With the start of this blog I also installed Google Analytics just to see how it works and what data it collects. What surprised me is the fact that you can add any domain without any form of authentication. The only thing you need to do is add a piece of javascript to the site and add the domain to your profile.
Since most sites have a few XSS holes or other vulnerabilities which you can (ab)use to add this script, a scenario for corporate espionage or information gathering is easy to imagine ...
Am I just being paranoid or could it really be that simple ?
No comments:
Post a Comment