Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wine and security? [slightly long]



 On Sat, Jun 28, 2008 at 6:15 AM, Scott R. Ehrlich <[hidden email]> wrote: 
> I ask because some web sites refuse to accept a connection from a 
> non-Windows source, and wine has the ability to fool. 

I question your analysis that web servers are able to discriminate 
your OS. A trick known for a while, but detailed in Michal Zalewski's 
book Silence on the Wire, is to analyze the browser object requests 
temporaly.  You can fingerprint the remote browser using this method 
even if the user thinks he is savvy and alters the AGENT headers. 
Combine that with TCP Timestamps, and yes, you can fairly well 
determine he OS.  But I don't know of any commercial websites that 
would do this... 
-- 
Kristian Erik Hermansen 
-- 
CISSP, CEPT, CREA, CEH, Linux+, A+, QGCS, ACSA, this is getting ridiculous... 
http://kristian-hermansen.com

-- 
This message has been scanned for viruses and 
dangerous content by MailScanner, and is 
believed to be clean. 

_______________________________________________ 
Discuss mailing list 
[hidden email] 
http://lists.blu.org/mailman/listinfo/discuss
 


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org