--- US-CERT Security Tips <security-tips@xxxxxxxxxxx> wrote: > Date: Wed, 13 Apr 2005 15:35:07 -0400 > From: US-CERT Security Tips <security-tips@xxxxxxxxxxx> > To: security-tips@xxxxxxxxxxx > Subject: US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You? > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > Cyber Security Tip ST05-008 > How Anonymous Are You? > > You may think that you are anonymous as you browse web sites, but > pieces of information about you are always left behind. You can > reduce > the amount of information revealed about you by visiting legitimate > sites, checking privacy policies, and minimizing the amount of > personal information you provide. > > What information is collected? > > When you visit a web site, a certain amount of information is > automatically sent to the site. This information may include the > following: > * IP address - Each computer on the internet is assigned a > specific, > unique IP (internet protocol) address. Your computer may have a > static IP address or a dynamic IP address. If you have a static > IP > address, it never changes. However, some ISPs own a block of > addresses and assign an open one each time you connect to the > internet--this is a dynamic IP address. You can determine your > computer's IP address at any given time by visiting > www.showmyip.com > * domain name - The internet is divided into domains, and every > user's account is associated with one of those domains. You can > identify the domain by looking at the end of URL; for example, > .edu indicates an educational institution, .gov indicates a US > government agency, .org refers to organization, .com is for > commercial use. Many countries also have specific domain names. > The list of active domain names is available at > http://www.iana.org/domain-names.htm or > http://www.norid.no/domenenavnbaser/domreg.html. > * software details - It may be possible for an organization to > determine which browser, including the version, that you used to > access its site. The organization may also be able to determine > what operating system your computer is running. > * page visits - Information about which pages you visited, how long > you stayed on a given page, and whether you came to the site from > a search engine is often available to the organization operating > the web site. > > If a web site uses cookies, the organization may be able to collect > even more information, such as your browsing patterns, which include > other sites you've visited. If the site you're vising is malicious, > files on your computer, as well as passwords stored in the temporary > memory, may be at risk. > > How is this information used? > > Generally, organizations use the information that is gathered > automatically for legitimate purposes, such as generating statistics > about their sites. By analyzing the statistics, the organizations can > better understand the popularity of the site and which areas of > content are being accessed the most. They may be able to use this > information to modify the site to better support the behavior of the > people visiting it. > > Another way to apply information gathered about users is marketing. > If > the site uses cookies to determine other sites or pages you have > visited, it may use this information to advertise certain products. > The products may be on the same site or may be offered by partner > sites. > > However, some sites may collect your information for malicious > purposes. If attackers are able to access files, passwords, or > personal information on your computer, they may be able to use this > data to their advantage. The attackers may be able to steal your > identity, using and abusing your personal information for financial > gain. A common practice is for attackers to use this type of > information once or twice, then sell or trade it to other people. The > attackers profit from the sale or trade, and increasing the number of > transactions makes it more difficult to trace any activity back to > them. The attackers may also alter the security settings on your > computer so that they can access and use your computer for other > malicious activity. > > Are you exposing any other personal information? > > While using cookies may be one method for gathering information, the > easiest way for attackers to get access to personal information is to > ask for it. By representing a malicious site as a legitimate one, > attackers may be able to convince you to give them your address, > credit card information, social security number, or other personal > data (see Avoiding Social Engineering and Phishing Attacks for more > information). > > How can you limit the amount of information collected about you? > > * Be careful supplying personal information - Unless you trust a > site, don't give your address, password, or credit card > information. Look for indications that the site uses SSL to > encrypt your information (see Protecting Your Privacy for more > information). Although some sites require you to supply your > social security number (e.g., sites associated with financial > transactions such as loans or credit cards), be especially wary > of > providing this information online. > * Limit cookies - If an attacker can access your computer, he or > she > may be able to find personal data stored in cookies. You may not > realize the extent of the information stored on your computer > until it is too late. However, you can limit the use of cookies > (see Browsing Safely: Understanding Active Content and Cookies > for > more information). > * Browse safely - Be careful which web sites you visit; if it seems > suspicious, leave the site. Also make sure to take precautions by > increasing your security settings (see Evaluating Your Web > Browser's Security Settings for more information), keeping your > virus definitions up to date (see Understanding Anti-Virus > Software for more information), and scanning your computer for > spyware (see Recognizing and Avoiding Spyware for more > information). > _________________________________________________________________ > > Author: Mindi McDowell > _________________________________________________________________ > > This document can also be found at > > <http://www.us-cert.gov/cas/tips/ST05-008.html> > > Copyright 2005 Carnegie Mellon University > > Terms of use > > <http://www.us-cert.gov/legal.html> > > > For instructions on subscribing to or unsubscribing from this > mailing list, visit <http://www.us-cert.gov/cas/signup.html>. > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iQEVAwUBQl1zehhoSezw4YfQAQKrowf/YzizaA86gW3FToRfM1SmjVin8jMIvtv0 > 04pEE79wZJ1bHyWSqd7TKPcH249Yp3Hix01oEA3E3LoEJoDCJvvHOctRrDcR4mUx > x7j5AsVMY7Ch6JwfvP/TGDQGnV+0u1Xb1G86amj4d3w426fa6UeHHsyox0PbeQ1o > gedIqZsQsQeRvs/WO9eTqTyJEw/vQXN95ZEH1yLhUZlnXM5wXZqddAEbNr4NTQHW > 4Q0+zooySh2N6XqoasnpDr9H1qB+F32U5koi2jW0Wi9iDhE1odYXClCtJJngUHRu > zOIc8x+WTgNtwhM9ldnyzApe9FVA4obJkpb+m12bO8bvUiRarN+3ew== > =fWWf > -----END PGP SIGNATURE----- > > > David F Wooledge Mental Health Advocate 237 Goodrich Street Erie PA 16508-1818 814-459-0741 814-217-1920 717-441-4910 (DBSA PA) 717-441-4911 (Laptop Soft Phone) 814-602-0510 (cell) 814-217-1936 (fax) 814-456-6593 (fax MHA of NP) wooledge001@xxxxxxxx dwooledge@xxxxxxxx http://www.vtext.com/users/8146020510 http://www.geocities.com/wooledge001_/ http://www.mental-health-advocate.us -- <Please delete this line and everything below.> To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/