Reply
New User
RasputinAXP
Posts: 4
Registered: ‎11-29-2010
0 Kudos

Nook Color http user-agent string

This may not be the best place, but this is a major issue for network administrators. The Nook Color browser identifies itself with the following User-Agent string:


Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

I work on a college campus, and the Nook Color does not pass our security measures because it identifies itself as a Mac OS X desktop. This is simply unacceptable. The Nook originally identified itself as nook browser 1.0 which was perfectly acceptable because it did NOT masquerade as a desktop operating system. It doesn't do WPA Enterprise, but at least it identifies properly.

 

Fortunately, the Nook Color supports WPA Enterprise, and connects to our wireless network with no issues. Our campus management system allows devices onto the network based on what the User-Agent string sends it and in this case instead of passing it through as a Linux-based OS, it attempts to send the Macintosh scanning software to the device, and obviously fails.

 

As I mentioned above, this is a HUGE network administration nightmare. Our B&N Campus Bookstore location opens on Wednesday, and this is going to be an even bigger problem once kids get their hands on the Nook Color and bring them home to their dorm rooms only to find they're somehow on a Mac.

 

HELP PLEASE!

New User
RasputinAXP
Posts: 4
Registered: ‎11-29-2010
0 Kudos

Re: Nook Color http user-agent string

Sadly I got a delayed, canned response from Support. *sigh*

New User
victorbos
Posts: 2
Registered: ‎01-05-2011
0 Kudos

Re: Nook Color http user-agent string

I agree with you; additionally, this is equivalent to "deceptive advertising". 

 

On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

 

The browser info I get from my nook color browser is this:

 

  • Browser CodeName: Mozilla

 

  • Browser Name: Netscape

 

  • Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

  • Cookies Enabled: true

 

  • Platform: Linux armv71

 

  • User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

Inspired Scribe
riffrafff
Posts: 1,581
Registered: ‎12-27-2010
0 Kudos

Re: Nook Color http user-agent string

Have them switch to mobile mode, perhaps?

 

Mozilla/5.0 (Linux; U; Android 2.1; en-us; LogicPD Zoom2 Build/ERD79) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/

 

 

 

COME...to the Dark Side.

We have cookies.
Inspired Contributor
withfeeling
Posts: 756
Registered: ‎11-16-2010
0 Kudos

Re: Nook Color http user-agent string

Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.

Inspired Wordsmith
donc13
Posts: 1,064
Registered: ‎04-22-2010
0 Kudos

Re: Nook Color http user-agent string


victorbos wrote:

I agree with you; additionally, this is equivalent to "deceptive advertising". 

 

On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

 

The browser info I get from my nook color browser is this:

 

  • Browser CodeName: Mozilla

 

  • Browser Name: Netscape

 

  • Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 

  • Cookies Enabled: true

 

  • Platform: Linux armv71

 

  • User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

 


And tell me...what is "deceptive" about the NC's advertising?    I see nothing about it have a specific UA string?

 

 

---------
Don
New User
victorbos
Posts: 2
Registered: ‎01-05-2011
0 Kudos

Re: Nook Color http user-agent string

You're so right. Its AOK.  Thanks.

New User
RasputinAXP
Posts: 4
Registered: ‎11-29-2010
0 Kudos

Re: Nook Color http user-agent string

 


withfeeling wrote:

Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.


 

You're right. It's not the entirety of the security strategy, though; it only selects which security policies are needed for each operating system.

 

The issue is that it's being offered an incorrect security policy when it presents itself as a completely different operating system. The scan software for Mac OS X doesn't run on Android.

Inspired Contributor
withfeeling
Posts: 756
Registered: ‎11-16-2010
0 Kudos

Re: Nook Color http user-agent string

Does the alternative string, when the v1.0.1 browser is set for "Mobile", that self-identifies as Android 2.1 help you?

New User
RasputinAXP
Posts: 4
Registered: ‎11-29-2010
0 Kudos

Re: Nook Color http user-agent string

Yes, because it identifies as Linux, which loads the proper security scan.

 

Unfortunately it involves an extra step of telling the user to schlep through menus when it could have been taken care of by simply offering the correct underlying operating system.

 

Now that the option's exposed without About:smileyvery-happy:ebug being required, I can at least write up documentation for it, and hopefully they'll read it.

 

 

New User
DavidLeslie
Posts: 1
Registered: ‎05-24-2011
0 Kudos

Re: Nook Color http user-agent string

Good idea but it won't help a default user.

 

Aside from security, there is a functionality issue here. Any site using a mobile browser detection script will treat the Nook as a desktop browser.

 

I wonder if the UAS was set this way for some techincal reason or if this was a mistake with the WebKit build B&N used?

New User
RidleyWalker
Posts: 4
Registered: ‎08-11-2011
0 Kudos

Re: Nook Color http user-agent string

While I agree that this is not really a security issue (that is, that any security based on user-agent strings is problematic), this is a significant problem: Right now, the Nook is indentifying itself as a desktop browser, and it's not.

 

Why is that a problem? Consider drop-down menues: Most are designed to work with hover states, not click states. You hover over an item and its associated menu drops down, hover over a child and its submenus pop out, etc, until you find and click on the one you want.

 

Obviously this won't work with touch screens (where touching is hovering), unless your drop-down code somehow detects the touch screen, which is harder than it sounds  -- can't reliably do it by any of the traditional best-practice methods of feature detection, so you end up having to write code that is at some level keyed to user agent strings.

 

Given that the Nook identifies itself as a Mac, you don't have a way to accommodate drop-down menus on the Nook.

 

Switching to mobile is not a viable option for most users, because that means you get the mobile version of the website on many high-end sites. That's a bit of a problem for a rich-display device like the Nook.

New User
Muff-Diver
Posts: 2
Registered: ‎08-17-2013
0 Kudos

Re: Nook HD+ in 2013 JavaScript navigator.userAgent

As of 2013, the NOOK HD+ reports the following, using the site http://demo.mobiledetect.net :

 

Mozilla/5.0 (Linux; Android 4.0.4; BNTV600 Build/IMM76L) AppleWebKit/537.36 (KHTML, like Gecko) Chome/28.0.1500.94 Safari/537.36)

 

Unfortunately, it doesn't appear that any unique ident is available for this particular device, making it difficult for web designers to custom-code scripts and CSS for this particular device.