Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Phorm Discussion :: Security |
|
<< Previous thread | Next thread >> |
| Phorm and MAC Addresses | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| felixcatuk |
| ||
  Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 249 | Just a vague theory at this stage, but given analysis on the UID cookies, it seems there's a 6 byte field in the UID... A MAC address is a 6 byte field, and would be very very appealing to Phorm to allow them to track activity from a given end user machine (independant of current IP address). See recent posts here... http://www.badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?1608.30 Anyone got any thoughts? Is that a rubbish idea? [ Edited Sun Mar 23 2008, 12:08PM ] ISP customers; you don't need Phorm, pure and simple. Don't be a passive recipient of Phorm cookies. Until Phorm can be stopped, use the Dephormation Firefox Add On. http://www.dephormation.org.uk The user called PhormUKPRTeam/PhormUKTechTeam is a PR consultant from Citigate Drew Rogerson. RIPA: ISPs HAVE NO CONSENT FOR INTERCEPTION OF THIS TRANSMISSION ;o) | ||
| Back to top | | ||
| TheOtherSteve |
| ||
 Registered Member #178 Joined: Thu Mar 13 2008, 03:55PMPosts: 48 | Perhaps not a rubbish idea at all, but if it _is_ a MAC (and I agree that would be a handy thing for Phorm to have), would it not be the MAC of the gateway, rather than an individual machine ? In fact, wouldn't the only MAC address the profiler (or whatever it is that generates the cookie) sees be the MAC address of whatever machine it is wired to ? I guess this depends on what protocols and tunnelling are in use. Clues appreciated. Does the gateway's MAC even get any further than the DSLAM ? Guess it's time to crack open that DSL textbook that I bought remaindered for a fiver and has never come off the shelf! Speculation aside (for the moment) I've read the other thread, and I agree, that's not random. I noticed the increment as well, in very limited testing before the weekend, at first I took it be a timestamp, but it wandered off quite quickly. I have speculated elsewhere that it would be difficult to tell a 'random' cookie from one which is simply an encrypted (or otherwise obfuscated) set of key/value pairs, so with my tinfoil hat on, I think you may be on to an interesting line of enquiry. | ||
| Back to top | | ||
Powered by e107 Forum System