Privacy and anonymity

Just how far does Big Brother's eye see?


What's my IP?

Often an IP address is the only piece of information available to a webmaster to track your visits - assuming you've disabled cookies in your browser and don't mind SessionIDs. Web logs can be subpoenaed too. Did you download Nmap 4.01 recently? My understanding is that Fyodor has had an effective log retention policy for when the feds come knocking, but what about everyone else? Do you use Nessus? Ethereal? Metasploit? Have you tried the latest (and excellent) Back Track pen-test liveCD? These are common tools used for legitimate purposes. Most of us couldn't care less that these downloads are tracked back to our IP. But it's still a useful excercise to go through: finding out how easy it is to map your IP address to an approximate physical location.

Most of us don't have malicious intent, so what about tracking the attackers who do? In the news, the physical location of an IP address used to attack a service is often used to attribute blame to certain country or region of the world. I suspect these addresses are rarely the real origin of the attack, but it's a start. There are dozens of "show my IP" services out there already to find out your public IP address while you're behind a proxy. Need more information? Sometimes a simple WHOIS or dig lookup doesn't suffice. To help find an approximate physical location there's the free IP address locator and the IP-to-country database - both useful tools. Or you can find IP blocks listed by country of origin, in CIDR format if you prefer. The latter is useful if you run web services and receive repeated attacks from countries that don't need access to those services.

As with anything, all these tools can be used for good or evil. "Do no evil," is a mantra that most of us should agree with. I'm happy it was popularized by Google. Sometimes we simply desire to be anonymous for no other reason than to be anonymous, and so that others can't track us. No malicious intent at all. But finding privacy on the internet is not always so easy to do.

Making a choice

Most of us in IT have a certain sense of paranoia about privacy and security - often with good reason. During my own exercise to find out how hard it is to become anonymous, I've come up with a rather simple conclusion: it's all about deciding what amount of privacy and personal information I am willing to give up, in exchange for the goods and services I'm looking to have. As for me, I think I'll keep visiting public Wi-Fi hotspots and use those liveCDs for some time to come.

This article originally appeared in Security Focus.

Copyright © 2006, SecurityFocus


Other stories you might like

  • If you're using the ctx Python package, bad news: Vandal added info-stealing code
    Domain associated with maintainer email expired, taken over in supply-chain attack

    The Python Package Index (PyPI), a repository for Python software libraries, has advised Python developers that the ctx package has been compromised.

    Any installation of the software in the past ten days should be investigated to determine whether sensitive account identifiers stored in environment variables, such as cloud access keys, have been stolen.

    The PyPI administrators estimate that about 27,000 malicious copies of ctx were downloaded from the registry since the rogue versions of ctx first appeared, starting around 19:18 UTC on May 14, 2022.

    Continue reading
  • DigitalOcean sets sail for serverless seas with Functions feature
    Might be something for those who find AWS, Azure, GCP overly complex

    DigitalOcean dipped its toes in the serverless seas Tuesday with the launch of a Functions service it's positioning as a developer-friendly alternative to Amazon Web Services Lambda, Microsoft Azure Functions, and Google Cloud Functions.

    The platform enables developers to deploy blocks or snippets of code without concern for the underlying infrastructure, hence the name serverless. However, according to DigitalOcean Chief Product Officer Gabe Monroy, most serverless platforms are challenging to use and require developers to rewrite their apps for the new architecture. The ultimate goal being to structure, or restructure, an application into bits of code that only run when events occur, without having to provision servers and stand up and leave running a full stack.

    "Competing solutions are not doing a great job at meeting developers where they are with workloads that are already running today," Monroy told The Register.

    Continue reading
  • Patch now: Zoom chat messages can infect PCs, Macs, phones with malware
    Google Project Zero blows lid off bug involving that old chestnut: XML parsing

    Zoom has fixed a security flaw in its video-conferencing software that a miscreant could exploit with chat messages to potentially execute malicious code on a victim's device.

    The bug, tracked as CVE-2022-22787, received a CVSS severity score of 5.9 out of 10, making it a medium-severity vulnerability. It affects Zoom Client for Meetings running on Android, iOS, Linux, macOS and Windows systems before version 5.10.0, and users should download the latest version of the software to protect against this arbitrary remote-code-execution vulnerability.

    The upshot is that someone who can send you chat messages could cause your vulnerable Zoom client app to install malicious code, such as malware and spyware, from an arbitrary server. Exploiting this is a bit involved, so crooks may not jump on it, but you should still update your app.

    Continue reading

Biting the hand that feeds IT © 1998–2022