Does Linux OS have a "serial number" ?

[Jesse]

The CPAV spyware the FBI put on all our Firefox browsers grabs the serial
number of the operating system.

Windows has a unique serial number - but - does Linux?

[Bit Twister]

There are a few files which would identify your system depending on
software installed.

If you run dmidecode as root, you can see all sorts of stuff
(Asset Tag, UUID, Serial Number..) identifying your system hardware.

Go to http://browserspy.dk/ and see the easy stuff your browser leaks
to any site you visit.

[Jesse]

On Tue, 06 Aug 2013 01:56:21 +0000, Bit Twister wrote:

> If you run dmidecode as root, you can see all sorts of stuff (Asset Tag,
> UUID, Serial Number..) identifying your system hardware.

Wow. Nasty!

$ sudo dmidecode
...
System Information
Manufacturer: LENOVO
Product Name: 4318CTO
Version: ThinkPad W510
====> Serial Number: R8BB349 <=====
UUID: 9078T131-1839-B051-98YU-GF3262F087732
Wake-up Type: Power Switch
SKU Number: Not Specified
Family: ThinkPad W510
...

[Lin]

On Tue, 06 Aug 2013 01:56:21 +0000, Bit Twister wrote:

> If you run dmidecode as root, you can see all sorts of stuff

Can the FBI spyware run as root on Linux?

[Dan C]

On Tue, 06 Aug 2013 01:56:21 +0000, Bit Twister wrote:

> Go to http://browserspy.dk/ and see the easy stuff your browser leaks to
> any site you visit.

Nothing there of any importance.

Better tighten up your tin-foil beanie a little, boy.


--
"Ubuntu" -- an African word, meaning "Slackware is too hard for me".
"Bother!" said Pooh, as he reinstalled TLX 3.1.
Usenet Improvement Project: http://twovoyagers.com/improve-usenet.org/
Thanks, Obama: http://brandybuck.site40.net/pics/politica/thanks.jpg

[unruh]

That is the serial number of your computer, not of your operating
system.




> ...
>

[Jesse]

On Tue, 06 Aug 2013 03:42:00 +0000, unruh wrote:

> That is the serial number of your computer, not of your operating
> system.

I don't see any serial number for the OS, so, I guess we're safe
on Linux then.

[Bit Twister]

If they can get it installed with root privs, yes. That is what
exploits are about, getting code to run boosting privs or just
stealing information.

Not sure, but dmidecode is just reading some address on the
motherboard to get the information so I see no reason why some other
program could not get the same information.

[David W. Hodgins]

Try "cat /etc/machine-id". It's only created on a clean install, and
since it isn't unusual to create a new install by cloning an old one,
cannot be relied on, to be unique.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

[Richard Kettlewell]

"David W. Hodgins" <dwho...@nomail.afraid.org> writes:
> Try "cat /etc/machine-id". It's only created on a clean install, and
> since it isn't unusual to create a new install by cloning an old one,
> cannot be relied on, to be unique.

‘No such file or directory’.

Things you might try to identify a machine:
- Hardware information: motherboard serial number, MAC addresses,
etc. On some (older?) CPUs, the CPU serial number.
- UUID of / or other filesystems.
- Hash some well-chosen files in /etc and maybe /var.

--
http://www.greenend.org.uk/rjk/

[Jesse]

On Tue, 06 Aug 2013 01:57:00 -0400, David W. Hodgins wrote:

> Try "cat /etc/machine-id". It's only created on a clean install

No such file.

[Jasen Betts]

you mean apart from because it don't have access to that address.

if you want a unique comouter identifier a MAC (ethernet hardware
address) is pretty good, and can be accessed by an ordinary user.

eg: /sbin/ifconfig


--
⚂⚃ 100% natural

--- news://freenews.netfront.net/ - complaints: ne...@netfront.net ---

[Robert Newson]

Seeing as you have access to the source of the Linux Kernel, even if
Linux did, you could modify the part that creates/stores/returns the
serial number to return a random serial number each time it is called.

With Windwos you don't have this luxury, so it is easy for MS to put a
unique serial number into each copy of Windwos (possibly when the
installer does its job).

Relying on a file in the filing system for the serial number is not a
very good idea, for example /dev/null or a named pipe can be easily be
used to replace the file and return null or whatever the program that is
connected to the other end of the pipe wants. (I have [symbolically]
linked .macromedia to /dev/null to avoid their tracking cookies - if
they're not going to pay me for the storage of their data, I'm not going
to allow it. ^_^)

[Jesse]

On Tue, 06 Aug 2013 07:32:54 +0000, Jasen Betts wrote:

> if you want a unique comouter identifier a MAC (ethernet hardware
> address) is pretty good, and can be accessed by an ordinary user.

The MAC address can easily be spoofed by any ordinary user,
although I don't know of an automated tool, which would
be useful to spoof the MAC address randomly upon bootup.

[Jesse]

On Tue, 06 Aug 2013 11:01:11 +0100, Robert Newson wrote:

>> Windows has a unique serial number - but - does Linux?
> Seeing as you have access to the source of the Linux Kernel, even if
> Linux did, you could modify the part that creates/stores/returns the
> serial number to return a random serial number each time it is called.
>
> With Windwos you don't have this luxury, so it is easy for MS to put a
> unique serial number into each copy of Windwos (possibly when the
> installer does its job).

I seem to recall that Windows has a way to "change" your installation
ID.

Do you know if freeware exists to rewrite that unique 25-character
ID upon every reboot?

[Bit Twister]

On Tue, 06 Aug 2013 08:29:52 +0100, Richard Kettlewell wrote:
> "David W. Hodgins" <dwho...@nomail.afraid.org> writes:
>> Try "cat /etc/machine-id". It's only created on a clean install, and
>> since it isn't unusual to create a new install by cloning an old one,
>> cannot be relied on, to be unique.
>
> ‘No such file or directory’.

Yep, distribution specific.
$ cat /etc/machine-id
8729cfc9404c423cb4288f2faca28b35

[unruh]

On 2013-08-06, David W. Hodgins <dwho...@nomail.afraid.org> wrote:
> On Mon, 05 Aug 2013 20:34:11 -0400, Jesse <Je...@email.invalid> wrote:
>
>> The CPAV spyware the FBI put on all our Firefox browsers grabs the serial
>> number of the operating system.
>>
>> Windows has a unique serial number - but - does Linux?
>
> Try "cat /etc/machine-id". It's only created on a clean install, and
> since it isn't unusual to create a new install by cloning an old one,
> cannot be relied on, to be unique.

On what operating system, and if Linux which version? I do not have any
such file.

>
> Regards, Dave Hodgins
>

[John Hasler]

Robert Newson wrote:
> Seeing as you have access to the source of the Linux Kernel, even if
> Linux did, you could modify the part that creates/stores/returns the
> serial number to return a random serial number each time it is called.

Try /var/lib/dbus/machine-id.

In any case it is not a vendor-issued id so it is not traceable. It is
randomly generated at install time. At best it merely tells you that
you are seeing the same system you saw last time. There are many ways
to know that.
--
John Hasler
jha...@newsguy.com
Dancing Horse Hill
Elmwood, WI USA

[Jesse]

On Tue, 06 Aug 2013 07:19:51 -0500, John Hasler wrote:

> Try /var/lib/dbus/machine-id.

$ locate machine-id
/var/lib/dbus/machine-id

$ cat /var/lib/dbus/machine-id
a643bf7f3c3e8dbec25a509203020133

[Jesse]

On Tue, 06 Aug 2013 11:55:31 +0000, unruh wrote:

> On what operating system, and if Linux which version? I do not have any
> such file.

On RHEL6
$ locate machine-id
/var/lib/dbus/machine-id

[Mike Easter]

Jesse wrote:
> The CPAV spyware the FBI put on all our Firefox browsers grabs the serial
> number of the operating system.

The Wired article^1 describes CIPAV as ...

... the code is likely the first sample captured in the wild of the
FBI’s “computer and internet protocol address verifier,” or CIPAV, the
law enforcement spyware first reported by WIRED in 2007.

> Windows has a unique serial number - but - does Linux?

The exploit is aimed at Windows machines and ...

... the malware only targets Firefox 17 ESR, the version of Firefox that
forms the basis of the Tor Browser Bundle –

Other snippages follow ...

... The heart of the malicious Javascript is a tiny Windows executable
hidden in a variable named “Magneto.”

... It looks up the victim’s MAC address — a unique hardware identifier
for the computer’s network or Wi-Fi card — and the victim’s Windows
hostname. Then it sends it to the Virginia server, outside of Tor, to
expose the user’s real IP address, and coded as a standard HTTP web request.

In response to your question which is not related to this exploit, Linux
as an operating system does not have the same kinds of proprietary
identification as Windows uses for such as Windows Product Activation
(matching OS product key with hardware).

The DMI^2 information (from dmidecode) was an earlier framework for
identifying hardware. The organization behind DMI, DMTF has since gone
on to other standards and declared end of life for DMI since 2005
and/but dmidecode now provides SMBIOS^3


^1 http://www.wired.com/threatlevel/2013/08/freedom-hosting/ Feds Are
Suspects in New Malware That Attacks Tor Anonymity

^2 http://en.wikipedia.org/wiki/Desktop_Management_Interface

^3 http://en.wikipedia.org/wiki/SMBIOS


--
Mike Easter

[John Hasler]

Mike Easter writes:
> ... The heart of the malicious Javascript is a tiny Windows executable
> hidden in a variable named “Magneto.”

Also note that this is not something that the FBI "put on all our
Firefox browsers". It's a piece of Javascript malware much like any
other malware and must be installed by way of one of the usual
exploits. It isn't on your machine unless a) the FBI has targeted you
and b) they suckered you into installing it.

[Andy K]

FBI thanks you for providing it. Their server has been down. :-)

I remember an earlier Thinkpad and if you forgot your supervisor bios password you had to pay Lenovo for a new motherboard and hard drive.

What about your model ?

Andy

[Andy K]

Under Linux, browser spy can't make a determination in many categories as compared to Windows.

That's a good thing.

[Mike Easter]

John Hasler wrote:
> Mike Easter writes:
>> ... The heart of the malicious Javascript is a tiny Windows executable
>> hidden in a variable named “Magneto.”
>
> Also note that this is not something that the FBI "put on all our
> Firefox browsers". It's a piece of Javascript malware much like any
> other malware and must be installed by way of one of the usual
> exploits. It isn't on your machine unless a) the FBI has targeted you
> and b) they suckered you into installing it.

Freedom Hosting site has long been associated with child porn.

It is believed that the feds planted/infected the FH site with the
'exposing' CIPAV 'aimed at' the Windows-Tor Browser Bundle-Firefox version.

Thus the 'you' targeted would be those Windows users who were interested
in both privacy (Tor bundle) and the Freedom Hosting site (porn and other).

There is no 'law against' privacy or visiting the FH site, but there is
against child porn trafficking.

The paradox and cleverness of the gambit is the use of the 'privacy' Tor
bundle Firefox version to expose directly to the feds (de-privacy) the
MAC, hostname, and IP address of the infected, while doing nothing else.


--
Mike Easter

[Mike Easter]

That is a nice simple example of use of commandline tools to solve a
specific 'little' problem, such as 'Do I have a machine-id file?' 'Where
is it?' 'What does it say/contain?'


--
Mike Easter

[Lin]

On Tue, 06 Aug 2013 09:52:12 -0500, John Hasler wrote:

> Also note that this is not something that the FBI "put on all our
> Firefox browsers".

Do you think that hackers won't notice?

[Bit Twister]

Yep, read an article several years ago about creating a fingerprint from
browser data and the site gave you a value.
At the time I think my fingerprint was 1 in 150, I tightened down
settings disabled a lot of stuff and my finger print went to 1 in 47.

[David W. Hodgins]

Mageia 3. Should be present on any systemd version of linux.
$ rpm -q --scripts systemd
postinstall scriptlet (using /bin/sh):
/usr/bin/systemd-machine-id-setup > /dev/null 2>&1 || :

[Whiskers]

On 2013-08-06, Jesse <Je...@email.invalid> wrote:

> On Tue, 06 Aug 2013 01:56:21 +0000, Bit Twister wrote:
>

>> If you run dmidecode as root, you can see all sorts of stuff (Asset Tag,
>> UUID, Serial Number..) identifying your system hardware.
>

> Wow. Nasty!
>
> $ sudo dmidecode
> ...
> System Information
> Manufacturer: LENOVO
> Product Name: 4318CTO
> Version: ThinkPad W510
> ====> Serial Number: R8BB349 <=====
> UUID: 9078T131-1839-B051-98YU-GF3262F087732
> Wake-up Type: Power Switch
> SKU Number: Not Specified
> Family: ThinkPad W510
> ...

,---- <http://www.nongnu.org/dmidecode/>
| Beware that DMI data have proven to be too unreliable to be blindly
| trusted. Dmidecode does not scan your hardware, it only reports what the
| BIOS told it to.
`----

In fact, it only reads and decodes a file (probably /dev/mem) so the data
aren't certain to be directly from your BIOS anyway.

--
-- ^^^^^^^^^^
-- Whiskers
-- ~~~~~~~~~~

[Whiskers]

On 2013-08-06, Bit Twister <BitTw...@mouse-potato.com> wrote:

Still available

,---- <http://panopticlick.eff.org/>
| Your browser fingerprint appears to be unique among the 3,210,360 tested so
| far.
`----

Disable 'private browsing' and try again:

,----
| Within our dataset of several million visitors, only one in 1,070,125
| browsers have the same fingerprint as yours.
`----

Hmmm.

[Bit Twister]

Looking like they have a much bigger database since I checked last.
Test results table is new.

cookies on = one in 1,070,185 browsers have the same fingerprint as yours.
cookies off = one in 1,605,285 browsers have the same fingerprint as yours.

I am impressed
User Agent 94428.65 Linux x86_64 Firefox/23.0

[David W. Hodgins]

I get ...
Your browser fingerprint appears to be unique among the 3,211,052 tested
so far. I'm using opera 12.16, Mageia 3 x86_64, with java/javascript on.

[Cecil Westerhof]

Op dinsdag 6 aug 2013 23:28 CEST schreef Whiskers:

>> Yep, read an article several years ago about creating a fingerprint
>> from browser data and the site gave you a value. At the time I
>> think my fingerprint was 1 in 150, I tightened down settings
>> disabled a lot of stuff and my finger print went to 1 in 47.
>
> Still available
>
> ,---- <http://panopticlick.eff.org/>
> | Your browser fingerprint appears to be unique among the 3,210,360
> | tested so far.
> `----
>
> Disable 'private browsing' and try again:
>
> ,----
> | Within our dataset of several million visitors, only one in
> | 1,070,125 browsers have the same fingerprint as yours.
> `----
>
> Hmmm.

One identification are your fonts. You can get rid of that with
enabling click-to-play.

But the following still give a lot of information:
- browser plugin details
- user agent
- http_accept headers

How can the first be disabled and to what should the other two be set?

--
Cecil Westerhof
Senior Software Engineer
LinkedIn: http://www.linkedin.com/in/cecilwesterhof

[Jesse]

On Wed, 07 Aug 2013 00:31:26 -0400, David W. Hodgins wrote:

> Your browser fingerprint appears to be unique among the 3,211,052 tested
> so far. I'm using opera 12.16, Mageia 3 x86_64, with java/javascript on.

I'm surprised, but mine is unique also:
Your browser fingerprint appears to be unique among the 3,212,220 tested so far.

It's Firefox, on Linux, but other than that, I have no idea WHY mine
would be different than anyone elses'.

[Java Jive]

Quite revealing and interesting, but ... As geo-location is disabled,
it relies on IP to detect where I am ... Not bad really, I suppose,
at least it got the next continent along :-)

On Tue, 6 Aug 2013 01:56:21 +0000 (UTC), Bit Twister
<BitTw...@mouse-potato.com> wrote:
>
> Go to http://browserspy.dk/ and see the easy stuff your browser leaks
> to any site you visit.

--
=========================================================
Please always reply to ng as the email in this post's
header does not exist. Or use a contact address at:
http://www.macfh.co.uk/JavaJive/JavaJive.html
http://www.macfh.co.uk/Macfarlane/Macfarlane.html

[John Hasler]

Jesse writes:
> I'm surprised, but mine is unique also:
> Your browser fingerprint appears to be unique among the 3,212,220 tested so far.

> It's Firefox, on Linux, but other than that, I have no idea WHY mine
> would be different than anyone elses'.

Try it again with javascript disabled.

In any case if this concerns you it is probably better to make your
"fingerprint" change frequently than to try to minimize it.

[John Hasler]

Java Jive writes:
> As geo-location is disabled, it relies on IP to detect where I am

Internet geolocation does rely on IP number.

> Not bad really, I suppose, at least it got the next continent along

IP geolocation is not very reliable.

[Jesse]

On Wed, 07 Aug 2013 09:38:02 -0500, John Hasler wrote:

> Try it again with javascript disabled.

That's interesting!

http://panopticlick.eff.org/index.php?action=log&js=yes
vs
http://panopticlick.eff.org/index.php?action=log

With javascrpt:

unique among the 3,212,220 tested

Without javascript:
Only one in 615,356 browsers have the same fingerprint

[Bernard Peek]

On 06/08/13 01:34, Jesse wrote:
> The CPAV spyware the FBI put on all our Firefox browsers grabs the serial
> number of the operating system.
>
> Windows has a unique serial number - but - does Linux?
>

If you have a network card it copies the Mac address which is supposed
to be unique.


--
Bernard Peek
b...@shrdlu.com

[Richard Kettlewell]

Bernard Peek <b...@shrdlu.com> writes:
> If you have a network card it copies the Mac address which is supposed
> to be unique.

Although occasionally you find a vendor who needs reminding of that:

https://www.google.co.uk/search?q=%2200:50:43:00:45:3e%22

--
http://www.greenend.org.uk/rjk/

[Whiskers]

That could be a bit disheartening for Opera Software; the browser I was
using is DWB on Arch Linux i686 with javascript off and the default user
agent string "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.6+ (KHTML, like
Gecko) Chromium/23.0.1271.95 Chrome/23.0.1271.95 Safari/537.6+
dwb/2013.03.30".

Repeating the test just now, I get

,----
| Within our dataset of several million visitors, only one in 803,322

| browsers have the same fingerprint as yours.
`----

which is a remarkably rapid decrease in uniqueness. I wouldn't have
expected DWB to be so widely used.

[Allodoxaphobia]

On Wed, 07 Aug 2013 09:38:02 -0500, John Hasler wrote:

> Jesse writes:
>> I'm surprised, but mine is unique also:
>> Your browser fingerprint appears to be unique among the 3,212,220 tested so far.
>
>> It's Firefox, on Linux, but other than that, I have no idea WHY mine
>> would be different than anyone elses'.
>
> Try it again with javascript disabled.
>
> In any case if this concerns you it is probably better to make your
> "fingerprint" change frequently than to try to minimize it.

That was my "think". Start your browser with a script that _first_
fiddles with your UA string ever so slightly -- like inserting a small
chunk of the least significant part of the unix timestamp as an
'element' of the UA -- or something of that ilk. Or, rotate, insert,
add, delete other features of the browser on each start up.

Paranoia -- it's good for thread depth.

Jonesy