Archive for the ‘Life’ Category
Urchin, more commonly known as Google Analytics; is a web analytics software that measures many statistics and helps you to understand them by presenting the results in various ways. It’s also closely tied to Google AdWords now. But as it becomes more well known, people that are concerned about privacy and targeted advertising are blocking these services. Besides the obvious app-level content blockers, there are also HOST file edits to block the domain the Java Script file comes from.
If you run a web site and take care to study your statistics, using Google Analytics or not, you probably know that these sorts of measurements are often invaluable for site feedback. For example, if someone leaves a page as soon as they visit it, you know the page might need work in some way. So if we are reliant on Urchin, how can we assure ourselves we are reaching our entire user base?
There is an obvious solution that is also fairly easy, host your own copy of Urchin.js. But there are a few flaws with this, if the block is via the HOST file. The tracking image and other requests made to the server will be blocked any ways. The solution should be to make an A record pointing to the Google Analytics server. This way, users will send requests to the same server but via the domain you control. (e.g. urchin.myserver.net)
Often you will see “Waiting for response from google-analytics.com…” or something similar to this in your browser. So a mix of hosting urchin.js yourself and redirecting via a domain you control could also have an added benefit of speeding up loading of some pages. I know many sites I visit that use third-party tracking sites often take some time to finish loading. Which is a problem for me as I have Opera set to re-render after the page is loaded.
Plus, I’m sure users that run things like NoScript will be more likely to oblige to allowing stuff.trustedserver.com as opposed to Google. ;D
I was going to originally post about ideas for learning grounds for web application security. But the sla.ckers IRC(#slackers on irc.irchighway.net), pointed me first to OWASP. I realized this was quite a goldmine of information already, but it doesn’t seem too newb friendly, plus much of it seems to be theory more than direct examples. So then kuza55 reminded me of webappsecwiki.com. It’s pretty bare, but I believe we can turn this site into a more practical learning site. It’s already going in the correct direction in my opinion.
Anyways, enough my my dreams of grandeur, I am going to start getting back into web application security. Aside from the trusted third party whitelisting issues(otherwise known as XSSing YouTube Mods) I talked about in the #slackers channel, I have not contributed much lately. Things are yet again more stable in my life so I have time to do research and whatnot now. I’m going to start using WordPress.com again for various reasons. First, it’s easier than hosting my own, although it may incur some security issues, I’m sure it will be nothing major. Secondly, it’s already linked to by several people. It has some PR. So I hope to be able to contribute more soon!