Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.3  The Web
           9  2.3.4  Vulnerabilities

Previous Topic/Section
2.3.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
Dependence on “Security Through Obscurity”
Next Topic/Section

Logging and Privacy

The logging that occurs on a web server can compromise user privacy by providing a history of the user’s visits to a site. In addition to recording which IP addresses (which may uniquely identify a particular user) visited, which web page, and the time and date, some browsers provide more information such as the name and version of the browser program used for the access, the user’s email address, and other details. Perhaps more damaging to individual privacy are browser history, “favorites” or “bookmark” lists, and the cache of visited pages maintained on client machines, detailing the most recent pages accessed by that user, and the ones they’re most interested in (favorites). It is, thus, no surprise that utilities are available to clear these sources of information about a user’s browsing habits.

Assisting with this logging can be “web bugs”, which are small URL’s (often 1-pixel images) designed for automatic retrieval when a user visits a web page or reads an HTML-based email message. When retrieved, they trigger log entries (as would any URL retrieval). Web bugs can legitimately be used for statistical analysis or may be used to track a specific person. You can find out what web sites use web bugs by installing the free Bugnosis software on Internet Explorer211. More information about web bugs is available in the Bugnosis FAQ.212

Correspondingly, there are also web sites such as http://www.anonymizer.com, http://www.the-cloak.com and http://www.idzap.com, specifically set up to allow users to view the contents of other sites anonymously, without revealing their IP address or other identifying information to the site.

Why worry about anonymity on the web? The issue of Identity theft has become enough of an issue that the US Federal Trade Commission has set up a toll-free hot line @ 877-ID-Theft.


 __________________

211. http://www.bugnosis.org/

212. “Web Bug FAQ”, http://www.bugnosis.org/faq.html

Previous Topic/Section
2.3.4  Vulnerabilities
Previous Page
Pages in Current Topic/Section
1
Next Page
Dependence on “Security Through Obscurity”
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.