-=PCTechTalk=- US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?
- From: "David F. Wooledge" <wooledge001@xxxxxxxx>
- To: "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>, accmail Juno <juno_accmail@xxxxxxxxxxxxx>
- Date: Thu, 14 Apr 2005 00:45:34 -0700 (PDT)
--- US-CERT Security Tips <security-tips@xxxxxxxxxxx> wrote:
> Date: Wed, 13 Apr 2005 15:35:07 -0400
> From: US-CERT Security Tips <security-tips@xxxxxxxxxxx>
> To: security-tips@xxxxxxxxxxx
> Subject: US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Cyber Security Tip ST05-008
> How Anonymous Are You?
>
> You may think that you are anonymous as you browse web sites, but
> pieces of information about you are always left behind. You can
> reduce
> the amount of information revealed about you by visiting legitimate
> sites, checking privacy policies, and minimizing the amount of
> personal information you provide.
>
> What information is collected?
>
> When you visit a web site, a certain amount of information is
> automatically sent to the site. This information may include the
> following:
> * IP address - Each computer on the internet is assigned a
> specific,
> unique IP (internet protocol) address. Your computer may have a
> static IP address or a dynamic IP address. If you have a static
> IP
> address, it never changes. However, some ISPs own a block of
> addresses and assign an open one each time you connect to the
> internet--this is a dynamic IP address. You can determine your
> computer's IP address at any given time by visiting
> www.showmyip.com
> * domain name - The internet is divided into domains, and every
> user's account is associated with one of those domains. You can
> identify the domain by looking at the end of URL; for example,
> .edu indicates an educational institution, .gov indicates a US
> government agency, .org refers to organization, .com is for
> commercial use. Many countries also have specific domain names.
> The list of active domain names is available at
> http://www.iana.org/domain-names.htm or
> http://www.norid.no/domenenavnbaser/domreg.html.
> * software details - It may be possible for an organization to
> determine which browser, including the version, that you used to
> access its site. The organization may also be able to determine
> what operating system your computer is running.
> * page visits - Information about which pages you visited, how long
> you stayed on a given page, and whether you came to the site from
> a search engine is often available to the organization operating
> the web site.
>
> If a web site uses cookies, the organization may be able to collect
> even more information, such as your browsing patterns, which include
> other sites you've visited. If the site you're vising is malicious,
> files on your computer, as well as passwords stored in the temporary
> memory, may be at risk.
>
> How is this information used?
>
> Generally, organizations use the information that is gathered
> automatically for legitimate purposes, such as generating statistics
> about their sites. By analyzing the statistics, the organizations can
> better understand the popularity of the site and which areas of
> content are being accessed the most. They may be able to use this
> information to modify the site to better support the behavior of the
> people visiting it.
>
> Another way to apply information gathered about users is marketing.
> If
> the site uses cookies to determine other sites or pages you have
> visited, it may use this information to advertise certain products.
> The products may be on the same site or may be offered by partner
> sites.
>
> However, some sites may collect your information for malicious
> purposes. If attackers are able to access files, passwords, or
> personal information on your computer, they may be able to use this
> data to their advantage. The attackers may be able to steal your
> identity, using and abusing your personal information for financial
> gain. A common practice is for attackers to use this type of
> information once or twice, then sell or trade it to other people. The
> attackers profit from the sale or trade, and increasing the number of
> transactions makes it more difficult to trace any activity back to
> them. The attackers may also alter the security settings on your
> computer so that they can access and use your computer for other
> malicious activity.
>
> Are you exposing any other personal information?
>
> While using cookies may be one method for gathering information, the
> easiest way for attackers to get access to personal information is to
> ask for it. By representing a malicious site as a legitimate one,
> attackers may be able to convince you to give them your address,
> credit card information, social security number, or other personal
> data (see Avoiding Social Engineering and Phishing Attacks for more
> information).
>
> How can you limit the amount of information collected about you?
>
> * Be careful supplying personal information - Unless you trust a
> site, don't give your address, password, or credit card
> information. Look for indications that the site uses SSL to
> encrypt your information (see Protecting Your Privacy for more
> information). Although some sites require you to supply your
> social security number (e.g., sites associated with financial
> transactions such as loans or credit cards), be especially wary
> of
> providing this information online.
> * Limit cookies - If an attacker can access your computer, he or
> she
> may be able to find personal data stored in cookies. You may not
> realize the extent of the information stored on your computer
> until it is too late. However, you can limit the use of cookies
> (see Browsing Safely: Understanding Active Content and Cookies
> for
> more information).
> * Browse safely - Be careful which web sites you visit; if it seems
> suspicious, leave the site. Also make sure to take precautions by
> increasing your security settings (see Evaluating Your Web
> Browser's Security Settings for more information), keeping your
> virus definitions up to date (see Understanding Anti-Virus
> Software for more information), and scanning your computer for
> spyware (see Recognizing and Avoiding Spyware for more
> information).
> _________________________________________________________________
>
> Author: Mindi McDowell
> _________________________________________________________________
>
> This document can also be found at
>
> <http://www.us-cert.gov/cas/tips/ST05-008.html>
>
> Copyright 2005 Carnegie Mellon University
>
> Terms of use
>
> <http://www.us-cert.gov/legal.html>
>
>
> For instructions on subscribing to or unsubscribing from this
> mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iQEVAwUBQl1zehhoSezw4YfQAQKrowf/YzizaA86gW3FToRfM1SmjVin8jMIvtv0
> 04pEE79wZJ1bHyWSqd7TKPcH249Yp3Hix01oEA3E3LoEJoDCJvvHOctRrDcR4mUx
> x7j5AsVMY7Ch6JwfvP/TGDQGnV+0u1Xb1G86amj4d3w426fa6UeHHsyox0PbeQ1o
> gedIqZsQsQeRvs/WO9eTqTyJEw/vQXN95ZEH1yLhUZlnXM5wXZqddAEbNr4NTQHW
> 4Q0+zooySh2N6XqoasnpDr9H1qB+F32U5koi2jW0Wi9iDhE1odYXClCtJJngUHRu
> zOIc8x+WTgNtwhM9ldnyzApe9FVA4obJkpb+m12bO8bvUiRarN+3ew==
> =fWWf
> -----END PGP SIGNATURE-----
>
>
>
David F Wooledge
Mental Health Advocate
237 Goodrich Street
Erie PA 16508-1818
814-459-0741
814-217-1920
717-441-4910 (DBSA PA)
717-441-4911 (Laptop Soft Phone)
814-602-0510 (cell)
814-217-1936 (fax)
814-456-6593 (fax MHA of NP)
wooledge001@xxxxxxxx
dwooledge@xxxxxxxx
http://www.vtext.com/users/8146020510
http://www.geocities.com/wooledge001_/
http://www.mental-health-advocate.us
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
Other related posts:
- » -=PCTechTalk=- US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?
