Benedikt Wolters

Last week I was watching an old DEFCON 18 Talk [slides,paper] by Peter Eckersley, the maker of Panopticlick.

I find this idea very interesting. Furthermore, I thought what other characteristics are there to identify a user by its browser. Beneath a lot of other ideas, I was thinking about a Adobe Piracy Detection. It’s a well-known fact that many “cracks” simply redirect the DNS A-record of ”activate.adobe.com” to the loopback device 127.0.0.1 to circumvent activation.

However, since there is the same-origin-policy in effect, it is not possible to directly check whether the DNS record has been changed in the browser. Nevertheless, I found a way to circumvent this with pure javascript. In this spechial case the JBOSS Server at activate.adobe.com delivers a favicon.ico. Allthough the image is a 0-byte file and thereby corrupt it does not generate a HTTP Timeout, but a 200 OK. Since there is the possibility to include this “fake”-image into an img-tag and check with javascript whether it has been loaded or not. If not there is a high, but certainly not distinct, way of predict of whether the DNS record has been overwritten.

Furthermore, there is the possibility that the user might be running a webserver that coincidentilly is running a webserver which has a favicon.ico. A simple way to avoid this is to check whether the browser has adjusted the width of the image or not. In case of the “valid” favicon.ico it must be 0.

I’ve implemented a proof-of-concept code that seems to work in Firefox and Chrome.

IMHO: This will open the door for all kinds of scamming. And it should not be able to access properties of elements from different origins. However fixing this will obviously break a lot of thinks, like image CDNs. I think the web is just broken. Obviously the motiviation for Adobe to change their server configuration will be low.

In the past weeks -besides my ongoing bachelor thesis- i’ve fiddled a bit with canvas and some basic frequency animations. This are the results: Starscape Particle Animation

Lissajous Curves Tracer

Since i’ve switched to a tiling window manager i3 and i like to watch documentaries or longer videos while working i was looking for an extension that reopens a yt video on a new window and resizes it to window width and height. So I can watch youtube videos while working.

I’ve published the extension in the Chrome Web Store

Future versions will also carry the timecode to the new window. The code can be found on GitHub.

Currently i’m trying to learn the english keyboard layout. I’ll find that it is much more convenient to program with this layout since most of the programming languages were designed for this keyboard layout. Also for programs like vim the default shortcuts come in handy with this layout.

But since i’m used to the german layout since the beginning of time, it’s a major change, mainly for finding the new places for spechial characters like [ and ' and the different locations of y/z. Also it has taken a while to write umlauts in their extended version. It is also really hard to get used to some keybindings that are deeply engraved into muscle memory like CTRL+z. I was looking for a tool specificly designed for switchers, but did not found anything useful - at least for my purposes. Hence, I took a few hours to write this pen.

It features basic training and also re-typing wikipedia lessons. Since it was kind of a quick-and-dirty tool intended for personal use only it does not claim to be finished. Feel free to fork and optimize!

Update: I moved this pen to Heroku.