funsec mailing list archives
RE: The Whitehouse Web site is bugged
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Tue, 27 Dec 2005 15:24:07 -0500
According to the Webtrends P3P "privacy" policy, they intend to figure out who people are via their Webtrends cookies. A pretty odd thing for a Web statistics company to be doing. I always assumed that the company gathers aggregrated statistics. I guess not. It does look like the Bush Administration is making up the rules as it goes along and not telling anyone about them. The real puzzler for me however is why does the Administration apparently not want older Web pages archived in the WayBack Machine? Richard -----Original Message----- From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Paul Schmehl Sent: Tuesday, December 27, 2005 3:05 PM To: funsec () linuxbox org Subject: Re: [funsec] The Whitehouse Web site is bugged --On December 27, 2005 11:43:56 AM -0500 "Richard M. Smith" <rms () computerbytesman com> wrote:
The Whitehouse.gov Web site is bugged! Apparently the Webmaster for the site has hired Webtrends to track visitors around the site using Web bugs and permanent cookies. Here's the Web bug that I found on the home page of the Whitehouse.gov Web site: <SCRIPT src="/js/stat.js" language="javascript" TYPE="text/javascript"></SCRIPT> <NOSCRIPT> <IMG ALT="" BORDER="0" NAME="DCSIMG" WIDTH="1" HEIGHT="1" SRC="http://statse.webtrendslive.com/DCSArO55rNH8I36lrbe6wexE5_5B8I/nj s.g if? dcsuri=/nojavascript&WT.js=No"> </NOSCRIPT> Similar Web bugs can be found on other Web pages at the Whitehouse Web site. Before 9/11, the Clinton administration said this kind of Web tracking is a no-no for U.S. government Web sites: http://www.whitehouse.gov/omb/memoranda/m00-13.html Because of the unique laws and traditions about government access to citizens' personal information, the presumption should be that "cookies" will not be used at Federal web sites. Under this new Federal policy, "cookies" should not be used at Federal web sites, or by contractors when operating web sites on behalf of agencies, unless, in addition to clear and conspicuous notice, the following conditions are met: a compelling need to gather the data on the site;
Apparently the present administration disagrees. I'm not sure why the government should be prevented from using cookies or other tracking mechanisms. After all, they can be used to improve service, something the government desperately needs to do. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- The Whitehouse Web site is bugged Richard M. Smith (Dec 27)
- Re: The Whitehouse Web site is bugged Paul Schmehl (Dec 27)
- RE: The Whitehouse Web site is bugged Richard M. Smith (Dec 27)
- <Possible follow-ups>
- RE: The Whitehouse Web site is bugged Dan Renner (Dec 27)
- Re: The Whitehouse Web site is bugged Dude VanWinkle (Dec 28)
- Re: The Whitehouse Web site is bugged Paul Schmehl (Dec 27)