Can Fingerprinters see my BIOS?

[Mark212]

If I visit your website, is it possible for you to view the stuff that's in the BIOS of my PC?
Like, for example, the "HDD Serial number" and/or the "System UUID" look like pretty unique identifiers.
IF you can see such items, then you wouldn't need to bother with anything else, like installed fonts, or Canvas tests.
Just wondering.
Thanks.
Mark212

[Ochnö]

Makes sense for spear fishing,but not really for tracking

https://www.schneier.com/blog/archives/ ... cking.html

https://www.darknet.org.uk/2006/09/remo ... ckhacking/

https://www.wired.com/2015/03/researche ... g-systems/

for a non high value target,too much effort

The same with this on mac os.
Nice chain

CoreTypes
Impact: Processing a maliciously crafted webpage may result in the mounting of a disk image

Disk Images
Impact: Mounting a malicious disk image may result in the launching of an application

CoreFoundation
Impact: An application may be able to gain elevated privileges

LaunchServices
Impact: A maliciously crafted application may be able to bypass code signing enforcement

they closed it with the last update...hopefully it's really closed

https://support.apple.com/en-us/HT208692

[Mark212]

WOW. Thanks Very Much for the reply, Ochno.
I read completely all 4 of those links. VERY interesting stuff… especially the Schneier blog post.
So, if I understand correctly, the bottom line is…
Yes, somebody Could see details that are in my BIOS, but they probably wouldn't bother to do it?
Well, I can agree with that… ONLY when the websites use these "fingerprinting" tactics for marketing purposes.
The project that I'm working on involves using a bot to scrape data from a website that doesn't want me to scrape their data.
And this website/company has Lots of money to hire very high-tech programmers for any possible scenario.
Thus, the website probably Would consider going to certain lengths to stop me.

I don't understand why you mentioned the CoreTypes, Disk Images, CoreFoundation, and LaunchServices.
What's the relevance of those sentences? Do they apply only to Mac OS?
Maybe that's irrelevant here… I'm using Windows 7 SP1.

Thanks for the conversation.

[Ochnö]

1.Your question was general,so I added one example for MAC,because the"believers" always think they are absolutely safe
Was too lazy to look for something for the pinguin Pretty sure someone can find something.

2.Again-not for advertising and selling things!
If a company does something like this and they get caught-they end up bankrupt and in prison for 25 years minimum!
THIS is 'blackhat"work from its finest!
So,who can do it,without ending in prison(if caught)-all agencies like NSA,CIA,FBI and so on.

3.Today every browser is so complicatet-in former times you could have build on that amount of code a whole OS-so there are holes by accident,but sadly also by purpouse.

It's nearly forgotten nowadays...never ever allow your browser the use of scripting,like JS,flash,JAVA and so on.
It got more tricky.because all browser are too much blown up with "features"wich makes them vulnarable.

btw. you got a credit\debit card?
you buy online?
you have a mortgage?

Answer one question with "yes"-"THEY"now already everything about you and more that you know about yourself

[Mark212]

1. Yes, my original question was pretty General, and I understand that Real anonymity is (maybe?) Impossible.
What's "pinguin"? Or, are you referring to some Linux OS?
2. Say What?! Basically, a "company getting caught doing THIS is Blackhat / in Serious Trouble."
Are you referring to the Scraping that I want to do, or the Fingerprinting that they would do?
Regardless,… Either way, I wish to politely disagree...
Scraping; Many companies blatantly do it… even Google.
Fingerprinting; Many More companies do it, to determine who visits their website.
WHAT are you thinking is even close to Blackhat in this scenario?
BTW, I'm certainly Not wanting to scrape data From any of the feared 3-letter agencies.
3. I would VERY MUCH APPRECIATE our continuing this conversation via PM. Are you OK with that?
IF this project succeeds, your time and expertise could be well-rewarded.
Mark212

[Ochnö]

Fingerprinting is !=getting in someones BIOS!
Getting into someones BIOS is done by cracking which is in the law computer sabotage.25 years or more(US),because law inforcement agencies will not make any difference if you are only hacking(no damage,no stealing)-they see it always as cracking

Fingerprinting=collecting data that differs a bit,or using cookies,tracking pics 1x1 pixels size and so on and loking where ist shows up again(very simple explanation).Then used with supercomputer to get a "picture"of this person.Something like facebook(Cambridge used it),google and other do.
Google right now offers an api which makes browsing faster-but(!)every request is going via google,so they get more data
Sadly THIS still allowed by law...and NO goverment is interested or willing to change this!

WHAT are you thinking is even close to Blackhat in this scenario?

port scanning,pen testing,code injection in a request

a lot of companies threatend,or sued people which found out that the company had security problems with their server\webpage

even crawler some companies won't like (if they find out) but this is a grey area. Can't tell what the law would say in your country

good luck with your project

over and out

[Mark212]

OK, Ochnö, I assume that your "over & out" means you do not want to continue the conversation.
Bummer.
I'll respect that, but IF you might change your mind on that, Please Do contact me.
Thanks for the info that you Did give.

[beryfarnandas]

To check your BIOS for biometric support and enable it: Press the Power button to start the computer, and press the F10 key to open the BIOS setup utility. Under System Configuration, look for a Biometric Device option; if it exists, enable it. Press F10 to save this setting and restart the computer.