Below is an overview created by US-Cert.org (see attached link) to help you minimize your risk of revealing too much.
What information is collected?
When you visit a website, a certain amount of information is automatically sent to the site. This information may include the following:
- IP address - Each computer on the internet is assigned a specific, unique IP (internet protocol) address. Your computer may have a static IP address or a dynamic IP address. If you have a static IP address, it never changes. However, some ISPs own a block of addresses and assign an open one each time you connect to the internet — this is a dynamic IP address.
- Domain name - The internet is divided into domains, and every user's account is associated with one of those domains. You can identify the domain by looking at the end of URL; for example, .edu indicates an educational institution, .gov indicates a US government agency, .org refers to organization, and .com is for commercial use.
- Software details - An organization is usually able to determine which browser you used to access its site. The organization may also be able to determine what operating system your computer is running.
- Page visits - Information about which pages you visited, how long you stayed on a given page, and whether you came to the site from a search engine is often also available to the organization operating the website.
If a website uses cookies, the organization may be able to collect even more information, such as your browsing patterns, which include other sites you've visited. If the site you're visiting is malicious, files on your computer, as well as passwords stored in the temporary memory, may be at risk.
How is this information used?
Another way to apply information gathered about users is marketing. If the site uses cookies to determine other sites or pages you have visited, it may use this information to advertise certain products. The products may be on the same site or may be offered by partner sites.
However, some sites may collect your information for malicious purposes. If attackers are able to access files, passwords, or personal information on your computer, they may be able to use this data to their advantage. The attackers may be able to steal your identity, using and abusing your personal information for financial gain. A common practice is for attackers to use this type of information once or twice, then sell or trade it to other people. The attackers profit from the sale or trade, and increasing the number of transactions makes it more difficult to trace any activity back to them. The attackers may also alter the security settings on your computer so that they can access and use your computer for other malicious activity.
How can you limit the amount of information collected about you?
Here is how you would erase your browsing history for Internet Explorer 7 from Windows:
1. Click Start on the desktop.
2. Click Control Panel.
3. Double-click Internet Options.
4. Make sure the General tab is selected.
5. Click Clear History in the History box.
6. Click OK when it asks if you want to delete all items in your history folder.
7. Click OK at the bottom of the General box to exit.
Here is how you would erase your browsing history for Internet Explorer 8 from Windows:
1. Click Start on the desktop.
2. Click Control Panel.
3. Double-click Internet Options.
4. Click Delete under the Browsing History.
5. Select what you want to delete and then click the Delete button.
A couple of other things I recomend are:
1. Under Browsing History, check "Delete browsing history on exit."
2a. Also under Browsing History, click Settings.
2b. Under History, set "Days to keep pages in history" to Zero.
To do this from your browser:
1. Click on "Tools" from your menu bar.
2. Then Internet options.
3. Follow the steps for your browser from above.
For other browsers or Operating Systems, check the following link: http://kb.iu.edu/data/ahic.html.
Hope this helps.
Source: http://www.us-cert.gov/cas/tips/ST05-008.html
0 comments:
Post a Comment