-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
'Attacks always get more serious over time.'
I have to say, this is an extremely BAD development. Fingerprinting users
is SOOO BAD! However, this only works for fools with Javascript left ON.
Sometimes I'm that fool, and many of you are too. Firefox browser.
NoScript extension. SafeCache extension. SafeHistory extension.
The above URL has a demonstration button and the below text:
"To perform some Intranet Hacking we need the web browser's internal NAT'ed
IP Address (ie: 192.168.xxx.xxx). While not the most elegant solution, Java
Applets (MyAddress) are the only real way to go. It turns out JavaScript
can invoke Java classes directly (Firefox), including java.net.Socket, and
can achieve same results. No Applet required making the proof-of-concept
code a lot easier.
Firefox Only! (1.5 – 2.0) tested on OS X and WinXP. Please met know if
anyone knows a way to invoke Java classes from JavaScript in Internet
Explorer.
function natIP() {
var w = window.location;
var host = w.host;
var port = w.port || 80;
var Socket = (new
java.net.Socket(host,port)).getLocalAddress().getHostAddress();
return Socket;
}
"
-----BEGIN PGP SIGNATURE-----
iQA/AwUBRcK2GNcxzwil5KeHEQLN8ACfQYCNZ8RLHoDnYz8uef32G3iYvS4An2yC
+LABQIrU+XO+/VFdUaSATcQW
=jS3l
-----END PGP SIGNATURE-----
!! Read or peruse TheList's complete (except for the first month) history of emails !!
http://hacker7.net/thelist/
Received on Thu Feb 01 2007 - 22:57:11 EST
This archive was generated by hypermail 2.2.0 : Sun Oct 07 2007 - 14:42:04 EDT