10 Jun 2015
These Cookies are Anything but Sweet - By Carl Weiss.
It used to be that cookies were a sweet treat. But not anymore. That’s because everyone from search engines and media conglomerates, to advertisers and cybercriminals have learned how to use these tasty online morsels to sweeten their deal – regardless of what it means to you. If you are tired of getting the “Betty Crocker Treatment” every time you surf the web, feast your eyes on today’s blog where we will show you how to start counting calories online.
These Cookies Aren’t Baked by Elves
Between that date and the year 2000, virtually nothing was done to reign in, much less curtail, the ever growing legions of cookies. Worst of all, these prying I’s worked in the background, all but unobserved as they gathered information from computers at a dizzying rate. Fast forward to the present date and like the supermarket shelves, there are currently scads of different cookie brands that currently abound.
HTTP only cookie – These cookies can only be used when transmitted via HTTP (or HTTPS). These cookies are supported by the vast majority of web browsers.
Persistent cookie – These little devils do not expire when you terminate your web browser. They will continue to report to their master's every time you go back online. Also referred to as Tracking Cookies, these are favourites of the advertising industry.
Secure cookie – These can only be transmitted via an encrypted connection such as HTTPS. Many of the transactions that you make when you hit the “Buy Now” button on most eCommerce systems utilize these.
Session cookie – Employed by web browsers the world over, these morsels exist in temporary memory for as long as you use the browser. They are normally deleted when the user closes the browser, only to spring back to life the next time you surf the web.
Supercookie – Tracking technology does not necessarily need to rely on HTTP cookies. A supercookie is designed to be permanently stored on a user’s computer. This means they are more difficult to detect and eliminate. They function just like regular cookies in that they can be tasked to collect and report on everything from your browsing history, to ad-targeting data.
Third-party cookie – Normally a cookie’s domain matches the URL shown in the web browser’s address bar. However, the so called Third Party Cookies hide their true identity by appearing to emanate from a URL that is different from the one being displayed. Typically associated with adware, these cookies can be used to deliver ads that are concurrent with the user’s browsing preferences.
Zombie cookie – Just like the zombies made famous in “The Night of the Living Dead,” Zombie Cookies are tough to kill since they spring back to life even after you delete them. Their ability to rise from the dead is aided and abetted by a client-side script that has stored the cookie in multiple locations on your machine. When it detects that the cookie is no longer present (which will happen when you delete it), the script retrieves the cookie and brings it back to life.
Not only can cookies be difficult to eliminate, they also have long memories. If you have ever used a popular web browser to shop for products online you will notice that for days or even weeks afterward that ads concerning similar products will appear as if by magic. While such activities can prove annoying to the public at large, they can also have more serious implications.
More....
Risk of theft....
Of course, none of this stops cybercriminals from both using and hijacking information being compiled and transmitted by third-party cookies. Network eavesdropping is all too easy to accomplish when the information being transmitted isn’t encrypted.
Courtesy of www.x-services.nl
In cryptography and computer security, the man-in-the-middle attack requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel. One example is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones. This is straightforward in many circumstances; for example, an attacker within reception range of an unencrypted Wi-Fi wireless access point, can insert himself as a man-in-the-middle.
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Consider deploying - a consistent, corporate solution
Sitemorse offers clients the simplest and what could be considered the most efficient solution available to manage cookies. The service is probably the most widely used and has Europe's largest single corporate deployment with our largest clients using across thousands of sites.
Clients have a couple of lines of ‘code’ to include on their sites, managed directly or via 3rd parties. The code then automatically manages the site auditing, cookie categorisation and reporting (supported by one of the largest databases of cookies) with localisation delivering against language and country specific consent requirements. Service is available as a managed contract or a self service basis.