Cookie Caper (Mirror Learning/NSF)
Hijacked Cookies
- Cookies can be hijacked when a user session is taken over by an attacker. A session starts when you log into a service, for example your banking application, and ends when you log out. - The cookie hijacking, also known as session hijacking, attack relies on the attacker's knowledge of your session cookie. If hackers can access your computer or your network, they can probably steal your cookies by using a Firefox extension called Firesheep. - Firesheep uses a technology to detect and copy cookies that are sent over a wireless network. As the extension discovers cookies, it creates a list on the hacker's computer. They can then simply click on the cookies, and the server is then fooled into treating the attacker's connection as the original user's valid session.
Removing Cookies
- Removing normal cookies is easy, but it could make certain web sites harder to navigate. Without cookies, users may have to re-enter their data for each visit. - - - Different browsers store cookies in different places, but the Settings, Privacy section — sometimes listed under Tools, Internet Options, or Advanced — is most common. You will find options to manage or remove cookies. - Before removing cookies, consider the ease of use expected from a website that uses cookies and weigh that against privacy concerns you may have.
Cookies
- Small files that contain small pieces of data — like a username and password — which are stored on a user's computer. - They exchanged between a user's computer and a web server to identify specific users. - This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next.
Third Party Cookies
- These cookies are generated by websites that are different from the web pages users are currently viewing. - Third-party cookies let advertisers or analytics companies track an individual's browsing history across the web on any sites that contain their cookies. - Some third-party cookies may be zombies. Zombie cookies are permanently installed on users' computers, even when they opt not to install cookies. - They also reappear after they've been deleted. Like other third-party cookies, zombie cookies can be used by web analytics companies to track unique individuals' browsing histories.
Session Cookies
- These cookies are used only while navigating a website. - They are stored in random access memory (RAM) and are never written to the hard drive. - When the session ends, session cookies are automatically deleted. - They help the "back" button or third-party anonymizer plugins work to help maintain user privacy.
Persistent Cookies
- These cookies remain on a computer indefinitely, although many include an expiration date and are automatically removed when that date is reached. - They are used for two primary purposes: authentication and tracking. - Authenticating cookies track whether a user is logged in and under what name. - Tracking cookies track multiple visits to the same site over time.
Cookie Risk
Because the data in cookies doesn't change, cookies themselves aren't harmful. The risk of cookies is in their ability to track individuals' browsing histories which can pose a privacy and security concern.
How to check for cookies in Chrome
Click Settings and under "Privacy and security," click Cookies and other site data. Click See all cookies and site data.
Protecting your personal information
One way to limit your exposure to hackers stealing your personal information is to actively manage cookies, clear cookies on a regular basis, and never store credit card information on a site. Deleting cookies does have one drawback however - you will have to re-enter passwords and personal information each time you logon to a website. This may be inconvenient, but it is also safer.
How to check for cookies in Safari
Right click on the web page, then go to Inspect Element. This will open the developer console. From the console go to the Storage tab and expand the Cookies drop-down to see the list of the cookies that the website uses.