IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fingerprinting]

Gaining information about current version of an application or operating system in order to find a vulnerability.

Fingerprinting is a term that describes the process of identifying a system based upon the services it runs and the behaviour it exhibits.

141 questions
38
votes
5 answers

Why do some web servers still provide information on vendor and version in the HTTP response headers

I think in the security field it is a well-known fact that its not a good idea to let the web server vendor (e.g. Apache) and the version be visible to the outside as this can be used to launch targeted attacks against a specific server…
dfsg76
  • 529
  • 4
  • 7
19
votes
1 answer

What unique device fingerprinting information can an iOS8 app collect?

As an addition to this question: What unique fingerprinting information can an iOS7 app collect? What remaining device fingerprinting privacy/security vulnerabilities still exist as of iOS 8? Can 3rd-party apps still access a list of other running…
pseudon
  • 1,420
  • 9
  • 20
16
votes
2 answers

What unique fingerprinting information can an iOS 10 app collect?

As a follow-on to these questions: What unique fingerprinting information can an iOS7 app collect? What unique device fingerprinting information can an iOS8 app collect? What unique device fingerprinting information can an iOS9 app collect? iOS 10…
pseudon
  • 1,420
  • 9
  • 20
14
votes
5 answers

bot detection via browser fingerprinting

I've recently noticed that a few companies have begun to offer bot and scraping protection services based on the idea of browser fingerprinting to detect them, and then blocking the specific fingerprint from accessing the site (rather than blocking…
WeaselFox
  • 241
  • 1
  • 2
  • 6
13
votes
1 answer

Guessing PHP version and info from phpinfo using black box analysis

Intro I'm currently experimenting with PHP black box analysis and couldn't find any useful information. There are some approaches how to determine e.g. Apache version, but for PHP it seems that internet knows only so called "PHP easter eggs". On…
Awaaaaarghhh
  • 562
  • 2
  • 18
13
votes
3 answers

How can I detect the remote operating system?

Is it possible to detect the operating system type remotely from another system using any tools like nmap without admin privileges? What are the other alternatives for achieving this?
user45475
  • 1,030
  • 2
  • 9
  • 14
12
votes
2 answers

Disable HTML5 battery features

HTML5 has a feature set relating to client battery status. It has been described as a privacy hole, as it can be used to track and identify web users. Research suggests the features can be used even to identify users using VPN or private browsing…
Gruber
  • 1,084
  • 1
  • 8
  • 19
11
votes
5 answers

Are photographs of fingerprints a security risk?

It should be trivial to get fingerprint patterns for many of the most important people in the world, as they frequently (enough) wave their hand, palms forward, to many HD cameras. Is it possible to gather this information of fingertips to overcome…
raindrop
  • 213
  • 2
  • 6
10
votes
1 answer

What unique fingerprinting information can an iOS7 app collect?

I'm interested in unique information that is beyond typical user knowledge or control. As of iOS 7, users can easily protect local physical tracking by controlling radios (cell, WiFi, Bluetooth) in Control Center. There are also now explicit…
pseudon
  • 1,420
  • 9
  • 20
10
votes
2 answers

How do exploit kits enumerate or fingerprint their targets?

My current understanding is that an exploit kit will fingerprint (gather information on) a system, check those details against a database of vulnerabilities and then attempt to use the relevant exploits. I can see simple ways of checking for things…
Arlix
  • 1,459
  • 3
  • 13
  • 22
9
votes
1 answer

What unique device fingerprinting information can an iOS9 app collect?

As a follow-on to these questions: What unique fingerprinting information can an iOS7 app collect? What unique device fingerprinting information can an iOS8 app collect? Apple has apparently removed the ability to see other running processes in iOS…
pseudon
  • 1,420
  • 9
  • 20
9
votes
4 answers

Fingerprinting the webpage content

I'm moderating a closed section of a forum - think 'covered by NDA' (not actually, but it's a good equivalent of the situation), with restricted access. Sometimes we find screenshots from that forum posted by some rogue user anonymously in places…
SF.
  • 211
  • 1
  • 5
9
votes
1 answer

How is YouTube able to identify anonymous users?

A few days ago I was searching YouTube and I noticed an "outlier" video poped up in the suggestions list. This video had nothing to do with the topic being searched, but instead it was based on a previous search that was requested from this same…
Mister Smith
  • 423
  • 4
  • 9
9
votes
1 answer

Can BitTorrent clients be fingerprinted?

As https://panopticlick.eff.org/ demonstrates, web browsers are very prone to fingerprinting, both active and passive (often you can fingerprint a web browser by simply monitoring the wire). My question is: Is the same possible with BitTorrent…
Shnatsel
  • 2,802
  • 2
  • 16
  • 15
8
votes
3 answers

How to know if two IP addresses point to the same web server?

Doing some testing against two IP address in the scope I find one web server in each one. Both host what it seems the same web application. They are different public (accessible through Internet) IP addresses and there are no explicit redirects…
kinunt
  • 2,759
  • 2
  • 23
  • 30
1
2 3
9 10