Thursday, 28 January 2010

Identifying PCs by Browser Settings

My browser fingerprint, as determined by panopticlick in a project started by the Electronic Frontier Foundation is currently unique under approximately 500000 browsers. Most of the identifying information comes from browser plugins and installed fonts - my font set alone makes my browser unique. To be more precise, my browser sends out 19 bits of identifying information.

To make things worse: you can even deduce someone's affiliations from the installed fonts to target spearfishing attacks. Big companies as well as political parties like to use special fonts to generate an unique look in their documents.

I get identical results for safari, firefox and chrome. Switching off javascript reduces the amount of information available to the identificator by 3 bits.

The lowest result I get is for my iPhone: only 11.02 bits of information. It would seem to me that most iPhones look equal.

Tuesday, 19 January 2010

The Missing Bus Error

Apple was slammed for not fixing an exploitable bug. That made me curious and I compiled and ran the following:

#include
#include

int
main()
{
char s[]="111.111111...11";

float a=atof(s);
printf("%f",a);
}

which is said to cause a bus error. However:

Opportunity:misc ullrich$ gcc -o buserror buserror.c
Opportunity:misc ullrich$ ./buserror
111.111115Opportunity:misc ullrich$

on my trusty MacBook, which looks more like a rounding error to me. Maybe they just fixed it - I use 10.6.2