Cookie monster


They may seem innocuous, but cookies have a dark side. We show you how small files on a PC disseminate personal details, often without your knowledge

I have never been very happy with any cookies that haven’t come from a jar. I’m not talking about first-party cookies, the type set by the site you are visiting to enable it to operate more efficiently. I’m more worried about the third-party cookies that advertisers and analytics companies use to monitor your browsing habits and to show targeted advertising that is often annoying and not at all what you want to see.

The fact is that unless you have altered the advanced settings on your browser, these small text files are stored on your PC without your knowledge and report your movements around the web, to the advantage of a growing number of companies. In my view, this is a privacy issue and almost sinister in its execution. I’m not the only one who thinks this way, either.

You may have noticed that when you visit websites, you are notified that the site uses cookies. In some instances, you are required to agree to their use and in others, your continued use of the site is considered an implied agreement to accept these cookies. This new notification has come about as a result of the EU Privacy and Electronic Regulations Directive, which in the UK is administered by the Information Commissioner’s Office (ICO). These regulations came into force in May 2011, with the ICO giving companies a grace period of one year to implement them, hence the proliferation of notices on so many websites.

The idea is that we, the users, are made aware of which cookies are downloaded to our machines, and are given information as to what they do and how they are used. So far, so good, but on closer examination many of the policies show an abdication of responsibility for the actions of third-party cookies set by other companies such as banner advertisers.

COOKIE MIX

So what are cookies? A general non-technical explanation is that they consist of a small text file with ID tags, stored in your browser history or in a program data folder on your hard disk. There are two main types of cookies: session cookies and persistent cookies. Session cookies are created temporarily in your browser’s subfolder while you are visiting a site. Once you leave the site, the session cookie should be deleted. Persistent cookie files stay in your browser’s subfolder and are activated again once you visit the site that made that cookie. A persistent cookie stays in the browser’s subfolder for the duration period set within the cookie’s file, and during this period could be used to track your every online move.

Looking at some of the cookies that have been set on my own machine, this expiry date can be anything from three months to, in one case, 10 years. The reason I’m discussing cookies, which aren’t necessarily or even usually malicious, is because I feel that knowledge of just what is going on with your PC is paramount for your computer security. If you value your privacy, a few changes to your browser settings will usually be all that’s required.

Using Chrome as an example, if you go to Settings, then Show Advanced Settings, and click the Content Settings button in the Privacy section, you’ll be able to manage how cookies are set and stored on your machine. You also have the option to clear all cookies that have been set. Click on a cookie and have a look at the cookie’s expiry date and which company set that particular file.

All other browsers have similar options. I have disabled all third-party cookies in my browser, and have also set it to delete all cookies when I exit the program.

YAHOO! SERIOUS

So why have I got a bee in my bonnet? Well in my opinion, this is yet another example of the exploitation of the unwitting by large corporations who hide their actions and make money from the very people with whom they should be transparent. The danger of this exploitation is the reason for the EU Directive and the ICO regulations. On an even more sinister level, these seemingly innocuous cookies can be used by cybercriminals.

A successful attack on Yahoo! was reported in February by security researchers who found that an email spam campaign had been constructed that featured a message stating “check out this page” and included a shortened bit.ly link. If clicked, the link directed the victim to a website masquerading as the MSNBC news site, which contained an article about how to make money while working from home. The article related to a scam, but this was just the tip of the iceberg.

Running in the background was some JavaScript code that exploited a vulnerability in the Yahoo! Developer Network, resulting in the victim’s session cookie being read and sent to a criminal server operated by the attackers. This was used to access email accounts and send out spam to the victim’s contacts, increasing the risk of one of these contacts clicking the link. The result was further email compromise.

Yahoo! was swift to act and the vulnerability was fixed, but this event shows how cookies can be exploited. Generally, they are little more than a safe way to make your browsing experience more efficient. A tweak to your browser settings may give some valuable extra peace of mind.

1 comments :

Click here for comments
Anonymous
admin
Thursday, July 04, 2013 ×

Hey there, I think your blog might be having browser
compatibility issues. When I look at your website in Chrome,
it looks fine but when opening in Internet Explorer, it has
some overlapping. I just wanted to give you a quick
heads up! Other then that, great blog!

Feel free to visit my blog post ... http://www.firstload.com/affiliate/log.php?log=52076

Congrats bro Anonymous you got PERTAMAX...! hehehehe...
Reply
avatar