SecurityWeek – (International) Criminals bypassing sophisticated device fingerprinting with basic tools. Research from Trusteer shows device fingerprinting, - 14 - which is used in fraud detection systems, might be a useless layer of protection after they discovered a manual for bypassing such features being circulated among online criminals. In it, the author explains how to bypass the layered protection found in several fingerprinting systems. The tutorial explains that the usage of commercial VPNs and proxy services will work to defeat the IP protections within the fingerprinting systems, and adds information on how to make sessions from a single system appear as if they originate from different computers, operating systems, and browsers by altering the user agent headers.
Ali Loney, on June 07, 2012