US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                      Cyber Security Tip ST05-008
                        How Anonymous Are You?

   You may think that you are anonymous as you browse web sites, but
   pieces of information about you are always left behind. You can reduce
   the amount of information revealed about you by visiting legitimate
   sites, checking privacy policies, and minimizing the amount of
   personal information you provide.

What information is collected?

   When  you  visit  a  web  site,  a  certain  amount  of information is
   automatically  sent  to  the  site.  This  information may include the
   following:
     * IP address - Each computer on the internet is assigned a specific,
       unique  IP  (internet  protocol) address. Your computer may have a
       static IP address or a dynamic IP address. If you have a static IP
       address,  it  never  changes.  However,  some  ISPs own a block of
       addresses  and  assign  an  open  one each time you connect to the
       internet--this  is  a  dynamic  IP address. You can determine your
       computer's   IP   address   at   any   given   time   by  visiting
       www.showmyip.com
     * domain  name  -  The  internet  is divided into domains, and every
       user's  account  is  associated with one of those domains. You can
       identify  the  domain  by  looking at the end of URL; for example,
       .edu  indicates  an  educational  institution, .gov indicates a US
       government  agency,  .org  refers to organization, and .com is for
       commercial  use.  Many  countries also have specific domain names.
       The  list  of  active  domain names is available from the Internet
       Assigned Numbers Authority (IANA).
     * software  details  -  It  may  be  possible for an organization to
       determine  which  browser, including the version, that you used to
       access  its  site.  The organization may also be able to determine
       what operating system your computer is running.
     * page  visits - Information about which pages you visited, how long
       you  stayed on a given page, and whether you came to the site from
       a  search  engine is often available to the organization operating
       the web site.

   If  a  web  site uses cookies, the organization may be able to collect
   even  more  information, such as your browsing patterns, which include
   other  sites  you've  visited. If the site you're vising is malicious,
   files  on  your computer, as well as passwords stored in the temporary
   memory, may be at risk.

How is this information used?

   Generally,   organizations   use  the  information  that  is  gathered
   automatically  for  legitimate purposes, such as generating statistics
   about  their sites. By analyzing the statistics, the organizations can
   better  understand  the  popularity  of  the  site  and which areas of
   content  are  being  accessed  the  most. They may be able to use this
   information  to  modify the site to better support the behavior of the
   people visiting it.

   Another way to apply information gathered about users is marketing. If
   the  site  uses  cookies  to  determine  other sites or pages you have
   visited,  it  may  use this information to advertise certain products.
   The  products  may  be  on  the same site or may be offered by partner
   sites.

   However,  some  sites  may  collect  your  information  for  malicious
   purposes.  If  attackers  are  able  to  access  files,  passwords, or
   personal  information  on  your computer, they may be able to use this
   data  to  their  advantage.  The  attackers  may be able to steal your
   identity,  using  and  abusing your personal information for financial
   gain.  A  common  practice  is  for  attackers  to  use  this  type of
   information  once or twice, then sell or trade it to other people. The
   attackers  profit from the sale or trade, and increasing the number of
   transactions  makes  it  more  difficult to trace any activity back to
   them.  The  attackers  may  also  alter  the security settings on your
   computer  so  that  they  can  access  and use your computer for other
   malicious activity.

Are you exposing any other personal information?

   While  using  cookies may be one method for gathering information, the
   easiest  way for attackers to get access to personal information is to
   ask  for  it.  By  representing  a malicious site as a legitimate one,
   attackers  may  be  able  to  convince  you to give them your address,
   credit  card  information,  social  security number, or other personal
   data  (see  Avoiding  Social Engineering and Phishing Attacks for more
   information).

How can you limit the amount of information collected about you?

     * Be  careful  supplying  personal  information - Unless you trust a
       site,   don't   give   your  address,  password,  or  credit  card
       information.  Look  for  indications  that  the  site  uses SSL to
       encrypt  your  information  (see  Protecting Your Privacy for more
       information).  Although  some  sites  require  you  to supply your
       social  security  number  (e.g.,  sites  associated with financial
       transactions such as loans or credit cards), be especially wary of
       providing this information online.
     * Limit cookies - If an attacker can access your computer, he or she
       may  be  able to find personal data stored in cookies. You may not
       realize  the  extent  of  the  information stored on your computer
       until  it  is  too late. However, you can limit the use of cookies
       (see Browsing Safely: Understanding Active Content and Cookies for
       more information).
     * Browse  safely - Be careful which web sites you visit; if it seems
       suspicious,  leave the site. Also make sure to take precautions by
       increasing   your  security  settings  (see  Evaluating  Your  Web
       Browser's  Security  Settings  for more information), keeping your
       virus   definitions  up  to  date  (see  Understanding  Anti-Virus
       Software  for  more  information),  and scanning your computer for
       spyware   (see   Recognizing   and   Avoiding   Spyware  for  more
       information).

Additional information

     * Securing Your Web Browser
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being re-distributed 
     to increase awareness. 
  
     Terms of use
 
     <http://www.us-cert.gov/legal.html>
  
     This document can also be found at
 
     <http://www.us-cert.gov/cas/tips/ST05-008.html>
 

    For instructions on subscribing to or unsubscribing from this
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
     
     
     


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBSAdilfRFkHkM87XOAQIwGgf+NshACKQQHbzllecYp5lfEegQeB999E08
+ph/GXn6wkRZFDVfs33IV7tIpyRP5wL6A3XnFncR/hED0+oGWMbog3vh7e3LkPLq
KEdwEHmUbugx2jm3cXctnMkbghj5ijSdm/HMc3ci8OwQVPFjt7qF0fmQ38Nvj3MF
/aNs6k3eK6oGnNpvfbzRUZP6m+Zy8Zv26teWhwP7gymk+TGpAPDp5DIEt017W4E7
0ty9IixPQtpcdt1+R7FR0JXAXt/TBnj621L2SenDkhqj0SdYJYuGj1b7jeRt9Pfr
b+c1xHF8Lao5vkp8ZDgqN9ZRx8CXjdzKSm1AtKVmqgV9643b21JEGg==
=T7Rm
-----END PGP SIGNATURE-----

[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux