lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <ICMSJ9$94A22CCF38E1E89CC4060DEBDF06A893@libero.it>
From: rebonzo at libero.it (Matteo Giannone)
Subject: client - server

I have made all tests on that website : none revealing informations that can
recognize me. I mean: if mozilla would send its SERIAL NUMBER (if it exsts) that
is a way to identify my own copy of mozilla.


>
>> which informations can a server get about a client running M$ windows XP ?
>> I cannot access a website because i have been "banned" and I'd like to
>> understand how they recognize me for sure.
>
>All sorts of stuff. Visit browserspy (http://gemal.dk/browserspy/) for a 
>bunch of tests. Java is one excellent way to steal the goods (and many 
>browserspy tests use that).
>
>The 'short' answer is, however, probably a simple IP check.
>> 
>> I mean:
>> - a simple ip check doesn't work with dynamic addresses...
>> - cookies can be deleted
>> - computer name can be changed
>> - mac address can be changed (even I wasn't able to, because I have a usb dsl
>> modem and I cannot change its MAC working with regedit or using tools like smac )
>
>MAC address? That's not visible past the DSLAM. As for dynamic 
>addresses, have you kept track? I have (supposed) dynamic addresses at 
>home and it's not changed in over a year.
>
>You should dump the DSL modem and get a conventional ethernet one. Then 
>change the MAC on your ethernet card at will (this will get you new 
>addresses). There probably is a way to access the innerds of the USB one 
>but you'd probably have to take it apart and locate the serial port.
>
>~Mike.
>> 
>> Anything else ?
>> How the hell do they recognize me ?
>> 
>> Matteo Giannone
>> 
>> 
>> 
>> 
>> ____________________________________________________________
>> 6X velocizzare la tua navigazione a 56k? 6X Web Accelerator di Libero!
>> Scaricalo su INTERNET GRATIS 6X http://www.libero.it
>> 
>> 
>> 
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.netsys.com/full-disclosure-charter.html
>> 
>



____________________________________________________________
Navighi a 2 MEGA e i primi 3 mesi sono GRATIS. 
Scegli Libero Adsl Flat senza limiti su http://www.libero.it

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ