Cookies: Should We Really Like Them?

Friday, June 01, 2012

Ahmed Saleh


What are Cookies?

Cookies are small, mostly circular pieces of sweets, that are fun to... Oops Sorry!

Cookies are small, often encrypted text files that are stored silently on a user's computer. These files are designed to carry a little amount of data specific to a particular client and website.

Cookies are automatically created when a browser loads a website, allowing a server to deliver a custom made page to a particular user every time this user goes back to the same website.

Cookies Expiry Periods

imageThe expiry time of a cookie is assigned when the cookie is originally created. Some cookies are deleted or purged when the current browser window is closed (Session cookie), but others can be made to last for a longer period of time (Persistent cookie). Yet some can last for one year or even more.

Are Cookies Secure enough?

Internet security and privacy is of huge concern. Cookies do not in themselves present a threat to privacy, since they can only be used to store information that the user has volunteered or that the web server already has. But the existence of cookies poses an inherent risk of being abused

Cookies are NOT viruses, nor are they malicious; using a plain text format, they are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Unable to perform these functions, they are not classified as Malware.

However, breaches of browser security can allow tracking cookies to be placed. These cookies can be used to follow users from one site to another, forming comprehensive profiles. Users consider this to be a violation of privacy, and in the wrong hands this information can potentially be exploited for questionable purposes.

For that reason several anti-malware products flag cookies as candidates for deletion after standard virus and/or spyware scans.

Cookies can be exploited

Several malicious activities could be associated with the existence of cookies much like: Network eavesdropping, publishing false sub-domain – DNS cache poisoning, and Cross-site scripting. (More on these attacks in later posts)

Traffic on a network can be intercepted and read by computers on the network other than the originator (especially over unencrypted open Wi-Fi). This traffic includes cookies sent on ordinary unencrypted HTTP sessions. When network traffic is not encrypted, attackers can read the communications of other users on the network, including HTTP cookies as well as the entire contents of the conversations.

How to live with cookies

Due to the fact that many of the largest and most-targeted websites use cookies by default, cookies usage is almost inevitable. Websites like Facebook, YouTube, Gmail, and many others require the usage of cookies for best performance and presentation. Even search settings require cookies for language settings.

Here are some tips you can use to ensure worry-free cookie-based browsing:

  • Most modern browsers support different levels of cookie acceptance, expiration time and ultimately deletion. Change your browser settings “Cookie Settings” to your preference.
  • When sharing PC access, you should make sure to set your browser to purge browsing data every time the browser is closed.
  • Don’t use other's / Public wireless networks especially when communicating sensitive information over the internet.
  • Use Https rather than Http when available.
  • Use a capable and updated anti-malware software.
  • Routinely back-up your computer to prevent data loss.
  • Make sure your browser is updated: security patches are applied when you update your browser.

Finally you should acknowledge that Cookies are widely used and can't really be avoided. If you wish to enjoy your internet surfing experience by navigating to “cookie creating websites” you should have a clear understanding of how cookies operate, and how to protect them from being abused.

After all you are responsible of taking the necessary security measures to ensure your information security.

Cross-posted from Information Security illustrated website

Possibly Related Articles:
Information Security
Encryption Privacy Browser Security Security Awareness Vulnerabilities internet Cookies Tracking Data Collection
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.