RE: The Whitehouse Web site is bugged

["Richard M. Smith" <rms () computerbytesman com>]

According to the Webtrends P3P "privacy" policy, they intend to figure out
who people are via their Webtrends cookies.  A pretty odd thing for a Web
statistics company to be doing.  I always assumed that the company gathers
aggregrated statistics.  I guess not.

It does look like the Bush Administration is making up the rules as it goes
along and not telling anyone about them.

The real puzzler for me however is why does the Administration apparently
not want older Web pages archived in the WayBack Machine?

Richard 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Paul Schmehl
Sent: Tuesday, December 27, 2005 3:05 PM
To: funsec () linuxbox org
Subject: Re: [funsec] The Whitehouse Web site is bugged

--On December 27, 2005 11:43:56 AM -0500 "Richard M. Smith" 
<rms () computerbytesman com> wrote:
> The Whitehouse.gov Web site is bugged!  Apparently the Webmaster for 
> the site has hired Webtrends to track visitors around the site using 
> Web bugs and permanent cookies.  Here's the Web bug that I found on 
> the home page of the Whitehouse.gov Web site:
>
> <SCRIPT src="/js/stat.js" language="javascript"
> TYPE="text/javascript"></SCRIPT>
> <NOSCRIPT>
> <IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1"
> SRC="http://statse.webtrendslive.com/DCSArO55rNH8I36lrbe6wexE5_5B8I/nj
> s.g if? dcsuri=/nojavascript&amp;WT.js=No">
> </NOSCRIPT>
>
> Similar Web bugs can be found on other Web pages at the Whitehouse Web 
> site.
>
> Before 9/11, the Clinton administration said this kind of Web tracking 
> is a no-no for U.S. government Web sites:
>
>    http://www.whitehouse.gov/omb/memoranda/m00-13.html
>
>    Because of the unique laws and traditions about
>    government access to citizens' personal information,
>    the presumption should be that "cookies" will not be
>    used at Federal web sites. Under this new Federal policy,
>    "cookies" should not be used at Federal web sites, or
>    by contractors when operating web sites on behalf of
>    agencies, unless, in addition to clear and conspicuous
>    notice, the following conditions are met: a compelling
>    need to gather the data on the site;
Apparently the present administration disagrees.  I'm not sure why the
government should be prevented from using cookies or other tracking
mechanisms.  After all, they can be used to improve service, something the
government desperately needs to do.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.