trackety track

[via Mitch]: Tracking PCs everywhere on the Net (paper):

The technique works by "exploiting small, microscopic deviations in device hardware: clock skews." In practice, Kohno's paper says, his techniques "exploit the fact that most modern TCP stacks implement the TCP timestamps option from RFC 1323 whereby, for performance purposes, each party in a TCP flow includes information about its perception of time in each outgoing packet. A fingerprinter can use the information contained within the TCP headers to estimate a device's clock skew and thereby fingerprint a physical device."

Kohno goes on to say: "Our techniques report consistent measurements when the measurer is thousands of miles, multiple hops, and tens of milliseconds away from the fingerprinted device, and when the fingerprinted device is connected to the Internet from different locations and via different access technologies. Further, one can apply our passive and semi-passive techniques when the fingerprinted device is behind a NAT or firewall."

And the paper stresses that "For all our methods, we stress that the fingerprinter does not require any modification to or cooperation from the fingerprintee." Kohno and his team tested their techniques on many operating systems, including Windows XP and 2000, Mac OS X Panther, Red Hat and Debian Linux, FreeBSD, OpenBSD and even Windows for Pocket PCs 2002.

"In all cases," the paper says, "we found that we could use at least one of our techniques to estimate clock skews on the machines and that we required only a small amount of data, although the exact data requirements depended on the operating system in question."

Wow.

Categories: technology
Posted by diego on March 8, 2005 at 11:33 PM | Comments (1) | TrackBack (0)

listen. think. act.

And get started by watching Bono's speech to this year's TED conference. The whole address is about 30 minutes. Highly recommended.

Categories: geopolitics
Posted by diego on March 8, 2005 at 11:05 PM | TrackBack (0)

back into the flow

I've been really busy the last few days, and blogging has suffered. Oh well. I expect this will continue to happen for the foreseeable future. :)

I am really enjoying the weather here. Truly fantastic. One thing I miss, though, is Webvan, which was really great. I have to try out Safeway and see how it goes--otherwise shopping is kind of a pain since I don't have a car yet. But, you know, biking back and forth to the office actually makes up for it. Particularly in this weather.

Did I mention I'm enjoying the weather? :)

Categories: personal
Posted by diego on March 8, 2005 at 3:20 AM | Comments (2) | TrackBack (0)

new mobibot, new GoogleME

Erik has released a new version of GoogleME and a new version of mobibot. Very cool. I still don't have a local phone, but once I do I'll actually be able to use the local features of GoogleME (which weren't very useful in Ireland :)). Also, mobibot is now uploading directly to del.icio.us, which is a great example of the use of the delicious API. I still have to make some time to play with that myself!

Categories: soft.dev
Posted by diego on March 8, 2005 at 3:17 AM | TrackBack (0)

Copyright © Diego Doval 2002-2007.
Powered by
Movable Type 3.35