An exclusive gaming industry community targeted
to, and designed for Professionals, Businesses
and Students in the sectors and industries
of Gaming, New Media and the Web, all closely
related with it's Business and Industry.
A Rich content driven service including articles,
contributed discussion, news, reviews, networking, downloads,
and debate.
We strive to cater for cultural influencers,
technology decision makers, early adopters and business leaders in the gaming industry.
A medium to share your or contribute your ideas,
experiences, questions and point of view or network
with other colleagues here at iVirtua Community.
For the past 20 months, the Ministry of Defence has been generous enough to provide detailed information about visits to its Counter Terrorism Science & Technology site.
We're not sure, exactly, what to make of the logs showing some ofthe site's most popular pages and most prolific visitors. On the onehand, such details aren't exactly state secrets. Then again, whatpossible benefit can come from volunteering statistics that show thatthe Bulgarian IP address 85.187.138.185 was the top visitor for the month of March, having accessed 668 files for a total of 3.5 MB worth of data?
Until late last week, usage stats as measured by an analysis program called Webalizerwere freely available from April, 2006 through this month. We'reguessing the disclosure was not intentional, because the informationwas quickly removed about a day after MOD admins were informed of thepublic pages. (The information is still available in search enginecaches by using search strings such as http://www.ctcentre.mod.uk/usage/usage_200604.html, http://www.ctcentre.mod.uk/usage/usage_200605.html and so on.)
Besides showing top visitors, they list some of the site's mostpopular pages for each month. Last month, for instance, the CounterTerrorism site had just north of 15,000 page impressions ,and itsfourth most popular URL was this one relating to potential suppliers.
To be sure, disclosures such as these aren't likely to lead to thekinds of security nightmares that result when, say, a consultant"loses" a laptop containing personal information belonging to hundredsof thousands of individuals. At the same time, seeming innocuousinformation like this can be precisely the kind of fodder gathered infootprinting exercises, in which attackers learn as much as possibleabout sites they intend to penetrate. Loose lips sink ships, as thesaying goes.
"I think I can reasonably say that any conventional enterprise orgovernment entity most likely intends to have policies in place thatwould consider IP addresses of visitors to be information not intendedto be casually shared on the public internet," says security researcherRodney Thayer of Canola & Jones.
The MOD is by no means the only website that has made its Webalizer logs available to the world. Running this search reveals tens, possibly thousands, of sites that allow anyone to view usage statistics. NASA, the US Army and a UK Hospital are among them.