Browser Fingerprinting = Common (and lifehacking: Russian Sleep Machine, BIOS SDR, Snwoden , Safecracking)

Another one of those “I covered this here before as a theoretical attack, and now it’s being used in practice” ones.

About 1% of major websites are using device fingerprinting based on Flash to get around cookie-blocking and such, while .04% are using JavaScript to fingerprint people who block Flash too.

In other words, when you visit these websites it doesn’t matter what your IP is. And it doesn’t matter what your cookie settings, do-not-track, or whatever settings are. They identify you by the unique fingerprint of your browser.

Lifehacking / Russian Sleep Machine:

On the off chance any of you are thinking about experimenting with yesterday’s described gadget to get “8 hours rest in 30 minutes” — the usual rule of “don’t trust stuff you don’t understand” ought to apply to scrapheap transhumanism too.

Yes, this kind of cranial electrostimulation was extensively studied in Europe and the Soviet Union during the 50s through the 80s, and nobody ever found any bad side effects. Nevertheless, you should keep in mind that the Russian doctor who invented modern “electric sleep” was looking for…

A MORE HUMANE ALTERNATIVE TO LOBOTOMIES!

While I’ve found certain ways of applying it that would definitely *not* make a patient due for “socialist-realist attitude adjustment” easier to handle… if you’re going to poke around, consider doing your homework first.

Specifically, get a copy of Giliarovskii’s 1958 book “Electrosleep: a clinical physiological investigation” as well as every issue of the “International Symposium on Electrotherapeutic Sleep and Electroanaesthesia” (edited by Fritz Wageneder; the proceedings were published by Excerpta Medica, Amsterdam) you can find.

Also get a copy of Lilly et al, “Brief, Noninjurious Electric Waveform for Stimulation of the Brain”, Science, 1 April 1955. The safe waveform he describes appears to be *NOT USEFUL* for “scrapheap transhumanism,” but you still need to read the paper.

Why? Lilly investigated under which circumstances and in which ways waveforms similar to those used by the “Russian sleep machine” and related devices can cause brain damage.

You can find a copy of the Lilly paper here:
http://www.planetpuna.com/Lilly%20Papers/35.%20LILLY,%20JOHN%20C.,%20AND%20JOHN%20R.%20HUGHES,%20AND%20ELLSWORTH%20C.%20ALVORD,%20JR.,%20AND%20THELMA%20W.%20GALKIN.%201955.pdf

A very exccentric-looking fellow has a proper English-language bibliography that may help for the rest of the material. http://www.cyberwolfman.com/rprsdtec.htm

More BIOS SDR:
Looks like they’re investigating the possibility of non-radiated-electromagnetic signal transmission as well.

If it turns out the malware is indeed signaling through the power lines, I’ll be curious exactly *how*. You can’t transmit data very well through powerline transformers.

However, you can transmit data *very* well through the GROUND connection if you can generate the right (UWB-related) signal. This technique was invented by Tesla ages ago but hasn’t been used in public except by some very obscure experimenters… if the malware authors figured out a way to make a computer do it surreptitiously, that signals a very advanced attacker.

https://twitter.com/dragosr/status/388835828719300608
BTW the alternative to SDR is powerline voltage signalling. Either way, boxes presumed airgapped were changing dynamically at Windows level.

https://twitter.com/dragosr/status/389100675512020992
@codejake as I was interacting with the system it was interacting back, software not in the original install. Dll’s magically appearing.

Snowden’s laptops were a “diversion,” they were empty
http://rt.com/news/line/2013-10-11/#51598

Safecracking darwin award:
http://www.wmur.com/news/nh-news/2-men-found-dead-after-explosion-at-hopkinton-company/-/9857858/22351678/-/q33sr5/-/index.html

http://spectrum.ieee.org/tech-talk/telecom/internet/top-websites-secretly-track-your-browser-fingerprint

“Websites that really want to track you without permission have a way. A new report shows a surprising number of top Internet websites using so-called “device fingerprints” to secretly track visitors—a method that avoids legal limits on the use of cookies and also ignores the Do Not Track HTTP header.

The new report suggests that such secret tracking of Web users is more widespread than previous studies had found, according to researchers from KU Leuven in Belgium and New York University (NYU). Researchers counted 95 of the top 10 000 websites using device fingerprinting targeted at the Flash browser plugin used to play animations, videos, and sound files. They also found 404 of the top 1 million websites used device fingerprinting targeted at the JavaScript programming language used in web applications. Such fingerprinting can identify users on mobile phones and other devices that may not use Flash.

Device fingerprinting collects the properties of PCs, smartphones, and tablets that people use to access the Internet in order to create a unique identification. The fingerprint properties—including screen size, versions of installed software, and even lists of installed fonts—allow websites to track users without relying on the more common Internet cookies to follow users’ online activities.”

Advertisements
%d bloggers like this: