Friday, April 15, 2005

How Anonymous Are You?

I thought some might be interested in this. It's a CERT security tip for Internet users that came out this week.

US-CERT ST05-008: How Anonymous Are You?

It's definitely for real too. Not only is it easy for web site authors to see what web browser is visiting the web page but also from where the page was linked. You can even see what search words were used on the search engine query that linked to the page. And, of course, you get the IP. Now, an IP used to give very little information. It would be registered by a big corporation often HQ'd far from its actual location at all... But now there are organizations that have simple tools like:

IP Address Locator

These give access to databases that actually map geographical information to IPs. If you only have the first three bytes of the IP (without the third period), it works just as well.

So just be aware that you're being automatically tracked all the time as you browse the web, even if you've turned off all of your persistent cookies...


Anonymous said...

What does the Computer Emergency Readiness Team do?

Theo said...

Well, only recently was US-CERT folded into the Department of Homeland Security. They started as a group at Carnegie Melon that tries to gather as much information about computer security as possible and make it public so that people and organizations can respond quickly and completely.

As they changed from CERT to US-CERT, they started adding a few more features. They used to have one mailing list that would send out notices about security problems found in network software and how to get the patches to fix them. Now theys end out technical and nontechnical briefs giving the same old notices as well as "tips" like these.

If you've ever received a note from your IT manager or from your school's IT department about some worm or about some software bug that needs to be fixed, probably a day (or even a WEEK!) earlier CERT sent out a notice. Back in my day, all IT managers subscribed to CERT and immediately responded to their notices. Nowadays undereducated IT managers from run-of-the-mill technical schools just wait for CNN.

So that's a brief history of CERT.

~ange said...

You might find this site interesting:

Theo said...

Yeah, that is definitely right up my alley.

There have actually been a lot of articles lately in technical circles about how big business and pure opportunism has stifled innovation. Over the last 15 years we've had only 20 new innovations in computing technology, or something along those lines, for example.

People want to make big money fast, and they think IT technologies are the way to go. But no one is taking any risks putting them together; instead, they wait for safe things and gobble them up. When the big businesses get involved, they really gobble them up, and in many cases just to stop them.

Scary stuff.