Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2. 1 source: Wikipedia

Size: px
Start display at page:

Download "Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2. 1 source: Wikipedia"

Transcription

1 Table of Contents 9) Privacy on the Internet? Emmanuel Benoist Spring Term 2015 Presentation Legislation Privacy in danger Technologies Real Life Examples Privacy Enhancing Technologies - PET Privacy Sandboxing Anonymous Proxies Mixes Do-Not-Track HTTP header Conclusion Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 1 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 2 Privacy Presentation Definition 1 Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Example of private information Sexual preferences Diseases Information you do not want to share to everybody Phone number Physical address Work Income... 1 source: Wikipedia Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 3 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 4

2 What is private on the net Information given on web sites Address, Telephone needed for delivering Sexual preferences can be guessed by the visited web sites Expenses is what you buy (or simply visit) Information gathered on your behaviour From visiting some site, just anonymously (no need in any login) Linking of different information Privacy = segregation of profiles Almost impossible on the web Legislation Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 5 Legislation Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 6 What is publicly available Privacy Protection Legislation Federal law and ordonances (for business and federal offices) 26 Cantonal laws (for cantonal offices) EU directive Implementation of the directive in each of the member states Principles Collect only the minimal amount of data Protect the data as much as possible Delete the data as soon as possible Some data are particularly sensitive: Health, race, religion Generally forbidden to store Needs a specific agreement with the privacy officer Your address The picture of your home Your Facebook Account (the public part) Your participation in a firm Everything together Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 7 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 8

3 Privacy in danger Technologies Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 9 Privacy in danger Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 10 Cookies Technologies Cookies HTML5 DataBase Cookies Example Definition Small information included inside a HTTP request (first response, then each request) Cookies are very useful For implementing session For creating a web site For transferring information between parts of a web site 2 2 third parties cookies Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 11 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 12

4 Issues with the use of cookies Long time cookies Cookies surviving many years: the same user is recognized every time It is possible to link many sessions (even without login) together The profile of the user may contain information not given as the user Third Party cookies An image (or any resource) is included inside a document example : <img src=" The request sent to spy.ch contains the following referrer URLReferrer: site.ch/program.php? info= So spy.ch knows what the user is visiting Since spy.ch uses one cookie, they link the actions of the user The user can be followed all over the sites Local Storage of Data Cookies Can be used by javascript But are resent in each request Not convenient for large data-sets Browser specific storage methods userdata: in Internet Explorer 5.5 and above. Local Shared Object: part of the Adobe Flash Player browser plugin. Google Gears: a plugin for Mozilla Firefox and Internet Explorer. Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 13 HTML5 storage Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 14 HTML5 storage (Cont.) Session storage Information is stored for the duration of the session It is not sent to the server It is accessible from Javascript Data is only accessible inside ONE tab or window sessionstorage.setitem( fullname, Hans Muster ); alert( Your name is: + sessionstorage.getitem( fullname )); alert( Hello + sessionstorage.fullname); sessionstorage.removeitem( fullname ); Global storage Data is stored locally and never sent to the server Can be accessed by Javascript and Flash According to specifications, should allow large access Implementations still restrict the access // foo will be accessible by any website globalstorage[ ].foo = bar ; // foo1 will be accessible by websites ending in.com globalstorage[ com ].foo1 = bar1 ; // foo2 will be accessible by example.com globalstorage[ example.com ].foo2 = bar2 ; Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 15 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 16

5 HTML5 storage (Cont.) Local storage Similar to session storage Has two properties: Persistence for long-term storage, the data persists after the window closes Scope data is accessible across all browser windows localstorage.setitem( fullname, Hans Muster ); alert( Your name is: + localstorage.getitem( fullname )); alert( Hello + localstorage.fullname); localstorage.removeitem( fullname ); HTML5 storage (Cont.) Database Storage Structured data stored inside the browser Uses a real SQL database in the clients machine So far only implemented inside Safari var database = opendatabase( Database Name, Database Version ); database.executesql( SELECT FROM test, function(result1) { // do something with the results database.executesql( DROP TABLE test, function(result2) { // do some more stuff alert( My second database query finished executing! ); }); }); Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 17 Browser Fingerprinting Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 18 Browser has a unique fingerprint Mixed of User-Agent HTTP-Accept headers (documents and languages) Time Zone, screen size,... Web Site stating how unique your browser is Real Life Examples Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 19 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 20

6 Real Life Examples The 10 most visited sites in Switzerland 3 Google Schweiz Facebook Google.com YouTube Wikipedia Yahoo! Windows Live Blogger.com Ricardo.ch 20 Minuten 3 source: Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences Most visited sites (Cont.) Requests to odd sites From the BFH web site: Contains the cookie: PREF=ID=551049e5a3e634a3:FF=0:TM= :LM= :S=Wi8nF (do not use any cookies) From Youtube with cookies: id=225919ab c t= et=730 cs=kuwf6-af (no cookie) From 20min.ch No Cookie with cookie CfP=1; JEB2=4DFA52D A2E0EE7A4F0002DC1 20min.wemfbox.ch with cookie srp=75474dfa5e36a ; i00=75474dfa5e36a Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 22 Example of particularly stigmatizing behaviour I log on gmail Google can read all my s, Collects my IP address and preferences I visit a Gay web site I need information about a place The address is given using googlemap I visit the web site of the SVP/UDC and sign a petition They use google as search engine in the web site One organisation centralizes valuable information Sexual preferences Friends and relations Political preferences Privacy Enhancing Technologies - PET Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 23 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 24

7 Privacy Enhancing Technologies - PET Privacy Sandboxing Anonymous Proxies Mixes Remove Third Party Cookies Do-Not-Track HTTP Header Privacy Sandboxing Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 25 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 26 Privacy Sandboxing Use a different username and password for different sites Use pseudonyms on web sites One can easily find that the cookies are the same (or the fingerprint) Use different browsers for different identities Requires a lot of self discipline Not very useful, since the machine has the same IP address Anonymous Proxies Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 27 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 28

8 Anonymous Proxies Different types of proxies Transparent Proxy IP address can be caught by sever using HTTP X FORWARDED FOR variable, such proxies usually used to increase Internet speed and decrease amount of abroad traffic (some Internet providers grant their user free local traffic). Anonymous Proxy IP address can not be caught by server but server knows that proxy was used during connection. It is very useful to be anonymous surfing in Internet. Elite Proxy IP address as well as fact that proxy was used during connection can not be caught by server. Best way to hide any information about you presence in Internet. Mixes Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 29 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 30 Mixes Problems with a Proxy All your traffic can be monitored by one single person Your ISP can intercept all the traffic IP address is hidden, but HTTP is still unencrypted Solution: Mixes A cascade of different independent servers The browser contains an tool, serving as local proxy The traffic is encrypted and sent to a first proxy Packet are then sent encrypted to other servers Finally the last server sends the requests to the server Protection offered The ISP can not see anything of the traffic Only if all servers cooperate, the identity of the client having sent a request can be known Do-Not-Track HTTP header Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 31 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 32

9 Do-Not-Track HTTP Header Header included by the browser It shows an opt-out willingness of the user The web site knows that the user do not want to be tracked Included in Firefox and Chrome Purely declarative This does not force anybody to do anything but can become legally a problem for data-miners The user shows that he/she does not give his/her consent What should be the reaction of the web site Do not deliver the service? (since the business model rely on tracking) Do not respect the declaration? Conclusion Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 33 Conclusion - Privacy Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 34 References Location Based Services Included in the HTML5 protocol Offer new possibility to acquire useful information Privacy vs Security Security should not be achieved on the cost of Privacy You can not do anything you want for security You must find the right balance (and the legal balance) HTML5 storage of data html/html5-client-side/ Anonymous Proxies List The fingerprint of your browser Know what is publicly available about you Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 35 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 36

10 Quality Insurance Conclusion - Web Security Course Discussion Web Security is in a rapid evolving environment New paradigms for Web Applications (Ajax, JSON,... ) New standards (HTML5 / new headers in HTTP) OWASP is a solide reference Web Security is a serious topic Top 10 gives an overview of the most dangerous items Software Security Must be integrated in the Softare Development Life Cycle (SDLC) The sooner the better From Design to Testing. Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 37 Berner Fachhochschule Haute cole spcialise bernoise Berne University of Applied Sciences 38

ABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services.

ABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services. ABC PRIVACY POLICY The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services. Our goal is to provide you and your family with media experiences

More information

Checking Browser Settings, and Basic System Requirements for QuestionPoint

Checking Browser Settings, and Basic System Requirements for QuestionPoint Checking Browser Settings, and Basic System Requirements for QuestionPoint This document covers basic IE settings and system requirements necessary for QuestionPoint. These settings and requirements apply

More information

Device Fingerprinting and Fraud Protection Whitepaper

Device Fingerprinting and Fraud Protection Whitepaper Device Fingerprinting and Fraud Protection Whitepaper 1 of 6 Table Of Contents 1 Overview... 3 2 What is Device Fingerprinting?... 3 3 Why is Device fingerprinting necessary?... 3 4 How can Device Fingerprinting

More information

Reading an email sent with Voltage SecureMail. Using the Voltage SecureMail Zero Download Messenger (ZDM)

Reading an email sent with Voltage SecureMail. Using the Voltage SecureMail Zero Download Messenger (ZDM) Reading an email sent with Voltage SecureMail Using the Voltage SecureMail Zero Download Messenger (ZDM) SecureMail is an email protection service developed by Voltage Security, Inc. that provides email

More information

Infor Xtreme Browser References

Infor Xtreme Browser References Infor Xtreme Browser References This document describes the list of supported browsers, browser recommendations and known issues. Contents Infor Xtreme Browser References... 1 Browsers Supported... 2 Browser

More information

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins During initial stages of penetration testing it is essential to build a strong information foundation before you

More information

USG40HE Content Filter Customization

USG40HE Content Filter Customization USG40HE Content Filter Customization This guide is designed to help with the setup of the ZyWALL s content filtering feature. Supported Devices USG40HE Firmware version 4.10(AALA.0) or later Overview Content

More information

Is preventing browser fingerprinting a lost cause?

Is preventing browser fingerprinting a lost cause? Is preventing browser fingerprinting a lost cause? Obligations of W3C specification authors and reviewers to preserve passive privacy properties of the user agent. What are we talking about? You call it

More information

KUB Website Troubleshooting

KUB Website Troubleshooting KUB Website Troubleshooting Are you having problems getting to the KUB website at http://www.kub.org/? If you type in your user ID and password and press the login button, are you routed right back to

More information

Learning Management System (LMS) Quick Tips. Contents LMS REFERENCE GUIDE

Learning Management System (LMS) Quick Tips. Contents LMS REFERENCE GUIDE Learning Management System (LMS) Quick Tips Contents Process Overview... 2 Sign into the LMS... 3 Troubleshooting... 5 Required Software... 5 Mobile devices are not supported... 5 Using the Check System

More information

Facebook Smart Card FB 121211_1800

Facebook Smart Card FB 121211_1800 Facebook Smart Card FB 121211_1800 Social Networks - Do s and Don ts Only establish and maintain connections with people you know and trust. Review your connections often. Assume that ANYONE can see any

More information

Cookies themselves do not require personal information to be used and, in most cases, not personally identify Internet users.

Cookies themselves do not require personal information to be used and, in most cases, not personally identify Internet users. About Cookies Website latelier-restaurant.ro uses cookies. The following information is intended to inform the user more information about placing, use and administration "cookies" used by the website

More information

A guide to affilinet s tracking technology

A guide to affilinet s tracking technology A guide to affilinet s tracking technology Content Introduction 1 What s covered in this Paper? 1 1. Why does affilinet use cookies? 1 Figure 1 the Commercial Model for Performance Marketing 1 2. How does

More information

AdvancedMD Online Privacy Statement

AdvancedMD Online Privacy Statement AdvancedMD Online Privacy Statement Effective date: September 1, 2015 This Privacy Statement explains how AdvancedMD uses and discloses personal information that we collect from people who visit our websites

More information

MEGA Web Application Architecture Overview MEGA 2009 SP4

MEGA Web Application Architecture Overview MEGA 2009 SP4 Revised: September 2, 2010 Created: March 31, 2010 Author: Jérôme Horber CONTENTS Summary This document describes the system requirements and possible deployment architectures for MEGA Web Application.

More information

Leonardo Hotels Group Page 1

Leonardo Hotels Group Page 1 Privacy Policy The Leonardo Hotels Group, represented by Sunflower Management GmbH & Co.KG, respects the right to privacy of every individual who access and navigate our website. Leonardo Hotels takes

More information

Anonymity on the Internet Over Proxy Servers

Anonymity on the Internet Over Proxy Servers Anonymity on the Internet Over Proxy Servers Final Product Fábio Rodrigues ei08116@fe.up.pt Matej Bulić ei12010@fe.up.pt Introduction user always leaves digital sign need for security and anonymity Proxy

More information

How we use cookies on our website

How we use cookies on our website How we use cookies on our website We use cookies on our site to improve performance and enhance your user experience. This policy explains how cookies work. What are cookies? Cookies are small text files

More information

Guidelines for Researching Potential Jurors: Minimizing The Risks Of Leaving Footprints Behind The Problem

Guidelines for Researching Potential Jurors: Minimizing The Risks Of Leaving Footprints Behind The Problem Guidelines for Researching Potential s: Minimizing The Risks Of Leaving Footprints Behind The Problem Introduction As technology evolves, new ways of communicating emerge that cause existing policies and

More information

8ch.net Privacy Policy

8ch.net Privacy Policy 8ch.net Privacy Policy Supersedes previous privacy policy dated December 28 2014 Wednesday, July 8, 2015; Effective Wednesday, July 22, 2015 Contents 1 Changelog 2 1.1 Changes between the December 28 2014

More information

Web Tracking for You. Gregory Fleischer

Web Tracking for You. Gregory Fleischer Web Tracking for You Gregory Fleischer 1 INTRODUCTION 2 Me Gregory Fleischer Senior Security Consultant at FishNet Security 3 Disclaimer Why do you hate? 4 Reasons For Tracking TradiFonal reasons for tracking

More information

Support Documentation

Support Documentation Support Documentation WP-Live-Chat-Support 2/5/2014 This document is here to help WordPress Users and Developers Install and Troubleshoot WP-Live- Chat-Support Contents General Info Before you begin...

More information

Cookie Policy. Introduction About Cookies

Cookie Policy. Introduction About Cookies Introduction About Cookies Cookie Policy Most websites you visit will use in order to improve your user experience by enabling that website to remember you, either for the duration of your visit (using

More information

Cyber Security Workshop Ethical Web Hacking

Cyber Security Workshop Ethical Web Hacking Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp

More information

Adaptive Business Management Systems Privacy Policy

Adaptive Business Management Systems Privacy Policy Adaptive Business Management Systems Privacy Policy Updated policy: Effective on July 01, 2013 This privacy statement describes how Adaptive Business Management Systems collects and uses the personal information

More information

Checking IE Settings, and Basic System Requirements for QuestionPoint

Checking IE Settings, and Basic System Requirements for QuestionPoint Checking IE Settings, and Basic System Requirements for QuestionPoint This document covers basic IE settings and system requirements necessary for QuestionPoint. These settings and requirements apply to

More information

Are you having trouble logging in with a Username that contains special characters or spaces?

Are you having trouble logging in with a Username that contains special characters or spaces? Troubleshooting Guide Forgot your Username or Password? Are you having trouble logging in with a Username that contains special characters or spaces? Can t launch a course in InfoComm University? Can t

More information

How To Understand The History Of The Web (Web)

How To Understand The History Of The Web (Web) (World Wide) Web WWW A way to connect computers that provide information (servers) with computers that ask for it (clients like you and me) uses the Internet, but it's not the same as the Internet URL

More information

Technical Guide for Remote access

Technical Guide for Remote access Technical Guide for Remote access Frequently Asked Questions about using EZ Proxy to access Library resources off campus. Login Help Who is allowed access? I m having trouble logging in. Finding Articles

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 Copyright ESOMAR 2012 TABLE OF CONTENTS 2 Objectives 2 Introduction 3 Definitions 4 SECTION 1: APPLICABLE LAW 4 SECTION 2: WHAT YOU NEED TO KNOW SOME FAQs 5

More information

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

HTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common

More information

Edwin Analytics Getting Started Guide

Edwin Analytics Getting Started Guide Edwin Analytics Getting Started Guide This guide provides assistance for accessing and using Edwin Analytics, the Department of Elementary and Secondary Education s (ESE) online tool for expanding data

More information

Recommended Browser Setting for MySBU Portal

Recommended Browser Setting for MySBU Portal The MySBU portal is built using Microsoft s SharePoint technology framework, therefore, for the best viewing experience, Southwest Baptist University recommends the use of Microsoft s Internet Explorer,

More information

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3 Open-Xchange Authentication & Session Handling Table of Contents 1.Introduction...3 2.System overview/implementation...4 2.1.Overview... 4 2.1.1.Access to IMAP back end services...4 2.1.2.Basic Implementation

More information

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0 Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual Document Version 1.0 Table of Contents 1 SWAF... 4 1.1 SWAF Features... 4 2 Operations and User Manual... 7 2.1 SWAF Administrator

More information

Networks and the Internet A Primer for Prosecutors and Investigators

Networks and the Internet A Primer for Prosecutors and Investigators Computer Crime & Intellectual Property Section Networks and the Internet A Primer for Prosecutors and Investigators Michael J. Stawasz Senior Counsel Computer Crime and Intellectual Property Section ()

More information

Cookie Policy. Introduction About Cookies

Cookie Policy. Introduction About Cookies Introduction About Cookies Cookie Policy Most websites you visit will use cookies in order to improve your user experience by enabling that website to remember you, either for the duration of your visit

More information

Privacy Policy. 1. Principle

Privacy Policy. 1. Principle Privacy Policy WHU Otto Beisheim School of Management (hereinafter WHU ) is committed to protecting the privacy and security of the personal information collected from visitors to, and members of, the

More information

ICE Trade Vault. Public User & Technology Guide June 6, 2014

ICE Trade Vault. Public User & Technology Guide June 6, 2014 ICE Trade Vault Public User & Technology Guide June 6, 2014 This material may not be reproduced or redistributed in whole or in part without the express, prior written consent of IntercontinentalExchange,

More information

Privacy Policy. 1. Principle

Privacy Policy. 1. Principle Privacy Policy Zächel Aktiengesellschaft (hereinafter Zächel AG ) is committed to protecting the privacy and security of the personal information collected from visitors to, and members of, the Camp Beckenbauer

More information

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications

More information

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us)

This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us) This Privacy Policy has been prepared by DEBTSUPPORTCENTRE (the Company, we or us) and (together with our terms of use www.debtsupportcentre.co.uk and any other documents referred to on it) sets out the

More information

New Online Banking Guide for FIRST time Login

New Online Banking Guide for FIRST time Login New Online Banking Guide for FIRST time Login Step 1: Login Enter your existing Online Banking User ID and Password. Click Log-In. Step 2: Accepting terms and Conditions to Proceed Click on See the terms

More information

Privacy leakage vs. Protection measures: the growing disconnect

Privacy leakage vs. Protection measures: the growing disconnect Privacy leakage vs. Protection measures: the growing disconnect Balachander Krishnamurthy (AT&T Labs Research) Konstantin Naryshkin (Worcester Polytechnic Institute) Craig E. Wills (Worcester Polytechnic

More information

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app

Instructions for Configuring Your Browser Settings and Online Security FAQ s. ios8 Settings for iphone and ipad app Instructions for Configuring Your Browser Settings and Online Security FAQ s ios8 Settings for iphone and ipad app General Settings The following browser settings and plug-ins are required to properly

More information

DESTINATION MELBOURNE PRIVACY POLICY

DESTINATION MELBOURNE PRIVACY POLICY DESTINATION MELBOURNE PRIVACY POLICY 2 Destination Melbourne Privacy Policy Statement Regarding Privacy Policy Destination Melbourne Limited recognises the importance of protecting the privacy of personally

More information

Manual. Netumo NETUMO HELP MANUAL WWW.NETUMO.COM. Copyright Netumo 2014 All Rights Reserved

Manual. Netumo NETUMO HELP MANUAL WWW.NETUMO.COM. Copyright Netumo 2014 All Rights Reserved Manual Netumo NETUMO HELP MANUAL WWW.NETUMO.COM Copyright Netumo 2014 All Rights Reserved Table of Contents 1 Introduction... 0 2 Creating an Account... 0 2.1 Additional services Login... 1 3 Adding a

More information

Hiding Tracks on the Net

Hiding Tracks on the Net Hiding Tracks on the Net Ways one might hide their tracks Private Browsing Anonymizers & Proxy Servers SSL / TLS Passwords False Information Public Networks Email Services Encryption Firewalls Private

More information

The Winnipeg Foundation Privacy Policy

The Winnipeg Foundation Privacy Policy The Winnipeg Foundation Privacy Policy The http://www.wpgfdn.org (the Website ) is operated by The Winnipeg Foundation (the Foundation ). The Winnipeg Foundation Privacy Policy Foundation is committed

More information

Index. AdWords, 182 AJAX Cart, 129 Attribution, 174

Index. AdWords, 182 AJAX Cart, 129 Attribution, 174 Index A AdWords, 182 AJAX Cart, 129 Attribution, 174 B BigQuery, Big Data Analysis create reports, 238 GA-BigQuery integration, 238 GA data, 241 hierarchy structure, 238 query language (see also Data selection,

More information

How To Login To A Website On A Pc Or Mac Or Mac (For Pc Or Ipad)

How To Login To A Website On A Pc Or Mac Or Mac (For Pc Or Ipad) What browser types are supported? Do I need to allow cookies? What are session cookies? The system is asking me to login again and says my session has timed out. What does this mean? I am locked out after

More information

Project X Mass interception of encrypted connections

Project X Mass interception of encrypted connections Project X Mass interception of encrypted connections What? SSL/TLS interception TOR interception ...a thorny path Common Issues Public Key Pinning avoids rogue CA to sign certs Common Issues Google and

More information

How to train your Browser Controller

How to train your Browser Controller How to train your Browser Controller Table of Contents ABOUT 3 TOP BAR SETTINGS 3 CHILD LOCK 3 SPYDERWEB 3 PERSONAL PRIVACY EXPOSURE 4 KEY & STATS 4 GRAPH VIEW 4 AUTO-REFRESH 5 DOMAIN GEO-LOCATION INFO

More information

User identification or authentication cookies (session only). Supplementary (plug-in) cookies for the exchange of social content.

User identification or authentication cookies (session only). Supplementary (plug-in) cookies for the exchange of social content. USE OF COOKIES NEUROELECTRICS BARCELONA, S.L.U. may, itself or through a third party hired for the provision of measurement services, use cookies while the user browses this website. Cookies are files

More information

MAXA-COOKIE-MANAGER - USER MANUAL - SW-Release V 5.0 / Document Rev. 1.1

MAXA-COOKIE-MANAGER - USER MANUAL - SW-Release V 5.0 / Document Rev. 1.1 MAXA-COOKIE-MANAGER - USER MANUAL - SW-Release V 5.0 / Document Rev. 1.1 Quick Start Once installed MAXA Cookie Manager goes to work immediately to gather information about the cookies on your system and

More information

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us. c4m Privacy Policy Last Modified: July 20, 2015 Colbette II Ltd., Block 1, 195-197 Old Nicosia-Limassol Road, Dali Industrial Zone, Cyprus 2540 (hereinafter "c4m", Colbette we", "our" or "us") is always

More information

Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013

Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013 Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013 This Microsoft privacy statement sets out how your personal information is used by Vodafone in connection with the provision of the Microsoft

More information

Visitors to our website The LCTHF website collects information about each visitor in several ways. These may include:

Visitors to our website The LCTHF website collects information about each visitor in several ways. These may include: Privacy Policy The Lewis and Clark Trail Heritage Foundation, here after referred to as the LCTHF, is committed to respecting and protecting your privacy. This privacy policy governs our collection and

More information

Outlook Web Access Tipsheets

Outlook Web Access Tipsheets You can use a Web browser to access your Outlook mailbox from any computer with an Internet connection. You can use Outlook Web Access with Microsoft Internet Explorer, Mozilla Firefox and many other browsers.

More information

SAML-Based SSO Solution

SAML-Based SSO Solution About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,

More information

Preparing for the Cross Site Request Forgery Defense

Preparing for the Cross Site Request Forgery Defense Preparing for the Cross Site Request Forgery Defense Chuck Willis chuck.willis@mandiant.com Black Hat DC 2008 February 20, 2008 About Me Principal Consultant with MANDIANT in Alexandria, VA Full spectrum

More information

CONSENT TO PROCESSING IN THE UNITED STATES AND ELSEWHERE.

CONSENT TO PROCESSING IN THE UNITED STATES AND ELSEWHERE. Privacy Statement Elanco, a division of Eli Lilly and Company (Lilly), (referred to as Elanco or Lilly in this Privacy Statement) respects the privacy of visitors to our websites, and as a result, we have

More information

Cleaning Encrypted Traffic

Cleaning Encrypted Traffic Optenet Documentation Cleaning Encrypted Traffic Troubleshooting Guide iii Version History Doc Version Product Date Summary of Changes V6 OST-6.4.300 01/02/2015 English editing Optenet Documentation

More information

Note: Password must be 7-16 characters and contain at least one uppercase letter and at least one number.

Note: Password must be 7-16 characters and contain at least one uppercase letter and at least one number. Krowd Technical FAQ TEAM MEMBERS If you need assistance with krowd, please call the TEAM MEMBER Help Desk at 800-832-7336. We want to hear your suggestions and feedback! Please join the krowd Source community

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

Cookie Policy. Introduction About Cookies

Cookie Policy. Introduction About Cookies Introduction About Cookies Cookie Policy Most websites you visit will use in order to improve your user experience by enabling that website to remember you, either for the duration of your visit (using

More information

SmartGrant Web Browser Set-Up

SmartGrant Web Browser Set-Up SmartGrant Web Browser Set-Up TABLE OF CONTENTS SmartGrant Supported Web Browsers for Windows... 2 Configuring Your Web Browser for SmartGrant... 3 Internet Explorer... 3 Firefox... 10 Chrome... 15 Safari...

More information

Cookies which our online service providers use Updated 12 th May 2015

Cookies which our online service providers use Updated 12 th May 2015 Cookies which our online service providers use Updated 12 th May 2015 / persistent cookies Online service Objective Name Type of cookie More information from service provider consultation (persistent)

More information

Akita International University Online Application System. Usage Manual

Akita International University Online Application System. Usage Manual Akita International University Online Application System Usage Manual Please Check the Following Before You Begin To Access the System: Ensure you are using one of the following Operating Systems (OS)

More information

Secure Web Appliance. SSL Intercept

Secure Web Appliance. SSL Intercept Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

Cookies Compliance Advisory

Cookies Compliance Advisory Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve

More information

Student ANGEL FAQs. General Issues: System Requirements:

Student ANGEL FAQs. General Issues: System Requirements: Student ANGEL FAQs General Issues: What is ANGEL? How do I log in? What is my username and password? How do I activate my account? I forgot my C number/password, what do I do? I registered after the first

More information

How To Use Moodle Online Class On A Pc Or Mac Or Ipad (For Acedo) On A Computer Or Mac) On Your Computer Or Ipod Or Ipo (For An Ipo) For Acedor Or Mac (

How To Use Moodle Online Class On A Pc Or Mac Or Ipad (For Acedo) On A Computer Or Mac) On Your Computer Or Ipod Or Ipo (For An Ipo) For Acedor Or Mac ( Welcome to Stanly Online, This document has been sent to you to supply the information you need to: access our online learning system AND find help, should the need arise Accessing : Your online class

More information

PRIVACY POLICY. FAIRWAY LEASING, LLC dba Aaron s Sales & Lease Ownership. Page 1 of 8

PRIVACY POLICY. FAIRWAY LEASING, LLC dba Aaron s Sales & Lease Ownership. Page 1 of 8 Aaron s Inc. (the Franchisor or Aaron s ) operate through a franchise model of business and licenses the Aaron s brand to independently owned operators. This Privacy Policy ( Policy ) describes how Fairway

More information

Joe St Sauver, Ph.D. joe@internet2.edu or joe@uoregon.edu Manager, InCommon Cer;ficate Program and Manager, Internet2 Na;onwide Security Programs

Joe St Sauver, Ph.D. joe@internet2.edu or joe@uoregon.edu Manager, InCommon Cer;ficate Program and Manager, Internet2 Na;onwide Security Programs HTTP Strict Transport Security Performance: Is There An Issue? Does the Performance Working Group Have RecommendaAons for Tuning SSL/TLS For Internet2 Class Traffic? Joe St Sauver, Ph.D. joe@internet2.edu

More information

Repsheet. A Behavior Based Approach to Web Application Security. Aaron Bedra Application Security Lead Braintree Payments. tirsdag den 1.

Repsheet. A Behavior Based Approach to Web Application Security. Aaron Bedra Application Security Lead Braintree Payments. tirsdag den 1. Repsheet A Behavior Based Approach to Web Application Security Aaron Bedra Application Security Lead Braintree Payments Right now, your web applications are being attacked And it will happen again, and

More information

Access to Kozminski University library databases from home

Access to Kozminski University library databases from home Access to Kozminski University library databases from home All students and staff at Kozminski University can benefit from special, purchased by the Library of ALK, databases containing many interesting

More information

P&WC Portal Settings. 1) Portal Language Setting:

P&WC Portal Settings. 1) Portal Language Setting: P&WC Portal Settings In order to set your Internet Explorer Browser and to resolve a few specific issues that users of the P&WC Portal might have, we recommend that you change a few settings in your browser.

More information

AddPac Technology. 2013, Sales and Marketing. www.addpac.com

AddPac Technology. 2013, Sales and Marketing. www.addpac.com Smart SIM Server Manager AddPac Technology 2013, Sales and Marketing www.addpac.com Contents Main Features Service Network Diagram System Requirement Manager Login Configuration Management Monitoring Management

More information

The Future of Maintaining State September 18, 2014 Presented By Marc Groman, Network Advertising Initiative Reed Freeman, Morrison & Foerster, LLP

The Future of Maintaining State September 18, 2014 Presented By Marc Groman, Network Advertising Initiative Reed Freeman, Morrison & Foerster, LLP mofo.com The Future of Maintaining State September 18, 2014 Presented By Marc Groman, Network Advertising Initiative Reed Freeman, Morrison & Foerster, LLP What is Maintaining State? Keeping track of a

More information

Technical Specifications. Technical requirements for Eversheds E-Learning and Learning Management System (LMS)

Technical Specifications. Technical requirements for Eversheds E-Learning and Learning Management System (LMS) Technical Specifications Technical requirements for Eversheds E-Learning and Learning Management System (LMS) 1 Learning Management System (LMS) Client Requirements... 3 Web browsers... 3 ActiveX security

More information

TxEIS Browser Settings

TxEIS Browser Settings TxEIS Browser Settings Updated May 2016 The TxEIS Browser Settings document lists supported browsers and recommended browser settings which will allow you to utilize the TxEIS system at its fullest potential

More information

Create your portal account, and connect to your medical records.

Create your portal account, and connect to your medical records. Create your portal account, and connect to your medical records. Follow these steps if you have not received an email invitation to register. Any questions, please email us at patientportal@raleighmedicalgroup.com

More information

Handling of "Dynamically-Exchanged Session Parameters"

Handling of Dynamically-Exchanged Session Parameters Ingenieurbüro David Fischer AG A Company of the Apica Group http://www.proxy-sniffer.com Version 5.0 English Edition 2011 April 1, 2011 Page 1 of 28 Table of Contents 1 Overview... 3 1.1 What are "dynamically-exchanged

More information

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration

More information

PRIVACY POLICY. Types of Information Collected

PRIVACY POLICY. Types of Information Collected PRIVACY POLICY Tres Carnes ( we, our, or us, ) respects and is committed to protecting your privacy. That is why we have adopted this Privacy Policy. This Privacy Policy lets you know how and for what

More information

Reference Guide for WebCDM Application 2013 CEICData. All rights reserved.

Reference Guide for WebCDM Application 2013 CEICData. All rights reserved. Reference Guide for WebCDM Application 2013 CEICData. All rights reserved. Version 1.2 Created On February 5, 2007 Last Modified August 27, 2013 Table of Contents 1 SUPPORTED BROWSERS... 3 1.1 INTERNET

More information

DentalTek Privacy Statement

DentalTek Privacy Statement DentalTek Privacy Statement DentalTek (the Company ) is committed to protecting the privacy of individuals who visit the Sites ( Visitors ), individuals who register to use the Services (as defined below)

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: 5.0.00 Document Version: 02.01.12

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: 5.0.00 Document Version: 02.01.12 M86 Web Filter USER GUIDE for M86 Mobile Security Client Software Version: 5.0.00 Document Version: 02.01.12 M86 WEB FILTER USER GUIDE FOR M86 MOBILE SECURITY CLIENT 2012 M86 Security All rights reserved.

More information

PRIVACY POLICY (LAST UPDATED: 29.05.2015)

PRIVACY POLICY (LAST UPDATED: 29.05.2015) PRIVACY POLICY (LAST UPDATED: 29.05.2015) CONTENTS 1 Personally Identifiable Information... 3 2 Collection of Personally Identifiable and Other Data and Information... 3 2.1 When visiting our website www.zanox.com...

More information

Pay Reply website Privacy Policy. Data processor. Location of data processing. Types of processed data

Pay Reply website Privacy Policy. Data processor. Location of data processing. Types of processed data Pay Reply website Privacy Policy This page provides an outline of the way the personal data of Pay Reply website visitors is managed. This notice is also provided according to the terms of art. 13 of Italian

More information

Using the SimNet Course Manager

Using the SimNet Course Manager Using the SimNet Course Manager Using the SimNet Course Manager Contents Overview...3 Requirements...3 Navigation...3 Action Menus...3 Sorting Lists...4 Expanding and Collapsing Sections...4 Instructor

More information

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip Load testing with WAPT: Quick Start Guide This document describes step by step how to create a simple typical test for a web application, execute it and interpret the results. A brief insight is provided

More information

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.

More information

Online Banking Guide. Online Banking Overview. e-guide. Online Banking Security Getting Started

Online Banking Guide. Online Banking Overview. e-guide. Online Banking Security Getting Started e-guide Whitney Bank provides a safe, fast and easy way to manage your finances on your terms. You can take care of all your banking needs from home, work or anywhere you have Internet access. Look at

More information

Web Conferencing Version 8.3 Troubleshooting Guide

Web Conferencing Version 8.3 Troubleshooting Guide System Requirements General Requirements Web Conferencing Version 8.3 Troubleshooting Guide Listed below are the minimum requirements for participants accessing the web conferencing service. Systems which

More information

Department of Homeland Security Use of Google Analytics

Department of Homeland Security Use of Google Analytics for the DHS/ALL 033 June 9, 2011 Contact Point Kathleen McShea Director of New Media and Web Communications Office of Public Affairs (202) 282-8166 Reviewing Official Mary Ellen Callahan Chief Privacy

More information

Security and Fraud Exceptions Under Do Not Track. Christopher Soghoian Center for Applied Cybersecurity Research, Indiana University

Security and Fraud Exceptions Under Do Not Track. Christopher Soghoian Center for Applied Cybersecurity Research, Indiana University Security and Fraud Exceptions Under Do Not Track Christopher Soghoian Center for Applied Cybersecurity Research, Indiana University Position Paper for W3C Workshop on Web Tracking and User Privacy 28/29

More information