RE: The Whitehouse Web site is bugged

[Dan Renner <dan () losangelescomputerhelp com>]

Then all the privacy-prone types should be happy for adware/spyware and
the like - seems a lot of our clients think that when this type of
software slows doen their computer (6 months after they bought it) they
need to get a new one.

There goes Webtrends tracking... "Wait!  There are FIFTEEN Mrs.
Olbloskinatuskas!?"  <snicker>
-- 


Sincerely,

Dan Renner
President
Los Angeles Computerhelp
Phone:   818-352-8700
Website: http://losangelescomputerhelp.com
Blog:    http://itdiaries.com



On Tue, 2005-12-27 at 14:25 -0600, funsec-request () linuxbox org wrote:
> Date: Tue, 27 Dec 2005 15:24:07 -0500
> From: "Richard M. Smith" <rms () computerbytesman com>
> Subject: RE: [funsec] The Whitehouse Web site is bugged
> To: <funsec () linuxbox org>
> Message-ID: <4iore0$5kadse () smtp02 mrf mail rcn net>
> Content-Type: text/plain;       charset="US-ASCII"
>
> According to the Webtrends P3P "privacy" policy, they intend to figure
> out
> who people are via their Webtrends cookies.  A pretty odd thing for a
> Web
> statistics company to be doing.  I always assumed that the company
> gathers
> aggregrated statistics.  I guess not.
>
> It does look like the Bush Administration is making up the rules as it
> goes
> along and not telling anyone about them.
>
> The real puzzler for me however is why does the Administration
> apparently
> not want older Web pages archived in the WayBack Machine?
>
> Richard 
>
> -----Original Message-----
> From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
> On
> Behalf Of Paul Schmehl
> Sent: Tuesday, December 27, 2005 3:05 PM
> To: funsec () linuxbox org
> Subject: Re: [funsec] The Whitehouse Web site is bugged
>
> --On December 27, 2005 11:43:56 AM -0500 "Richard M. Smith" 
> <rms () computerbytesman com> wrote:
> > The Whitehouse.gov Web site is bugged!  Apparently the Webmaster
> for 
> > the site has hired Webtrends to track visitors around the site
> using 
> > Web bugs and permanent cookies.  Here's the Web bug that I found on 
> > the home page of the Whitehouse.gov Web site:
> >
> > <SCRIPT src="/js/stat.js" language="javascript"
> > TYPE="text/javascript"></SCRIPT>
> > <NOSCRIPT>
> > <IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1"
> SRC="http://statse.webtrendslive.com/DCSArO55rNH8I36lrbe6wexE5_5B8I/nj
> > s.g if? dcsuri=/nojavascript&amp;WT.js=No">
> > </NOSCRIPT>
> >
> > Similar Web bugs can be found on other Web pages at the Whitehouse
> Web 
> > site.
> >
> > Before 9/11, the Clinton administration said this kind of Web
> tracking 
> > is a no-no for U.S. government Web sites:
> >
> >    http://www.whitehouse.gov/omb/memoranda/m00-13.html
> >
> >    Because of the unique laws and traditions about
> >    government access to citizens' personal information,
> >    the presumption should be that "cookies" will not be
> >    used at Federal web sites. Under this new Federal policy,
> >    "cookies" should not be used at Federal web sites, or
> >    by contractors when operating web sites on behalf of
> >    agencies, unless, in addition to clear and conspicuous
> >    notice, the following conditions are met: a compelling
> >    need to gather the data on the site;
> Apparently the present administration disagrees.  I'm not sure why the
> government should be prevented from using cookies or other tracking
> mechanisms.  After all, they can be used to improve service, something
> the
> government desperately needs to do.
>
> Paul Schmehl (pauls () utdallas edu)
> Adjunct Information Security Officer
> University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu/
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.