Thus spake .FUF (fuf@xxxxxxxxxxxx):
> Mozilla Firefox sends your computer's uptime while establishing TLS
> (SSL) connection. This could be used to correlate anonymous traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
> values (or to search the originator of anonymous traffic by correlating
> uptime values from TCP timestamps in GNU/Linux and some other operating
> systems).
>
> Tested with latest Firefox versions (including Betas) on Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux box due to
> some patches...
>
> Details:
>
> RFCs 2246, 4346 describe following structure (part of TLS Client Hello
> packet):
>
> struct {
> uint32 gmt_unix_time;
> opaque random_bytes[28];
> } Random;
>
> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in UNIX format.
Incidentally, this was filed as Firefox Bug
https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
in the 3.0 branch. I requested backport into FF2.0.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
Attachment:
pgpSpoKFj7SJi.pgp
Description: PGP signature