Whipnet | Security | Phising Hole
Home
Web Hosting Services
Whipnet's Tech Services for Houston, Tx

Contact Whipnet

 

Business Consultations

 

Hardware Services
Software Services
Virus Removal Services
 

 

privacy protection

 

 

 

Computer Security | Phishing Hole in IEComputer Security - The Rebirth of Cookies

 

cookies can't be deleted

Deleted cookies; Can they sneak back and spy on you, again?


A browser cookie is a small data file written to your hard drive by most Web sites. Cookies typically contain such items as passwords, lists of websites you have visited, or the dates when you last looked at web pages on a given site. Web sites usually read the cookies they leave every time you visit in order to track user behavior in aggregate, and some of these sites use or sell that information for advertising. When you register at a site, cookies can make logging in later transparent / automatic, but they also enable a site to log every session under your name.

 

In truth, the "keeping track" part is most often a good thing, as it allows you to log in to sites with ease and also can save personal preferences about those sites, making them easier for you to surf on future visits. The bad part is that the cookies aggregate your surfing behaviors and provide data to advertisers which they can use to send those annoying ads back to your browser. Most people who complain about the data collection side of the cookie are often the people who complain that ads are stupid, obtrusive, and generally irrelevant.

What keeps cookies from being truly reprehensible is that, up until now, there have been multiple ways of blocking them. Cookies have also (supposedly) behaved well by not reporting private information about you, which leans towards a certain element of trust that cookies aren't going to go bad. That's has been the general opinion, at least until recently, a development from a company called United Virtualities has created a new concern for the cookie aware sufer.

The company has developed a product known as ‘Persistent Identification Element’. “PIE”, is geared towards advertising cookies and allows a web site to look for missing cookies, and replaces them from a backup in Macromedia's Flash Player called local shared objects. Yes, these cookies are placed on computer via those fancy graphics built in Flash. The good side is that Flash ads don't repeat too often; just often enough to get your attention and make you salivate for that burger / router / screensaver. The very bad, misbehaving thing is that it undermines your ability to delete unwanted cookies. Go ahead and delete all the cookies you want; United Virtualities can recover some of them.

Thankfully, Macromedia has posted notes on how to disable local shared objects, and defeat this avenue for the advertiser. Data can be deleted on a per-site basis, similarly to the way Firefox handles cookies, or you can wipe out all the locally stored data. Use of this technique will not affect the way your flash player handles or views Flash movies.

Fear Factor; Should the advertising industry find a way to get around consumers deleting cookies, they will use it. What's to stop them from getting around ways to prevent your personal information from being tagged specifically to you instead of aggregated anonymously? It's another cautionary tale that the Internet is still in its Wild West stage, and you need to keep your eyes open, and be careful what you click.

Cookie Management
Here is a suggestion regarding how to block cookies in IE and Firefox and also how to block the local shared objects in your Flash player:

Internet Explorer (Version 6.0)

  1. In Internet Explorer, go to the Tools menu and select Internet Options.
  2. Select the Privacy tab.
  3. Press the Advanced button.
  4. Select "Override automatic cookie handling."
    • First-party cookies come directly from the site you're visiting.
    • Third-party cookies come from an advertiser or other data-gathering company.
    • If you wish to accept all cookies, select Accept.
    • If you want to stop all cookies from ever being set, select Block. Be aware this will stop your ability to have sites remember logins and settings.
    • If you want the browser to ask you every time a site tries to set a cookie, select Prompt. This will probably drive you batty, considering the number of cookies that get set by sites.
    • Press OK, and OK again, and your new settings will take effect.

Firefox (Version 1.0.2)

  1. Go to the Tools menu and select Options.
  2. Click the Privacy icon.
  3. Click Cookies.
  4. To block all cookies, uncheck the box next to Enable Cookies. Be aware this will stop your ability to have sites remember logins and settings.
    • First-party cookies come directly from the site you're visiting.
    • Third-party cookies come from an advertiser or other data-gathering company.
    • To block third-party cookies, check the box next to "For the originating Web site only."
    • Whether you are accepting third-party cookies or not, you have the same options. You can choose to keep cookies until they expire, to keep cookies until you close the browser, or to have the browser ask your permission for each cookie. Asking permission for each cookie will likely drive you insane, given the number of cookies most sites set.
    • If you want to choose which sites you accept cookies from and which sites you don't, press the Exceptions button.
    • If you want to delete all or some of the cookies stored on your computer, press the View Cookies button.

You can find more information on cookies in Firefox at the Firefox help site.

Local shared objects in Flash Player
You can actually access the settings for your Flash Player through your browser. The Global Storage settings panel allows you to prevent any site from storing information in Local Shared Objects. The Web Site Storage settings panel lets you create a block list of which sites get to store local shared objects and which don't. You can also delete all local shared objects from this panel. You can get more information about Flash Player local shared objects from Macromedia's Web site.

 

Related:

Internet Cookies

Persistent Cookies

Pharming for Your Identity

Avoiding a Phishing Attack

FTC Shuts Down Spyware Web Sites

Phishing Flaw in Alternate Browsers

Hackers, Beyond the Browser

 

Security VulverabilityJPEG No Longer Safe for Viewing

 

HOME                                                          2002-2013 Whipnet Technologies