funsec mailing list archives
Re: CSS Fingerprinting
From: rick wesson <rick () support-intelligence com>
Date: Sat, 20 Feb 2010 14:11:49 -0800
check out a company called 41st parameter. -rick Paul Bennett wrote:
My friend Sai is trying to find interesting ways to exploit a weakness in CSS. It'll make more sense if you read the page, but basically he's training an AI to recognize returning users regardless of which computer / browser / OS they log in from. It doesn't do anything unless or until you hit the button. Please follow Sai's wishes, and share the link by word of mouth, but not via Fark, Slashdot, or any of the other "big name" sites. ------- Forwarded message ------- From: "Sai Emrys" <sai () saizai com> Date: Sat, 20 Feb 2010 06:37:22 -0500 I'm doing a little research project on website user fingerprinting, to see if it's possible to identify a returning user despite changes in their browser & history. It's a one page site and should be self explanatory: http://cssfingerprint.com It does nothing other than what it says, and only after you click the button. It should be compatible with all major browsers that support javascript. I'd appreciate it if you hit the site every few days with every browser/computer you use, using the same code each time; it'll help me figure out how history data changes over time and across browsers/computers. (Don't do it from public computers, as that'll make my training data worse.) Hopefully the results should be interesting/amusing enough to provide a small reward for the minute of your time it takes to run. Please feel free to share/forward; the more traffic I can get the better my data will be. This is totally OT of course, so if you have any questions/comments/suggestions, please email me offlist. Thanks, - Sai PS I'm pretty sure I've worked out most of the bugs, but if you get 0 hits or <1k sites scraped, please let me know. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- CSS Fingerprinting Paul Bennett (Feb 20)
- Re: CSS Fingerprinting rick wesson (Feb 20)