Thus spake coderman (coderman@xxxxxxxxx): > however, if an attacker has access to read this locally they've > already compromised you to a degree that random mac affords no > protection... Is this really true? One of the things I've wondered about here is plugins, but since Torbutton disables them for other reasons I haven't really looked into it. For insance, I know Java can create a socket, and query the interface properties of that socket to get the interface IP. Why not mac address? And if not java, can one of flash, silverlight, pdf-javascript, or others do this? Already we have location features built in to the browser based on nearby Wifi MACs... The Java trick to get the interface IP does not require special privs, so a randomized MAC would in fact help this scenario, if it were somehow possible. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpy5Y44gAlul.pgp
Description: PGP signature