8 Replies Latest reply on Aug 17, 2013 6:11 PM by Muff-Diver

    Nook Color http user-agent string

      This may not be the best place, but this is a major issue for network administrators. The Nook Color browser identifies itself with the following User-Agent string:


      Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

       

      I work on a college campus, and the Nook Color does not pass our security measures because it identifies itself as a Mac OS X desktop. This is simply unacceptable. The Nook originally identified itself as nook browser 1.0 which was perfectly acceptable because it did NOT masquerade as a desktop operating system. It doesn't do WPA Enterprise, but at least it identifies properly.

       

      Fortunately, the Nook Color supports WPA Enterprise, and connects to our wireless network with no issues. Our campus management system allows devices onto the network based on what the User-Agent string sends it and in this case instead of passing it through as a Linux-based OS, it attempts to send the Macintosh scanning software to the device, and obviously fails.

       

      As I mentioned above, this is a HUGE network administration nightmare. Our B&N Campus Bookstore location opens on Wednesday, and this is going to be an even bigger problem once kids get their hands on the Nook Color and bring them home to their dorm rooms only to find they're somehow on a Mac.

       

      HELP PLEASE!

        • Re: Nook Color http user-agent string

          Sadly I got a delayed, canned response from Support. *sigh*

            • Re: Nook Color http user-agent string

              I agree with you; additionally, this is equivalent to "deceptive advertising". 

               

              On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

               

              The browser info I get from my nook color browser is this:

               

              • Browser CodeName: Mozilla

               

              • Browser Name: Netscape

               

              • Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

               

              • Cookies Enabled: true

               

              • Platform: Linux armv71

               

              • User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

               

                • Re: Nook Color http user-agent string

                  victorbos wrote:

                  I agree with you; additionally, this is equivalent to "deceptive advertising". 

                   

                  On my nook color, purchased just a few days ago, I cannot connect the web browser to an HTTPS site and I think it is related to what you talking about. Whoever built the browser for the nook color has missed some important attributes. (Or they just "borrowed" someone elses browser code!). 

                   

                  The browser info I get from my nook color browser is this:

                   

                  • Browser CodeName: Mozilla

                   

                  • Browser Name: Netscape

                   

                  • Browser Version: 5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

                   

                  • Cookies Enabled: true

                   

                  • Platform: Linux armv71

                   

                  • User-agent header: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7;en-us) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Safari/530.17

                   


                  And tell me...what is "deceptive" about the NC's advertising?    I see nothing about it have a specific UA string?

                   

                   

              • Re: Nook Color http user-agent string

                Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.

                  • Re: Nook Color http user-agent string

                     


                    withfeeling wrote:

                    Frankly, I would question the utility of any security strategy based on a text string from a user-mode program that can be trivially spoofed. In many browsers this string is at-least partially selectable by the user.


                     

                    You're right. It's not the entirety of the security strategy, though; it only selects which security policies are needed for each operating system.

                     

                    The issue is that it's being offered an incorrect security policy when it presents itself as a completely different operating system. The scan software for Mac OS X doesn't run on Android.

                  • Re: Nook Color http user-agent string

                    While I agree that this is not really a security issue (that is, that any security based on user-agent strings is problematic), this is a significant problem: Right now, the Nook is indentifying itself as a desktop browser, and it's not.

                     

                    Why is that a problem? Consider drop-down menues: Most are designed to work with hover states, not click states. You hover over an item and its associated menu drops down, hover over a child and its submenus pop out, etc, until you find and click on the one you want.

                     

                    Obviously this won't work with touch screens (where touching is hovering), unless your drop-down code somehow detects the touch screen, which is harder than it sounds  -- can't reliably do it by any of the traditional best-practice methods of feature detection, so you end up having to write code that is at some level keyed to user agent strings.

                     

                    Given that the Nook identifies itself as a Mac, you don't have a way to accommodate drop-down menus on the Nook.

                     

                    Switching to mobile is not a viable option for most users, because that means you get the mobile version of the website on many high-end sites. That's a bit of a problem for a rich-display device like the Nook.

                    • Re: Nook HD+ in 2013 JavaScript navigator.userAgent

                      As of 2013, the NOOK HD+ reports the following, using the site http://demo.mobiledetect.net :

                       

                      Mozilla/5.0 (Linux; Android 4.0.4; BNTV600 Build/IMM76L) AppleWebKit/537.36 (KHTML, like Gecko) Chome/28.0.1500.94 Safari/537.36)

                       

                      Unfortunately, it doesn't appear that any unique ident is available for this particular device, making it difficult for web designers to custom-code scripts and CSS for this particular device.