and record everything.
Hmm, your ISP knows the MAC address of the modem/router they provided for you that forms a direct connection to your house. Yeah I have NO IDEA how they can possibly know the MAC address.

Quote:
Originally Posted by iloveghosts View Post
I hate when people say no to everyone. Everything is possible, and I posted options that can be used to get this MAC address. I also mentioned that PayPal unlikely do illegal things to get this mac.
Then maybe should step down your ⊗⊗⊗⊗ high horse and stop being so pretentious first? You have absolutely no idea what you're talking about, you're just assuming how technology works. Funny how you're telling others to go back to school

Before you post anything else purely out of uneducated specualtions, go read about the OSI network models first and learn how the different networking layers work with each other. When you're done, try answering these questions to check your understandings:

Which network layer is the MAC address used in, and why is it needed?

What networking layer would Javascript/Silverlight/Flash reside in, and (roughly speaking) what functionalities do they provide?

How would knowing the user's MAC address be helpful in any way or form for its intended purposes provided by Javascript/Silverlight/Flash? (Hint: it doesn't.)

Last edited by BiN4RY; 05-25-2018 at 02:09 AM.
Reply With Quote
  #22  
Old 05-25-2018
Junior Member
 
Join Date: May 2018
Posts: 84
Thanks: 0
Thanked 1 Time in 1 Post
Activity: 0%
Longevity: 11%
iTrader: (0)
Default Re: MAC address detection by eb/pp.. Possible?

Quote:
Originally Posted by BiN4RY View Post
What this post actually translates to:

"I have absolutely no idea what I'm talking about, so I'm going to berate others by linking a generic paper on some completely unrelated topic, as well as the homepage to some generic security research website but not any articles".

FYI, a quick ctrl+f on "silverlight" and "MAC" returned literal results on that paper of yours. Good job reading your own sources before even posting it.



lmao no, nobody brute forces CC numbers or passwords across a network. You'll get IP banned after only a few tries.



Hmm, your ISP knows the MAC address of the modem/router they provided for you that forms a direct connection to your house. Yeah I have NO IDEA how they can possibly know the MAC address.



Then maybe should step down your ⊗⊗⊗⊗ high horse and stop being so pretentious first? You have absolutely no idea what you're talking about, you're just assuming how technology works. Funny how you're telling others to go back to school

Before you post anything else purely out of uneducated specualtions, go read about the OSI network models first and learn how the different networking layers work with each other.


1.https://techcrunch.com/2016/12/05/a-...n-six-seconds/

2. That's why we have proxies to prevent IP ban.

3. Yes, there are countries where you can do Ph.D. in Browser Fingerprinting. I have more degrees than this one.

4. You are lazy, CTRL+F does not work 100% on PDF's.


Windows Registry (SFP) - BLUECAVA
MSIE Product key (SFP) - Iovation ReputationManager
OS & kernel version (Flash) - ThreatMetrix
ActiveX + 6 CLSIDs (JS) - ThreatMetrix
kernel version (Flash) - ThreatMetrix


A part of that researcher paper which describes DLL Injection through Flash/Silverlight :

Nikiforakis et al. found that some vendors (BlueCava and Iovation) attempted
to gain additional information about “deeper” layers of the user’s system. This was achieved through special plugins, which were distributed with (and able to invoke) DLLs that function essentially as native fingerprinting libraries. These libraries have access to a great amount of information about the user’s system, and are able to reveal information belonging to layers “below” the user’s browser – including but not limited to hardware identifiers, machine name, Windows installation date and Digital Product Id, installed system drivers and so forth. While this highly intrusive method requires the
user to “opt-in” at some point (as the plugins have to be installed first), it is possible to bundle them with “desired” software (as has been done with e. g. browser toolbars in the past) and thereby place
them onto a user’s system. Nikiforakis et al. furthermore found that the plugins may attempt to conceal their purpose (by identifying themselves as “identity shields” or similar, which is only technically true), casting this practice in a very questionable light. (cf. Nikiforakis et al. 2013 p. 5) However, the information obtained through these plugins is highly machine-specific (possibly unique) and likely to change frequently and is therefore extremely useful for fingerprinting.



I told everyone this method only works if you click "ALLOW ACCESS TO FLASH OR SILVERLIGHT" otherwise these methods not works.


Your ISP knows MAC address of every device that connected to a router and this includes NetBIOS Name (Your computer name), Computer Model, Running OS too.


If you want to prevent ISP leak, just use extended wifi router. This way ISP can't get your devices MAC's, they only able to get MAC of extended wifi router.


There are browser exploits including VM Escape begin sold by Zerodium to Government's and companies which can be used to infect your system with a virus. So anyone who has access to special exploits can view your mac address and hack into your computer. It's not a big mystery, and man you have no idea what you talking about. The Brian Krebs clearly mentioned on his blog about Flash/Silverlight exploits that were used to infect your computers with a virus and other dozens of proposes. So it's 100% possible to get MAC anyway but PayPal not willing to use Illegal exploits to get this, PayPal only able to get this with your own permission or ISP like Comcast share data with advertising companies then PayPal can use them too.
Reply With Quote
Reply



Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
I.P. Address Detection? yellowrotorway eBay Tracking 52 04-13-2015 08:57 AM
Brand new hardware & Internet Connection detection pandoraaj009 Amazon 6 02-07-2015 06:26 AM
new detection method on amazon? Speeder33 Amazon X 36 02-29-2012 11:00 AM
New detection methods? KingDog Amazon 22 01-08-2012 10:26 PM
Fraud Detection in Electronic Auction coldfinger eBay Suspensions 3 02-11-2007 06:57 PM


Aspkin Group

All times are GMT -5. The time now is 05:11 AM.


Stop the guessing games and learn how you can quickly and easily get back on eBay today!
Read the best selling step-by-step eBay Suspension guide eBay Stealth!
Amazon Suspension? Read Amazon Ghost to get back on Amazon!
vBulletin® Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
Ad Management by RedTyger
no new posts