[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox sends your uptime

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Firefox sends your uptime
From: ".FUF" <fuf@xxxxxxxxxxxx>
Date: Sat, 05 Apr 2008 17:44:39 +0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 05 Apr 2008 09:44:47 -0400
In-reply-to: <20080405120958.GC10588@xxxxxxxxxxxxxxxx>
References: <47F74DF9.6060909@xxxxxxxxxxxx> <20080405120958.GC10588@xxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.12 (X11/20080228)

Geoffrey Goodell ?????:
> On Sat, Apr 05, 2008 at 02:01:29PM +0400, .FUF wrote:
>> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
>> Other browsers (IE, Opera) send your current system time in UNIX format.
> 
> Even sending the current system time is somewhat troublesome, since
> small inaccuracies may be likely to remain relatively constant over long
> periods, allowing an attacker to observe, for example, which machine is
> twenty seconds slow.  Not sure about to what extent running NTP
> ameliorates this.
> 
> Geoff
> 
> 

Yes, but running NTP syncs can transform this attack to "end-to-end
confirmation" attack. Attacker can modify NTP packets (they are being
sent over UDP) to hijack your current time (e.g. move it +12 seconds
forward) and then correlate HTTPS traffic from anonymous network (or
HTTP traffic from hidden service by looking at "Date:" field in HTTP
response).

References:
- Firefox sends your uptime
  - From: .FUF
- Re: Firefox sends your uptime
  - From: Geoffrey Goodell

Prev by Author: Firefox sends your uptime
Next by Author: Re: Firefox sends your uptime
Previous by thread: Re: Firefox sends your uptime
Next by thread: Re: Firefox sends your uptime
Index(es):
- Author
- Thread