Firefox sends your uptime

Mike Perry mikeperry at fscked.org
Sun Apr 20 04:05:23 UTC 2008


Thus spake .FUF (fuf at itdefence.ru):

> Mozilla Firefox sends your computer's uptime while establishing TLS
> (SSL) connection. This could be used to correlate anonymous traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
> values (or to search the originator of anonymous traffic by correlating
> uptime values from TCP timestamps in GNU/Linux and some other operating
> systems).
> 
> Tested with latest Firefox versions (including Betas) on Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux box due to
> some patches...
> 
> Details:
> 
> RFCs 2246, 4346 describe following structure (part of TLS Client Hello
> packet):
> 
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> 
> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in UNIX format.

Incidentally, this was filed as Firefox Bug 
https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
in the 3.0 branch. I requested backport into FF2.0.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080419/f9f1cc52/attachment.pgp>


More information about the tor-talk mailing list