[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox sends your uptime

Geoffrey Goodell ?????:
> On Sat, Apr 05, 2008 at 02:01:29PM +0400, .FUF wrote:
>> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
>> Other browsers (IE, Opera) send your current system time in UNIX format.
> Even sending the current system time is somewhat troublesome, since
> small inaccuracies may be likely to remain relatively constant over long
> periods, allowing an attacker to observe, for example, which machine is
> twenty seconds slow.  Not sure about to what extent running NTP
> ameliorates this.
> Geoff

Yes, but running NTP syncs can transform this attack to "end-to-end
confirmation" attack. Attacker can modify NTP packets (they are being
sent over UDP) to hijack your current time (e.g. move it +12 seconds
forward) and then correlate HTTPS traffic from anonymous network (or
HTTP traffic from hidden service by looking at "Date:" field in HTTP