lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 2 Dec 2010 13:25:25 -0600
From: Amit Klein <amit.klein@...steer.com>
To: "bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: New paper by Amit Klein (Trusteer): "Detecting virtualization over
 the web with IE9 (platform preview) and Semi-permanent computer
 fingerprinting and user tracking in IE9 (platform preview)"

Hi list

The IE9 (platform preview) Javascript Math.random implementation is vulnerable to seed reconstruction. The seed reveals the computer's boot time (and on Windows 7 - also CPU clock speed). These can be used to finger-print computers and track users within the same Windows session even if they close and open their IE9 (platform preview) browser multiple times. 
Interestingly enough, this technique also provides some information regarding the client hardware (namely clock source and possibly CPU clock speed), and may be used to detect virtualized machines "over the web". 
Additionally, the Math.random implementation is flawed in such way that it returns non-uniform values (this holds for IE9 beta as well).

For full details, please read:
http://www.trusteer.com/sites/default/files/VM_Detection_and_Temporary_User_Tracking_in_IE9_Platform_Preview.pdf

Thanks,
-Amit
Amit Klein, CTO, Trusteer

Powered by blists - more mailing lists