I've read here that it's possible for a website to use cross site scripting to pull your router's MAC address without your permission. This can then be used to determine your location through Google Location Services.
What other information can be sent that can personally identify your hardware? For example, is there a flash plugin that sends out info or ID numbers about your graphics card? I know User Agents send out info about your browser, but do they also include hardware information as well?
Asked
Active
Viewed 2,243 times
2
Journeyman Geek
- 133,878
3 Answers
4
This is an HTTP-based service where router MAC addresses are mapped to approximate GPS coordinates from other data sources.
That's a weird statement, IMO. MAC addresses are unique hardware identifiers; they are not location-based. I could take a router anywhere and plug it in and get on the Internet.
In IPv4, MAC addresses are only sent in packets going to other machines on a LAN; they're stripped from packets going past the gateway onto the 'net.
In IPv6, the 64 bit "host" part of the full 128 bit address is often automatically generated from the MAC address, and hence might be visible to the server one connects to. See also How to avoid exposing my MAC address when using IPv6?
1
I think the author of that web page doesn't understand how what he's doing works. That's simply IP address geolocation. For me, it shows a location that's several miles from where I actually am. I can't speak to the router vulnerability he claims.
If you'd like to see the range of information that can be obtained (beyond just browser headers), visit BrowserSpy.dk and Panopticlick.
Dennis Williamson
- 111,445
0
You can see your user agent here: http://whatsmyuseragent.com/
For example, mine is: Mozilla/5.0
X11
U
Linux x86_64
en-US
AppleWebKit/534.13
KHTML, like Gecko
Ubuntu/10.04 Chromium/9.0.590.0 Chrome/9.0.590.0 Safari/534.13
As you can see, it identifies my CPU architecture (x86_64) and my OS. However, keep in mind that any hardware information collected by e. g. browser plugins can easily be forged, and should not be relied upon.
It's certainly possible for browser plugins to send hardware information. Ordinarily any such information would be considered "public," like the aforementioned MAC address (if you're concerned about this, it is possible to change it).
So you should be careful what plugins you install, but reputable ones should not send any information considered a security risk.
user55325
- 5,113