New paper by Amit Klein (Trusteer): "Detecting virtualization ov
Hi list
The IE9 (platform preview) Javascript Math.random implementation is vulnera=
ble to seed reconstruction. The seed reveals the computer's boot time (and =
on Windows 7 - also CPU clock speed). These can be used to finger-print com=
puters and track users within the same Windows session even if they close a=
nd open their IE9 (platform preview) browser multiple times.=20
Interestingly enough, this technique also provides some information regardi=
ng the client hardware (namely clock source and possibly CPU clock speed), =
and may be used to detect virtualized machines "over the web".=20
Additionally, the Math.random implementation is flawed in such way that it =
returns non-uniform values (this holds for IE9 beta as well).
For full details, please read:
http://www.trusteer.com/sites/default/files/VM_Detection_and_Temporary_User=
_Tracking_in_IE9_Platform_Preview.pdf
Thanks,
-Amit
Amit Klein, CTO, Trusteer