funsec mailing list archives

Re: The Whitehouse Web site is bugged

From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 27 Dec 2005 14:04:51 -0600

--On December 27, 2005 11:43:56 AM -0500 "Richard M. Smith"<rms () computerbytesman com> wrote:


The Whitehouse.gov Web site is bugged!  Apparently the Webmaster for the
site has hired Webtrends to track visitors around the site using Web bugs
and permanent cookies.  Here's the Web bug that I found on the home page
of the Whitehouse.gov Web site:

<SCRIPT src="/js/stat.js" language="javascript"
TYPE="text/javascript"></SCRIPT>
<NOSCRIPT>
<IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1"
SRC="http://statse.webtrendslive.com/DCSArO55rNH8I36lrbe6wexE5_5B8I/njs.g
if? dcsuri=/nojavascript&amp;WT.js=No">
</NOSCRIPT>

Similar Web bugs can be found on other Web pages at the Whitehouse Web
site.

Before 9/11, the Clinton administration said this kind of Web tracking is
a no-no for U.S. government Web sites:

   http://www.whitehouse.gov/omb/memoranda/m00-13.html

   Because of the unique laws and traditions about
   government access to citizens' personal information,
   the presumption should be that "cookies" will not be
   used at Federal web sites. Under this new Federal policy,
   "cookies" should not be used at Federal web sites, or
   by contractors when operating web sites on behalf of
   agencies, unless, in addition to clear and conspicuous
   notice, the following conditions are met: a compelling
   need to gather the data on the site;

Apparently the present administration disagrees. I'm not sure why thegovernment should be prevented from using cookies or other trackingmechanisms. After all, they can be used to improve service, something thegovernment desperately needs to do.


Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

The Whitehouse Web site is bugged Richard M. Smith (Dec 27)
- Re: The Whitehouse Web site is bugged Paul Schmehl (Dec 27)
  - RE: The Whitehouse Web site is bugged Richard M. Smith (Dec 27)
- <Possible follow-ups>
- RE: The Whitehouse Web site is bugged Dan Renner (Dec 27)
  - Re: The Whitehouse Web site is bugged Dude VanWinkle (Dec 28)