Cookies A Threat To Your Privacy
Do you wonder what is cookie all about and how it threatens your privacy ? Let’s take a deeper look.
A cookie is a text string of information that is sent by a website to your web browser and stores it to your hard disk so that the website will remember who you are.
Figure 1.0 shows how web browser request the web page to the server and how cookie is carried in the communication.
Cookie by itself is just a piece of information and not a program code. It is not capable of harming user’s computer, and they cannot act as a virus or worms. Cookies are created and used to allow server to store and retrieve state information. However, this small text file is rich in information, which may include your IP address, user name, email address, password, preferred language, shopping cart items and any strings that can be linked to your identity.
There’s a privacy issue if the cookie is stored in users’ computer without his/her knowledge or consent and this also includes affiliates or third-party cookies.
Figure 2.0 shows how a third-party ad server tracks users’ browsing habits and preferences to deliver a personalize advertisements.
Also, this privacy issue has been discussed in RFC2965 – HTTP State Management Mechanism.
So, what does it mean ? This means, websites that serves cookies without informed consent violates users’ privacy.
Security & Privacy
The cookie header and content are readable or in clear text format. Any sensitive or identifiable information is vulnerable and exposed to threats whether it is a malware, packet sniffers, cookie hijackers or another user of that pc.
Check your cookies and see how much personal information are stored.
– Go to Preferences and click Show Cookies.
Mozilla Firefox Users
– Go to Tools, Option and Show Cookies.
– Go to Tools, Internet Options, General tab
– In Browsing History click Settings, View Files.
Persistent cookies does not expire soon enough even after the user ended the session. Thus, the website can build information or profile your browsing activity and preferences over time.
Cookie poisoning simply means performing unauthorized modification of the values stored inside the cookie. This can be easily done using tools and information available from the internet. Most websites stores persistent, non-secure cookies while some are secured but still there are web site that employs poor encryption that could be easily decoded.
A good example is performing tampering attack to a shopping cart to change the total shopping value to a huge discount.
Worms – Mass-mailing worms such as NetSky and Lohack is capable to search and harvest email address to all .TXT files and this includes users’ cookies.
Trojan – Banking related trojans are usually capable of stealing users’ cookies.
Backdoor – There are backdoor that steals cookies associated to ebay, paypal and banks.
Exploit – This is usually employed using cross site scripting exploit, where a malicious user injects a code to a legitimate vulnerable website. So, all visitors of that website will get redirected where a malicious cookie stealer script awaits.
A malicious user could use the stolen cookies to impersonate or steal user’s identity online.
Phishers – URL links that are spammed through emails, blogs, messengers and forums may also link to a malicious cookie stealer sites.
Cookie is just a small piece of information but if it contains your identity, it is something that you should care about. Stealing information usually happens in background, it means without your knowledge. Cookies are harmless by itself, but the threats that surrounds it are out there in-the-wild. Malicious and exploited sites are everywhere and your cookies is always at risk.
For safety, everytime you input information online whether you are checking your email, doing net banking or shopping, you should always check your cookies and delete them together with your browsing history. There are available tools online that can help you perform this task as well.
Get informed and stay safe!
Pictures of the Day
|Scott on How to Remove Starfield|
|Ratan on Summary of ASF File Speci…|
|loewenherz.cc… on Summary of ASF File Speci…|
|N. Cheatham on Analysis of OSX Starfield|
|Rudolf Jockers on Just a note…|
- October 2011
- July 2011
- February 2011
- January 2011
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- January 2010
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007