US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                           Cyber Security Tip ST05-008
                              How Anonymous Are You?

   You may think that you are anonymous as you browse web sites, but
   pieces of information about you are always left behind. You can reduce
   the amount of information revealed about you by visiting legitimate
   sites, checking privacy policies, and minimizing the amount of
   personal information you provide.

What information is collected?

   When you visit a web site, a certain amount of information is
   automatically sent to the site. This information may include the
   following:
     * IP address - Each computer on the internet is assigned a specific,
       unique IP (internet protocol) address. Your computer may have a
       static IP address or a dynamic IP address. If you have a static IP
       address, it never changes. However, some ISPs own a block of
       addresses and assign an open one each time you connect to the
       internet--this is a dynamic IP address. You can determine your
       computer's IP address at any given time by visiting
       www.showmyip.com
     * domain name - The internet is divided into domains, and every
       user's account is associated with one of those domains. You can
       identify the domain by looking at the end of URL; for example,
       .edu indicates an educational institution, .gov indicates a US
       government agency, .org refers to organization, .com is for
       commercial use. Many countries also have specific domain names.
       The list of active domain names is available at
       http://www.iana.org/domain-names.htm or
       http://www.norid.no/domenenavnbaser/domreg.html.
     * software details - It may be possible for an organization to
       determine which browser, including the version, that you used to
       access its site. The organization may also be able to determine
       what operating system your computer is running.
     * page visits - Information about which pages you visited, how long
       you stayed on a given page, and whether you came to the site from
       a search engine is often available to the organization operating
       the web site.

   If a web site uses cookies, the organization may be able to collect
   even more information, such as your browsing patterns, which include
   other sites you've visited. If the site you're vising is malicious,
   files on your computer, as well as passwords stored in the temporary
   memory, may be at risk.

How is this information used?

   Generally, organizations use the information that is gathered
   automatically for legitimate purposes, such as generating statistics
   about their sites. By analyzing the statistics, the organizations can
   better understand the popularity of the site and which areas of
   content are being accessed the most. They may be able to use this
   information to modify the site to better support the behavior of the
   people visiting it.

   Another way to apply information gathered about users is marketing. If
   the site uses cookies to determine other sites or pages you have
   visited, it may use this information to advertise certain products.
   The products may be on the same site or may be offered by partner
   sites.

   However, some sites may collect your information for malicious
   purposes. If attackers are able to access files, passwords, or
   personal information on your computer, they may be able to use this
   data to their advantage. The attackers may be able to steal your
   identity, using and abusing your personal information for financial
   gain. A common practice is for attackers to use this type of
   information once or twice, then sell or trade it to other people. The
   attackers profit from the sale or trade, and increasing the number of
   transactions makes it more difficult to trace any activity back to
   them. The attackers may also alter the security settings on your
   computer so that they can access and use your computer for other
   malicious activity.

Are you exposing any other personal information?

   While using cookies may be one method for gathering information, the
   easiest way for attackers to get access to personal information is to
   ask for it. By representing a malicious site as a legitimate one,
   attackers may be able to convince you to give them your address,
   credit card information, social security number, or other personal
   data (see Avoiding Social Engineering and Phishing Attacks for more
   information).

How can you limit the amount of information collected about you?

     * Be careful supplying personal information - Unless you trust a
       site, don't give your address, password, or credit card
       information. Look for indications that the site uses SSL to
       encrypt your information (see Protecting Your Privacy for more
       information). Although some sites require you to supply your
       social security number (e.g., sites associated with financial
       transactions such as loans or credit cards), be especially wary of
       providing this information online.
     * Limit cookies - If an attacker can access your computer, he or she
       may be able to find personal data stored in cookies. You may not
       realize the extent of the information stored on your computer
       until it is too late. However, you can limit the use of cookies
       (see Browsing Safely: Understanding Active Content and Cookies for
       more information).
     * Browse safely - Be careful which web sites you visit; if it seems
       suspicious, leave the site. Also make sure to take precautions by
       increasing your security settings (see Evaluating Your Web
       Browser's Security Settings for more information), keeping your
       virus definitions up to date (see Understanding Anti-Virus
       Software for more information), and scanning your computer for
       spyware (see Recognizing and Avoiding Spyware for more
       information).
     _________________________________________________________________

      Author: Mindi McDowell
     _________________________________________________________________

     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-008.html>

     Copyright 2005 Carnegie Mellon University

     Terms of use

     <http://www.us-cert.gov/legal.html>


     For instructions on subscribing to or unsubscribing from this 
     mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQl1zehhoSezw4YfQAQKrowf/YzizaA86gW3FToRfM1SmjVin8jMIvtv0
04pEE79wZJ1bHyWSqd7TKPcH249Yp3Hix01oEA3E3LoEJoDCJvvHOctRrDcR4mUx
x7j5AsVMY7Ch6JwfvP/TGDQGnV+0u1Xb1G86amj4d3w426fa6UeHHsyox0PbeQ1o
gedIqZsQsQeRvs/WO9eTqTyJEw/vQXN95ZEH1yLhUZlnXM5wXZqddAEbNr4NTQHW
4Q0+zooySh2N6XqoasnpDr9H1qB+F32U5koi2jW0Wi9iDhE1odYXClCtJJngUHRu
zOIc8x+WTgNtwhM9ldnyzApe9FVA4obJkpb+m12bO8bvUiRarN+3ew==
=fWWf
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux