Tag Archives: fingerprint

Uber 戰火蔓延到 Unroll

最近 Uber 的 CEO 被 Tim Cook 叫去喝咖啡的事情被報導出來:「Uber’s C.E.O. Plays With Fire」,裡面提到了 Uber 試著要「辨別」使用者的 iPhone,而這違反蘋果的政策: To halt the activity, Uber engineers assigned a persistent identity to iPhones with a small piece of code, a practice called “fingerprinting.” Uber could then … Continue reading

Posted in Computer, Mail, Murmuring, Network, Security, Software | Tagged , , , , , , , | 1 Comment

利用 Side-channel 資訊判斷被 HTTPS 保護的 Netflix 影片資訊

在「Netflix found to leak information on HTTPS-protected videos」這篇看到了研究員透過 VBR 所透露出的 side channel 資訊,成功的取得了被 HTTPS 保護的 Netflix 影片資訊。這對於美國的 ISP 是個大利多 (加上之前通過的法案),但對於個人隱私則是嚴重的打擊。 這項研究的準確率非常高: To support our analysis, we created a fingerprint database comprised of 42,027 Netflix videos. Given this collection of fingerprints, … Continue reading

Posted in Computer, Movie, Murmuring, Network, Recreation, Security, Television | Tagged , , , , , , , , , , , , , , , | Leave a comment

Bitcoin.org 對於接下來的 release 發出警告

Bitcoin.org 發出了有點摸不著頭緒的警告:「0.13.0 Binary Safety Warning」。 Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , | Leave a comment

PGP 短 ID 的安全問題

PGP 短 ID 的安全問題出來了,不見棺材不掉淚啊:「Fake Linus Torvalds' Key Found in the Wild, No More Short-IDs.」。 重點在這段,已經有人發出攻擊了: Search Result of 0x00411886: https://pgp.mit.edu/pks/lookup?search=0x00411886&op=index Fake Linus Torvalds: 0F6A 1465 32D8 69AE E438 F74B 6211 AA3B [0041 1886] Real Linus Torvalds: ABAF 11C6 5A29 70B1 … Continue reading

Posted in Computer, Linux, Murmuring, Network, OS, Programming, Security, Social, Software | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Firefox 擋 Canvas Fingerprint 的套件

在「How to block Canvas Fingerprinting in Firefox」這篇終於看到擋 Canvas Fingerprint 的延伸套件了:「CanvasBlocker」。 關於 Canvas Fingerprint,可以參考之前「用 Canvas Fingerprint 取代部份 Cookie」這篇文章。 截圖看起來有點陽春 (設定的方式很 geek),不過算是個開始,之後應該會愈改愈好:

Posted in Browser, Computer, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , | 2 Comments

MasterCard 推出需要指紋辨識後才能使用的信用卡

從「MasterCard's New Credit Card Will Come With a Fingerprint Scanner」這邊看到的: 金融產業一向是被逼了以後才會做的 (因為本來就賺的好好的,而且帶有壟斷性質): But MasterCard is now teaming up with biometric tech company Zwipe to prevent people from paying for items this way with stolen credit cards.

Posted in Computer, Financial, Hardware, Murmuring, Security | Tagged , , , , , | Leave a comment

Google Chrome 對只有 SHA-1 fingerprint 的淘汰過程

現在 Google Chrome 是 37 版,接下來的幾個版本會開始針對只有 SHA-1 fingerprint 的 SSL certificate 降低安全評價:「Gradually sunsetting SHA-1」。 這是 39 版預定的情況,會出現警告: 這是 40 版預定的情況,安全 icon 會消失: 而這是 41 版直接廢止的情況,當作不合法的 SSL certificate 處理: 另外,預先安裝的 root certificate 不受影響,因為並不是看 SHA-1 hash: Note: SHA-1-based signatures for trusted root … Continue reading

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , | 1 Comment

用 Canvas Fingerprint 取代部份 Cookie

Canvas Fingerprint 已經很久了,在「The Web never forgets: Persistent tracking mechanisms in the wild」說明了 Canvas Fingerprint 的歷史: Canvas fingerprinting is a type of browser or device fingerprinting technique that was first presented by Mowery and Shacham in 2012. 原始論文可以在「Pixel Perfect: Fingerprinting Canvas … Continue reading

Posted in Browser, Computer, Firefox, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , | 4 Comments


在 Slashdot 上看到的,「耳紋」比「指紋」精確?:「Ears Might Be Better Than Fingerprints For ID」。 不知道檢查的多深入,如果只是表面的話,本來砍手指的變成砍耳朵?XD

Posted in Computer, Murmuring, Science, Security | Tagged , , , | 2 Comments