is this even remotely possible?

newfolder

a programmer is claiming that he can get the h.d.d firmware of a website visitor, via php only (no java applet, no activex, no user prompts to install anything) and then can use that info to track that unique pc across the website whenever it visits in the future, or even to ban it permanently.

my question is, is this possible using just php as he claims? or is he lying?

he claims to have it installed as a ban system on a chat room, i'll post the url when he gives it to me.

dagon

newfolder;10908684 wrote:
my question is, is this possible using just php as he claims? or is he lying?

no, yes

bradgrafelman

"Just PHP" ? No. Using client-side technologies, yes. I don't know that he means "firmware" but rather the hard drive serial number.

Note that your hard drive serial number can easily be changed, however, to anything you'd like using free programs out on the web. 😉

Krik

Note that your hard drive serial number can easily be changed, however, to anything you'd like using free programs out on the web.

While the HD serial number is kind a superficial way to track a person I would guess that if you really need to block a user you could use a similar client-side technology to get an ether net (network) cards MAC address (and/or your routers or modems MAC address) which is unique and cannot be changed, outside of buying a new one.

But I am certain PHP couldn't do this. But a client-side technology could but that would require the user to allow it. And if a user is willing to just clicks to accept that kind of thing I suspect there system is so plagued with viruses they are barely functional.

dagon

usuall teen hacker wana be BS,

"I can Haxor your microwave to bring down satellites"

newfolder

dagon;10908736 wrote:
usuall teen hacker wana be BS,

"I can Haxor your microwave to bring down satellites"

yup, I'm as skeptical as you are, but apparently this guy has promised to show me a working demo of aforementioned mystical wizardry in action ....

chances are he is BS'ing .... will probably be required to install an activex, or as an extreme case, uses some sort of common exploit/vulnerability in the browser. I'll let you guys know what happens.

Btw, I think PunkBuster uses a system similar to this for banning people, no?

bradgrafelman

Krik wrote:
ether net (network) cards MAC address (and/or your routers or modems MAC address) which is unique and cannot be changed, outside of buying a new one.

Eh, not quite - you can still spoof/"emulate" a MAC address with most drivers. Ditto for routers - they usually have an option of using its internal MAC, your computer's MAC, or a different one you specify.

newfolder wrote:
Btw, I think PunkBuster uses a system similar to this for banning people, no?

I can't remember the specifics at the time, but yes, PB does use some hardware ID's to do PB bans across servers.

Kudose

A default windows xp installation will let me change the MAC address of my wifi card right in the card properties section.