What are Cookies? Cookies are tasty, sweet and I have them daily in the evening with my coffee. Well, if that’s the cookie you think we would cover today in our article then you my friend are at the wrong place.
Today we will discuss about Internet cookies and their importance from a security view point. An internet cookie is not the complex beast that has been made out of it by media, online publications and other websites.
In its simplest form a cookie is just a text string that any server stores on the user’s local storage (hard disk) just to be retrieved later. All the information in cookies is stored in the form of name-value pairs.
Those people who use Internet Explorer to surf the internet can easily browse their cookies using the Windows Explorer. Mostly the cookies are located at
C:\Documents and Settings\User name\Local Settings
or a similar directory inside the system32 folder on the C drive. Other browsers store their cookies inside their installation directories, some of the common ones are:
Cookie storage location for Chrome –
C:\Documents and Settings\<user name>\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies
Cookie storage in Firefox is done in a text file which contains all the cookies. They are stored in this location :
C:\Documents and Settings\Windows login/user name\Application Data\Mozilla\Firefox\Profiles\profile folder
A cookie can store relatively less data to large amounts of data. The simplest of cookies store just a simple user id. While relatively complex cookies store a user id, separate session id, time for session initiation and a lot of other values which could include your login data and maybe other relevant information too.
What are Cookies and their importance in security:
Misconceptions about cookies:
One common doubt about cookies is that they can use our system or work as an application but it is not true. Cookies stored on our system can’t draw information from other cookies. They are just in place to be retrieved by the web server to communicate with the current activity status of the user. Any website can retrieve only the cookies that it has created on our system.
The different types of cookies:
Cookies are of two different types based upon their nature.
A cookie can be either:
1.) Session cookie: A session cookie remains live until the user closes their browser. A session cookie stores the current information of the user such as main user id. Apart from this a session cookie has a very limited life and expires as soon as the web browser is closed fully.
2.) Persistent cookie: A persistent cookie is one which stays on the system even after closing the browser. Persistent cookies can only be deleted manually or after they reach the set expiration time which is assigned to them. Once these cookies expire then the user has to generate fresh cookies with the required levels of authentication.
3.) First party cookies: These cookies are generated from the same site that we are currently on. They store relevant user data for making the surfing experience personalized and easy.
4.) Third party cookies: These cookies are often generated by advertising websites (like the doubleclick dart cookie by Google), they track user’s activity across pages in order to show them targeted ads. While this may seem like a breach of privacy, it’s still acceptable as highly sensitive data is not tracked.
Threats from cookies:
With the rise in malicious programs and adwares, malwares the risk from rogue cookies is much high these days.
Malicious cookies can track our online activities and they build a web profile of the user based upon the surfing habits and pages visited by the user. But most of the users with good antivirus and firewall programs should not worry about such malicious cookies as they will be automatically flagged before causing any damage.
What are Cookies and their importance in security
What is cookie stealing?
Cookies are used to store session data and sometimes important information like login data etc is accessible through cookies stored in a user’s system.
Cookie stealing is essentially exploiting a computer session (the session key) for obtaining access to web services on a user’s system or information stored on it.
Cookie stealing can be done via various methods, few of which are:
1.) Cross- site scripting: This involves running code on the user’s computer by fooling it to accept it as coming from a verified source. This allows the person initiating the stealing to get a copy of the cookies on the user’s system.
2.) Session key stealing: An attacker who has physical access to a system can steal session key by having access to the file system on the user’s computer or the appropriate server.
3.) Using packet sniffing (session side jacking): Packet sniffing can be used to read the traffic between two different information systems for stealing the session cookie.
4.) Session fixing: This involves manipulating the user’s session id to one that is known to us by making them click on a malicious link containing our desired session id. Then once the user logs in, we get the sensitive information.
What are Cookies and their importance in security
So guys this was everything you would need to get started with cookies, cookies are fun. They are everywhere on the web and they can steal your private information when not taken care of.
So, did you learn something new? Want to ask something or have some questions then tweet to us @Inspire2rise to move this conversation forward!
Keep visiting for more such awesome blogging tips, internet tips, lifestyle tips, and remember we cover,
“Everything under the Sun!”
Stay Inspired to rise fellas!