Interesting...thought this was ALREADY possible...

How to track a PC anywhere it connects to the Net --Anonymous Internet access is now a thing of the past. A doctoral student at the University of California has conclusively fingerprinted computer hardware remotely, allowing it to be tracked wherever it is on the Internet.

www.legitgov.org

Seems to me that if you buy your computer w/ cash no one is going to know anything:)

But, it's very hard to surf anonymously...Especially if you visit personal sites, check email addresses that are linked to you, etc.

And you're right, I thought this was already done w/ CPU ID's?

This method works on all computers, whether they have a CPU ID or not. And it seems to work whatever IP number you're using (including proxies, etc).

they dont neccessarily know its you, but once they do they can id you anywhere, just like your firngerprint cant id you until they can connect the print to the name

Wasn't able to find it in www.legitgov.org .
The assertion seems difficult to believe in full generality.

:scared:

Here's a direct link: http://www.zdnet.com.au/news/security/0,2000061744,39183346,00.htm

Looks awful.

:scared::scared:

:scared:

It helps explain the concept and has a pretty decent article.
http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=102&topic_id=1284300

Hopefully there is software between the clock and what creates the information, so software could be written to introduce noise to disguies the clock skew.

Someone will tie spread spectrum network clocking into the Linux kernel in short order. Everyone running an off-the-shelf OS really cannot be seriously worried enough about security that this will make any difference whatsoever to them. If spyware comanies can 0wn you the NSA could years before.

In this case, since it was part of a doctoral dissertation, we get to know the details - so it'll be possible to come up with an antidote.

But for all we know the government (or anyone else) can modify the code without letting anyone know. The article makes it clear that the computer being tracked has no way of finding out. In fact, this may be happening already.

:party:

:) :toast: :party: :hippie: :smoke: :wow:

:toast: :hi:

Most people don't conceal their addresses in any way that would require these advanced techniques. We've been able to trace past firewalls/NATs with paratrace and to fingerprint operating systems for several years now. It is not very hard at all to figure out what IP sessions belong to what machines with these trivial methods -- this advanced stuff is simply not required to track your average internet user.

The only people that need to be concerned about these new techniques are people who have a high level of technical expertise and have been trying to conceal their sessions. Such people already know what to do about this, and if they were competant about it they wouldn't have been sourcing their traffic from the same IP stack to begin with. In fact, they would likely be using someone else's machine. Perhaps your desktop, even, to source IP packets.

If they haven't been competant about it, once they read this article they will simply discard their computers and get new ones.

this doesn't make a bit of difference. Have you ever bought something online? Do you use your ISP provided e-mail account? You are so easily tracked online it's not even funny. How do you think the RIAA tracked all those downloaders they sued? Want to know how easy it is to track someone on the web? Check out this link. http://www.e-spy-software.com/ For 40 bucks you can track the keystrokes of any computer connected to the internet. The keystrokes. 40 bucks. There is no privacy on the web for the average computer user.

**edit** BTW that I-Spy software was sort of mentioned in the article, it's basically what the FBI was doing with Carnivore. Tracking what people were typing while on the net. 10 years ago it was high tech top secret stuff, now you can buy it on the net for 40 bucks. :eyes:

Someone has to install the keylogging software on the remote computer. The program can send an e-mail with the installer attached, but the receiver has to be dumb enough to open the attachment. And the remote version costs $90 rather $40 (not that it makes a big difference).

I cannot understand how this can be legal except under some heavily regulated exceptional situations.

Trust me, if your computer is of the variety that "I Spy" works on, someone knows how to install similar software without your knowlege or even participation. The only stupid thing you have to do to expose yourself to keystroke logging is to run an sufficiently insecure system, like 90+ percent of your fellow Internet users do today. Let's not even get into the insecurity of mobile gadgets, people pay even less attention to that, and for all they know their cell phone may allow the battery to be overloaded and spark a nice 4am bedroom fire remotely.

People don't care. They say they do, but they really don't.

A computer is only secure when it is powered off, unplugged, and preferably locked in a safe. What you could buy yourself by using a more secure operating systems is only to restrict the level of expertise required to compromise your system. These days, by my estimate, a fully patched and up-to-date Windows system is relatively safe from curious high-school kids 340 days out of the year, whereas it is probably never safe from organized crime and definitely not safe from governments.

Only people who seriously know what they are doing can harden their systems to the point of invulnerability, and to do so they must limit their own functionality, a sacrifice most users wouldn't be willing to make even if they knew how.

is to track the geographical location, and possibly the ISP name.

If this guy has cracked it to an address, there's going to be a boom in hosting companies. Buy stock.

I doubt if he'll be able to do much with dynamic addresses, though.

He's linked it to the actual hardware. You could be using multiple dynamic addresses and even various tunnels and he'd still be able to tell all the packets were coming from you. The only way to avoid it would be to pass out of IP inside someone else's box, change sockets in a daemon, and come back up through the zombie's IP stack to start a new session where the timestamps bear the clock skew signature of the zombie.

Since most illicit users launch their attacks from compromised computers and do not tunnel IP through them, though, they are safe.