-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cyber Security Tip ST05-013
Guidelines for Publishing Information Online
Remember that the internet is a public resource. Avoid putting
anything online that you don't want the public to see or that you may
want to retract.
Why is it important to remember that the internet is public?
Because the internet is so accessible and contains a wealth of
information, it has become a popular resource for communicating, for
researching topics, and for finding information about people. It may
seem less intimidating than actually interacting with other people
because there is a sense of anonymity. However, you are not really
anonymous when you are online, and it is just as easy for people to
find information about you as it is for you to find information about
them. Unfortunately, many people have become so familiar and
comfortable with the internet that they may adopt practices that make
them vulnerable. For example, although people are typically wary of
sharing personal information with strangers they meet on the street,
they may not hesitate to post that same information online. Once it is
online, it can be accessed by a world of strangers, and you have no
idea what they might do with that information.
What guidelines can you follow when publishing information on the internet?
* View the internet as a novel, not a diary - Make sure you are
comfortable with anyone seeing the information you put online.
Expect that people you have never met will find your page; even if
you are keeping an online journal or blog, write it with the
expectation that it is available for public consumption. Some
sites may use passwords or other security restrictions to protect
the information, but these methods are not usually used for most
web sites. If you want the information to be private or restricted
to a small, select group of people, the internet is probably not
the best forum.
* Be careful what you advertise - In the past, it was difficult to
find information about people other than their phone numbers or
address. Now, an increasing amount of personal information is
available online, especially because people are creating personal
web pages with information about themselves. When deciding how
much information to reveal, realize that you are broadcasting it
to the world. Supplying your email address may increase the amount
of spam you receive (see Reducing Spam for more information).
Providing details about your hobbies, your job, your family and
friends, and your past may give attackers enough information to
perform a successful social engineering attack (see Avoiding
Social Engineering and Phishing Attacks for more information).
* Realize that you can't take it back - Once you publish something
online, it is available to other people and to search engines. You
can change or remove information after something has been
published, but it is possible that someone has already seen the
original version. Even if you try to remove the page(s) from the
internet, someone may have saved a copy of the page or used
excerpts in another source. Some search engines "cache" copies of
web pages so that they open faster; these cached copies may be
available after a web page has been deleted or altered. Some web
browsers may also maintain a cache of the web pages a user has
visited, so the original version may be stored in a temporary file
on the user's computer. Think about these implications before
publishing information--once something is out there, you can't
guarantee that you can completely remove it.
As a general practice, let your common sense guide your decisions
about what to post online. Before you publish something on the
internet, determine what value it provides and consider the
implications of having the information available to the public.
Identity theft is an increasing problem, and the more information an
attacker can gather about you, the easier it is to pretend to be you.
Behave online the way you would behave in your daily life, especially
when it involves taking precautions to protect yourself.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle, Jason Rafail
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<http://www.us-cert.gov/legal.html>
This document can also be found at
<http://www.us-cert.gov/cas/tips/ST05-013.html>
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBSGPXQnIHljM+H4irAQIYGggAkW0oIh957Xhp1zOR9Gwcp5J0VwJV/uyq
MBYKrtxs2Anh6Fifr8gjyiKzXX3vABf+/v+y7iL5+Zw9JdTzVNXGr0YYvT/4lUsI
L2nht6SpHjxPYGIeKlB9lTUYavEazSFEO/qlV9z6rgdz7OLFWYILQIrKZtEACf5p
Ira5nDdPSCg3ycAuQe4Ec2oSBWazzcPqBe0jUjKw9qMENGFkfh8Rht3zHFsX9a2W
KRTU30pCKQ3FOYYd1oODHdSFRjeyxcMQYRL9C7CuKXqUbq1gPsguH5BzNwEYzt4u
4seMTxpFRLeJCRC5J2P6rCa3pBkDl4zh0zXiZA59pAGXS2HryBPZTg==
=M+7e
-----END PGP SIGNATURE-----
