j-sec.co.uk Report : Visit Site

Technical data of the j-sec.co.uk

Geo IP provides you such as latitude, longitude and ISP (Internet Service Provider) etc. informations. Our GeoIP service found where is host j-sec.co.uk. Currently, hosted in Virgin Islands, British and its service provider is Confluence Networks UK .

the related websites

arstechnica.com diynot.com audionote.co.uk folkestonehistory.org bigearsaudio.org.uk spanish.phione.co.uk eng.cam.ac.uk lennonwylie.co.uk wiki.diyfaq.org.uk st-andrews.ac.uk 

HTTP Header Analysis

HTTP Header information is a part of HTTP protocol that a user's browser sends to called Apache/2.4.29 (cPanel) OpenSSL/1.0.2n mod_bwlimited/1.4 Phusion_Passenger/5.1.12 containing the details of what the browser wants and will accept back from the web server.

DNS

HtmlToText

j-sec security consultancy securing the world of payments menu skip to content home services useful breach calculator check compromise ico report breach cluley cve database dataloss db finextra gchq immobilise lets encrypt ponemon institue schneier on security ssl labs visual breaches about contact us search for: how anonymous is anonymous? february 24, 2016 security anonymous , csrf , data protection , eu cookie directive , privacy jason with the internet of things, companies and researchers are finding innovative ways to collect data about our habits, thoughts, desires, usage and even what we search for on the internet. take the very recent case of a professional footballer who had some relevant search history presented during his court case… what’s that got to do with anything? i was contacted by a friend to help with their son’s higher education survey that was designed to collect some personal data to be used for analysis and help with their homework project. the education department had provided their internal survey engine for the student to use, all he had to do was supply the engine questions and it will take care of the rest. all he has to do is publicise the survey, hope it goes viral and wait for the answers to come rolling in. at this point the job of analysing the data received can begin and he completes the assignment with a gold star. i’d alerted my friend that the survey wasn’t anonymous, however i was informed that all information is anonymous and had undergone all the basic rigour, approvals and compliance to be undertaken for protecting the data in this way… so what’s the problem? with any discipline, there are multiple levels of understanding of subject matter, and sometimes the “wisdom of crowds mentality” takes over logical and researched thought. after all, if alan and amanda and their mates say it’s ok, it must be ok right? how can that many people get it so wrong? wrong… hence why i’ve created the blog to highlight the dangers of sharing personal information over the internet, and hopefully make you think about the art of the possible to the right motivated group of professionals. i’d taken a look at the survey, there was some basic information on the student, and straight into the questions and thought “hmmm…. this is going to need some thought”… i closed my browser, and returned a while later, clicked on the link that was shared on social media networks and instead of the cover page, i was returned to point i had last reached in the set of questions. the old spidey senses were tingling … if you have a top level web address (url), i.e. mybrilliantsurvey.com/surveyname and that page is created by some backend code, then in order to remember your last position the site needs to store a file called a “ cookie” on your computer or smart device. if you live in the eu and need to store data on a user’s device from a webpage, you must obtain explicit consent in accordance to the eu cookie directive which came into effect in the uk from 26 th may 2011. in a nut shell, all websites serving pages in the european union have to comply with the law by clearly stating their intent to store information on your computer and you are given the choice to accept or decide to navigate away from the web page itself. failure to comply with the law may result in a fine or worst case imprisonment in reality, the organisation or owner responsible for the web pages will get a warning if reported in the first instance to the ico. in fairness, the student is a consumer of it and by no means an it subject matter expert and in creating the survey he may or may not have been aware of the directive. the education facility and staff are responsible for ensuring their it systems are compliant and that students are fully informed when using their applications/software. in this example, they are putting the student at risk of being in line for being non-compliant as they are clearly named on the form. clearing cache’s, removing cookies and using different browsers, i was able to confirm that the website does not warn me about the use of cookies prior to continuing on it’s information quest, and therefore is clearly in breach of the eu cookie law. so what? it’s just a cookie isn’t it? what harm can that do? it’s no big deal i hear you cry… well… although this survey site didn’t have any requirement for creating an account and signing in, it does stores a session cookie. this cookie contains a string… xsrf-token xsrf_8aab00bma7nfegn xxxxxxxx this is interesting, by manipulating the xsrf-token you are able to see any current, incomplete or abandoned session data another user has started. you can even modify that data… (session hi-jacking) modifying cookies in this manner is one of many basic penetration tests security consultants undertake on websites, and is commonly referred to as cross site scripting or xss for short. this enables you to hi-jack session data from another user without requiring to authenticate yourself against the target platform. armed with this information and some other pieces, it was possible to perform reverse lookups that would lead to the identity of the user who entered the initial data. an explanation of how, would probably not be the wisest thing to do here… when all is said and done, who would be interested in a school survey site? what is the risk to data? you can argue a case for either, saying it’s of no interest. but… with today’s technological millenials who are more interested in living every aspect of their lives on-line will find little room for privacy, and make social profiling much easier for todays tech savvy fraudster. they are more accepting of it and will happily provide data for themselves and others without thinking security and safety first, and at the same time need some education around acceptable internet usage and it’s associated laws designed to protect them. when you are next approached to complete a survey on-line ask yourself the following :- am i happy that the information i provide may become public. am i happy that the information provided may be traceable back to me? how will the researcher store and manage my data? it is likely the data will be downloaded to their laptop or server. it is even more likely that data will be unencrypted. how will researcher destroy the data after it’s served its purpose? the data collated is still covered by the 1998 data protection act (amended in 1999) how would you feel if your data was breached or compromised and made available on the open market? both now. in 10 years time? the eight guiding principles of the uk data protection act the data protection act controls how your personal information is used by organisations, businesses or the government. everyone responsible for using data has to follow strict rules called ‘data protection principles’. they must make sure the information is: used fairly and lawfully used for limited, specifically stated purposes used in a way that is adequate, relevant and not excessive accurate kept for no longer than is absolutely necessary handled according to people’s data protection rights kept safe and secure not transferred outside the european economic area without adequate protection and there is stronger legal protection for more sensitive information, such as: ethnic background political opinions religious beliefs health sexual health criminal records references: cookie law: https://www.cookielaw.org/the-cookie-law/ https://www.cookielaw.org/faq/ ico – information commissioners office https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/ the data protection act https://www.gov.uk/data-protection/the-data-protection-act cross-site request forgery https://en.wikipedia.org/wiki/cross-site_request_forgery https://www.owasp.org/index.php/cross-site_request_forgery_(csrf)_prevention_cheat_sheet share this: click to email this to a friend (opens in new window) click to print (opens in new window) click t

URL analysis for j-sec.co.uk

http://j-sec.co.uk/index.php/tag/csrf/
http://j-sec.co.uk/#wp-toolbar
http://j-sec.co.uk/index.php/2015/06/13/welcome/?share=pinterest
http://j-sec.co.uk/wp-login.php?redirect_to=http%3a%2f%2fj-sec.co.uk%2f
http://j-sec.co.uk/index.php/category/security/
http://j-sec.co.uk/index.php/tag/base24-classic/
http://j-sec.co.uk/index.php/2016/02/24/how-anonymous-is-anonymous/?share=linkedin
http://j-sec.co.uk/index.php/2015/06/13/welcome/?share=email
http://j-sec.co.uk/index.php/2015/07/21/base24/
http://j-sec.co.uk/index.php/2015/07/21/base24/?share=reddit
http://j-sec.co.uk/index.php/tag/data-protection/
http://j-sec.co.uk/index.php/2015/06/13/welcome/?share=pocket
http://j-sec.co.uk/index.php/2015/07/21/base24/?share=linkedin
http://j-sec.co.uk/index.php/2016/02/24/how-anonymous-is-anonymous/?share=pinterest
http://j-sec.co.uk/index.php/2016/02/24/how-anonymous-is-anonymous/?share=facebook
gov.uk
ico.org.uk
gchq.gov.uk
legislation.gov.uk

Whois Information

Whois is a protocol that is access to registering information. You can reach when the website was registered, when it will be expire, what is contact details of the site with the following informations. In a nutshell, it includes these informations;

Error for "j-sec.co.uk".

the WHOIS query quota for 2600:3c03:0000:0000:f03c:91ff:feae:779d has been exceeded
and will be replenished in 49 seconds

WHOIS lookup made at 23:11:38 12-Sep-2017

--
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:

Copyright Nominet UK 1996 - 2017.

You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.uk/whoisterms,
which includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

  REFERRER http://www.nominet.org.uk

  REGISTRAR Nominet UK

SERVERS

  SERVER co.uk.whois-servers.net

  ARGS j-sec.co.uk

  PORT 43

  TYPE domain

DISCLAIMER
This WHOIS information is provided for free by Nominet UK the central registry
for .uk domain names. This information and the .uk WHOIS are:
Copyright Nominet UK 1996 - 2017.
You may not access the .uk WHOIS or use any data from it except as permitted
by the terms of use available in full at http://www.nominet.uk/whoisterms,
which includes restrictions on: (A) use of the data for advertising, or its
repackaging, recompilation, redistribution or reuse (B) obscuring, removing
or hiding any or all of this notice and (C) exceeding query rate or volume
limits. The data is provided on an 'as-is' basis and may lag behind the
register. Access may be withdrawn or restricted at any time.

  REGISTERED no

DOMAIN

  NAME j-sec.co.uk

NSERVER

  NS2.UKDNSSERVERS.CO.UK 162.251.82.248

  NS4.UKDNSSERVERS.CO.UK 162.251.82.252

  NS3.UKDNSSERVERS.CO.UK 162.251.82.251

  NS1.UKDNSSERVERS.CO.UK 162.251.82.118

Mistakes

The following list shows you to spelling mistakes possible of the internet users for the website searched .