funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CSS Fingerprinting

From: rick wesson <rick () support-intelligence com>
Date: Sat, 20 Feb 2010 14:11:49 -0800
check out a company called 41st parameter.

-rick


Paul Bennett wrote:

My friend Sai is trying to find interesting ways to exploit a weakness in  
CSS. It'll make more sense if you read the page, but basically he's  
training an AI to recognize returning users regardless of which computer /  
browser / OS they log in from. It doesn't do anything unless or until you  
hit the button.

Please follow Sai's wishes, and share the link by word of mouth, but not  
via Fark, Slashdot, or any of the other "big name" sites.

------- Forwarded message -------
From: "Sai Emrys" <sai () saizai com>
Date: Sat, 20 Feb 2010 06:37:22 -0500

I'm doing a little research project on website user fingerprinting, to
see if it's possible to identify a returning user despite changes in
their browser & history.

It's a one page site and should be self explanatory:

http://cssfingerprint.com


It does nothing other than what it says, and only after you click the
button. It should be compatible with all major browsers that support
javascript.

I'd appreciate it if you hit the site every few days with every
browser/computer you use, using the same code each time; it'll help me
figure out how history data changes over time and across
browsers/computers. (Don't do it from public computers, as that'll
make my training data worse.)

Hopefully the results should be interesting/amusing enough to provide
a small reward for the minute of your time it takes to run.

Please feel free to share/forward; the more traffic I can get the
better my data will be.

This is totally OT of course, so if you have any
questions/comments/suggestions, please email me offlist.

Thanks,
- Sai

PS I'm pretty sure I've worked out most of the bugs, but if you get 0
hits or <1k sites scraped, please let me know.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: