+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 25 of 25
General Chat Thread, Corrent me if I'm wrong....but. in General; Originally Posted by Sdrawkcab I think this article was mostly borne out of the BBC guy being low on ideas ...
  1. #16

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Quote Originally Posted by Sdrawkcab View Post
    I think this article was mostly borne out of the BBC guy being low on ideas for articles, and the SCAN guy getting his technical explanation spectacularly incorrect.
    Problem now with this idiot spouting a load of FAS - Vmyths » False Authority Syndrome is that he will asked to contribute to yet more pointless articles. Maybe he knows Andrew Benson the BBC Formula 1 writer. His articles are complete and utter shit too.

  2. #17
    Jamman960's Avatar
    Join Date
    Sep 2007
    Location
    London/Kent
    Posts
    988
    Thank Post
    186
    Thanked 194 Times in 156 Posts
    Rep Power
    46
    Very little info is passed along to websites while browsing, things like OS version, Browser Type&Version, screen resolution & obviously IP address are but MAC address certainly isn't although I guess an activeX script may be able to pull it in some way?

    Games may possibly check the MAC address for copy protection purposes

    As above none of these would be reliable ways to prevent fraud, unusually large/frequent transactions or transactions from other countrys raise alarm bells.

    I hope the BBC aren't paying him much, I'd fear for my job if I let that article get published!

  3. #18

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,139
    Thank Post
    860
    Thanked 2,692 Times in 2,282 Posts
    Blog Entries
    9
    Rep Power
    771

    Re: Corrent me if I'm wrong....but.

    Quote Originally Posted by Pottsey View Post
    I thought some online shops build up a profile up with your local IP and MAC address. Steam for example records your local network card and MAC address doesn’t it? You cannot buy items from a different network card. Out of curiosity when websites build a profile off your PC what info do they store?
    MAC is layer two and does not transition layer 3 boundaries ( routers ) steam may be able to use Mac as it is a local app so it can access the hardware layer, if a browser did that they would probably be brought before several dozen privacy commissioners.

    Sites can grab user agent string, takes is and browser engine, sometimes platform ( but this can be spoofed ), Java ( this time by design ) can leak all sorts like resolution, have version, colour depth etc. Cookies can also be accessed. Using this and browser/plugin fingerprinting you can identify PCs quite well.

  4. #19
    Sdrawkcab's Avatar
    Join Date
    Jan 2011
    Location
    uk
    Posts
    298
    Thank Post
    1
    Thanked 96 Times in 52 Posts
    Rep Power
    49
    Quote Originally Posted by Pottsey View Post
    I thought some online shops build up a profile up with your local IP and MAC address. Steam for example records your local network card and MAC address doesn’t it? You cannot buy items from a different new PC and new network card.
    Your MAC address will never even make it onto the internet. It's best if you think of MAC addressing as a way for the network to know what device to direct your messages to next. So the frame (chunk of data) leaving your PC has your network card as the source MAC and your router as the destination MAC. When it reaches your router, the router changes the frame so that it has the router as the source MAC and the next-hop device (probably another router) as the destination. By the time the data reaches its intended target, the MAC addresses on the frame will have been changed multiple times.

    I would imagine they store a cookie on your machine to identify you primarily, and then use things like time zone/location to back that up. Steam uses a cookie method where it places an encrypted cookie containing a hardware profile of the PC on your machine to identify you after you enter the email verificaion code. I think that's to stop people stealing your cookie and using it to authenticate their own session on the steam store though, I don't think they prevent you from logging in on another machine as long as you enter the correct code from the email verification.

  5. #20

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,135
    Thank Post
    1,908
    Thanked 1,343 Times in 742 Posts
    Blog Entries
    3
    Rep Power
    395
    Quote Originally Posted by AngryTechnician View Post
    Yep, read that myself this morning and before even finishing the article I'd come to the conclusion that it was nonsense. Surely you've learned by now that all technology stories on BBC News are utter tosh?
    Especially the ones 'written' by Rory Cellophane-Jones.........

  6. #21

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740
    Quote Originally Posted by tech_guy View Post
    Especially the ones 'written' by Rory Cellophane-Jones.........
    Can that plonker actually write ? Lordy !!

  7. #22
    Pottsey's Avatar
    Join Date
    Apr 2006
    Location
    Nottinghamsire
    Posts
    759
    Thank Post
    3
    Thanked 52 Times in 42 Posts
    Rep Power
    29
    Quote Originally Posted by Sdrawkcab View Post
    “Steam uses a cookie method where it places an encrypted cookie containing a hardware profile of the PC on your machine to identify you after you enter the email verificaion code.”
    Thanks for the info.

    I was thinking surly part of the hardware profile is the motherboard, network card and MAC address? Even if it’s not being sent across the internet, local hardware is being used to identify computers for some online shops like Steam or Itunes.

    Changing the motherboard and network cards would be more than enough to make the hardware profile invalid. Perhaps the article writer was wrong about the Mac address but I think he was on the right idea that changing the network card and motherboard was what triggered the fraud protection.

  8. #23
    Sdrawkcab's Avatar
    Join Date
    Jan 2011
    Location
    uk
    Posts
    298
    Thank Post
    1
    Thanked 96 Times in 52 Posts
    Rep Power
    49
    Quote Originally Posted by Pottsey View Post
    Changing the motherboard and network cards would be more than enough to make the hardware profile invalid. Perhaps the article writer was wrong about the Mac address but I think he was on the right idea that changing the network card and motherboard was what triggered the fraud protection.
    That's only for each machine though. Steam will allow you to login to multiple machines and will store a seperate cookie on each one. The hardware profile, in this case, is used to prevent malware from stealing the cookie and using it to authenticate another machine (rather than stealing the password to the account and using that to login elsewhere).

    The only time I've ever had something like this happen to me was when I used Tor at a previous job to get around the work firewall and buy something from Amazon. Because the login appeared to come from a totally different geographical location, the bank cancelled my card. I've never had an issue using multiple PCs within the same country though.

  9. #24

    Join Date
    Apr 2006
    Location
    Penzance
    Posts
    44
    Thank Post
    3
    Thanked 22 Times in 18 Posts
    Rep Power
    31
    Quote Originally Posted by mattx View Post
    On this BBC article: BBC News - How hardware hacking (almost) made me a fraudster
    Corrent me if I'm wrong....but.
    *Correct*
    /Pedant.

    They see me trollin'. . . .

  10. Thanks to jbunoomally from:

    Roberto (29th January 2013)

  11. #25

    Miscbrah's Avatar
    Join Date
    Dec 2011
    Posts
    896
    Thank Post
    245
    Thanked 253 Times in 152 Posts
    Rep Power
    114
    ^ Came in to corrent this.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Correct me if I'm wrong with TCP/IP setting for server setup
    By macsit in forum Windows Server 2008 R2
    Replies: 2
    Last Post: 25th January 2012, 11:31 PM
  2. Replies: 1
    Last Post: 22nd May 2011, 05:38 PM
  3. Replies: 14
    Last Post: 7th September 2006, 01:14 PM
  4. If you were me...
    By indiegirl in forum Courses and Training
    Replies: 5
    Last Post: 25th May 2006, 11:44 AM
  5. Just a thought but not sure if its possible ..... ??
    By mac_shinobi in forum How do you do....it?
    Replies: 7
    Last Post: 30th January 2006, 09:05 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •