This talk is dedicated to de-anonymizing active Internet users. We will give a hands-on demonstration of various Internet resources tracking and/or storing user data, and explain how this data can be used to find out the identity on the other side of the screen for your own (either good or evil) purposes.
Доклад посвящен деанонимизации активных пользователей интернета. На практике будет показано, как различные интернет-ресурсы следят или содержат информацию о пользователях и как ее можно использовать, чтобы вычислить, кто находится по ту сторону монитора для собственных (как плохих, так и хороших) нужд.
45. Cookie Matching
Specifically, when creating a new cookie, it uses the following storage mechanisms when available:
- Standard HTTP Cookies
- Local Shared Objects (Flash Cookies)
- Silverlight Isolated Storage
- Storing cookies in RGB values of auto-generated, force-
cached PNGs using HTML5 Canvas tag to read pixels (cookies)
back out
- Storing cookies in Web History
- Storing cookies in HTTP ETags
- Storing cookies in Web cache
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
- HTML5 IndexedDB
- Java JNLP PersistenceService
- Java CVE-2013-0422 exploit (applet sandbox escaping)
http://samy.pl/evercookie/
46. Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: on
flash: on
Js: off
flash: off