US-CERT Cyber Security Tip ST05-008 -- How Anonymous Are You?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         Cyber Security Tip ST05-008
                           How Anonymous Are You?

   You may think that you are anonymous as you browse websites, but pieces of
   information about you are always left behind. You can reduce the amount of
   information revealed about you by visiting legitimate sites, checking
   privacy policies, and minimizing the amount of personal information you
   provide.

What information is collected?

   When you visit a website, a certain amount of information is automatically
   sent to the site. This information may include the following:
     * IP address - Each computer on the internet is assigned a specific,
       unique IP (internet protocol) address. Your computer may have a static
       IP address or a dynamic IP address. If you have a static IP address, it
       never changes. However, some ISPs own a block of addresses and assign an
       open one each time you connect to the internetâ??this is a dynamic IP
       address. You can determine your computer's IP address at any given time
       by visiting www.showmyip.com.
     * domain name - The internet is divided into domains, and every user's
       account is associated with one of those domains. You can identify the
       domain by looking at the end of URL; for example, .edu indicates an
       educational institution, .gov indicates a US government agency, .org
       refers to organization, and .com is for commercial use. Many countries
       also have specific domain names. The list of active domain names is
       available from the Internet Assigned Numbers Authority (IANA).
     * software details - It may be possible for an organization to determine
       which browser, including the version, that you used to access its site.
       The organization may also be able to determine what operating system
       your computer is running.
     * page visits - Information about which pages you visited, how long you
       stayed on a given page, and whether you came to the site from a search
       engine is often available to the organization operating the website.

   If a website uses cookies, the organization may be able to collect even more
   information, such as your browsing patterns, which include other sites
   you've visited. If the site you're visiting is malicious, files on your
   computer, as well as passwords stored in the temporary memory, may be at
   risk.

How is this information used?

   Generally, organizations use the information that is gathered automatically
   for legitimate purposes, such as generating statistics about their sites. By
   analyzing  the statistics, the organizations can better understand the
   popularity of the site and which areas of content are being accessed the
   most. They may be able to use this information to modify the site to better
   support the behavior of the people visiting it.

   Another way to apply information gathered about users is marketing. If the
   site uses cookies to determine other sites or pages you have visited, it may
   use this information to advertise certain products. The products may be on
   the same site or may be offered by partner sites.

   However, some sites may collect your information for malicious purposes. If
   attackers are able to access files, passwords, or personal information on
   your computer, they may be able to use this data to their advantage. The
   attackers  may  be able to steal your identity, using and abusing your
   personal information for financial gain. A common practice is for attackers
   to use this type of information once or twice, then sell or trade it to
   other people. The attackers profit from the sale or trade, and increasing
   the number of transactions makes it more difficult to trace any activity
   back to them. The attackers may also alter the security settings on your
   computer so that they can access and use your computer for other malicious
   activity.

Are you exposing any other personal information?

   While using cookies may be one method for gathering information, the easiest
   way for attackers to get access to personal information is to ask for it. By
   representing a malicious site as a legitimate one, attackers may be able to
   convince you to give them your address, credit card information, social
   security number, or other personal data (see Avoiding Social Engineering and
   Phishing Attacks for more information).

How can you limit the amount of information collected about you?

     * Be careful supplying personal information - Unless you trust a site,
       don't give your address, password, or credit card information. Look for
       indications that the site uses SSL to encrypt your information (see
       Protecting Your Privacy for more information). Although some sites
       require  you  to  supply  your social security number (e.g., sites
       associated with financial transactions such as loans or credit cards),
       be especially wary of providing this information online.
     * Limit cookies - If an attacker can access your computer, he or she may
       be able to find personal data stored in cookies. You may not realize the
       extent of the information stored on your computer until it is too late.
       However,  you  can  limit the use of cookies (see Browsing Safely:
       Understanding Active Content and Cookies for more information).
     * Browse  safely  - Be careful which websites you visit; if it seems
       suspicious,  leave the site. Also make sure to take precautions by
       increasing your security settings (see Evaluating Your Web Browser's
       Security Settings for more information), keeping your virus definitions
       up to date (see Understanding Anti-Virus Software for more information),
       and scanning your computer for spyware (see Recognizing and Avoiding
       Spyware for more information).

Additional information

     * Securing Your Web Browser
     _________________________________________________________________

     Author: Mindi McDowell
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization.

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-008.html

     For instructions on subscribing to or unsubscribing from this
     mailing list, visit 

     http://www.us-cert.gov/cas/signup.html








-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTA6eoD6pPKYJORa3AQKk2ggArsF8QUX87vrIMMjoTa3w/A3FV9a6yPwn
PDla84FFP8QQXCeLWdgfkNxYH1leMV5l9NAJpvE1Ly62O16G3p7YoMmmtIySWhd7
7f4FgfpOsG28omW0dncl7k8Q0HdiJu5Kw7YaLa6LERx6FQo/8yucrX6XW+nAZhOL
2qCzJ1pmXs8D5/WFkSYv0xQIRdZ7bnQEJScobYlQ4OeTvkxP0Gtp87zXHYLf5P5K
qsPXt2c6QaeF1kGuKSiJm4LN7VgxzGSTMIqparU/ug2PG5ZMcpT4ysfJ9fkI9FrB
S69Q4UAQTqP0wZZfJl+PRw60hwJaK4cqjn46jK/Ee6FlRmTmTr1o8w==
=SeIV
-----END PGP SIGNATURE-----


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux