By entr0py
Section 1 - Introduction
Whenever you visit a page in the Internet you are always sleuthed by the Dark Shadows of the Webmaster. They sleuth you by the means of a simple text file called as Cookies. I am not talking about those flat sweet cakes. These cookies are very dangerous because whatever you do, whenever you do, they follow you everywhere...
Section 2 - What exactly is a Cookie?
Cookie is an extremely small piece of information transmitted by the Web Server to your system, so that it can retrieve your personal information from that particular browser. It is usually saved in the browser's temporary directory. It is usually stored in the memory of the system. Cookies can only tell whether you have visited the page before or not. It is sort of a counter which stores important data in a minuscule file. Cookies are indisputably the most authentic way to acquire information about an Internet user. Cookies are often used as password grabber. What I mean to say by this is that cookies are often used for storing password, so that you don't have to type it off again and again.
Section 3 - Where do I find Cookies?
Cookies are found easily in all the major web browsers like Firefox, Internet Explorer and Netscape. You must know the storage basin, to access the cookies spitefully. Okay, so I have listed the areas of the storage below:
- Internet Explorer: Tools - Internet Options
- Netscape 4: Open the file cookies.txt in your favorite text editor like Notepad or Wordpad.
- Netscape 6: Edit - Preferences, select privacy and security, then select view stored cookies
- Mozilla Firefox: Options - Privacy, click on Privacy tab and then Cookies. Click on View Cookies, to view them one by one.
- Mac: Cookies on a MAC are commonly stored in "Magic Cookies" folder.
Whenever a cookie is set in your system, the information extracted from them is supposed to direct the browser of the domains approved by the specific cookie. When you open a cookie you get loads of information about the user who browsed the particular website, which transmitted a cookie in the system. Let me give you an example to show the typical data you will get when you view a cookie file:
Name: yahoo
Content: z=zBs9EBzHB.EBTt5g--&a=AAE&sk=DAA8Vv0fUjh6er&d=c0E-:203.156.22.11
Domain: yahoo.com
Path: /
Send For: Any type of connections
Expires: At end of session
In the above example you can clearly see that I am visiting Yahoo. The content is a multifaceted code, which can be easily exploited. You can also see my IP address has been stored.
Section 4 - Varieties of Cookies
There are just two major types cookies, which invades your system.
- Advertising Cookies
Cookies are sometimes saved through Advertisements. You must have seen loads of pointless advertisements present in a website. The basic mechanism of the invasion is quiet straightforward. Just before the Advertisement loads, a text file sets itself in your system. It garners useful information about your surfing habits, so as to match them with their portfolio. It also lets them count the number of visits.
A typical advertisement cookie would be like this:
Name: TZID
Content: 2087143250694530103
Domain: .ad.uk.tangozebra.com
Path: /a
Send For: Any type of connections
Expires: At end of session
- Forum Cookies
Cookies stored by Web Forums are the most precarious variety of cookie because a few amendments of data can lead to a major invasion of privacy. The most vulnerable vendor is phpBB; it can be harnessed easily via modules available in the Internet. I may say that vBulletin is the most unassailable Bulletin Board System.
A typical forum cookie would be like this:
Name: sb_netsec_ccip
Content: a%3A2%3A%7Bs%3A9%3A%22Anonymous%22%361%3B%7D
Domain: forums.securitybay.org
Path: /phpBB
Send For: Any type of connections
Expires: At end of session
Section 5 - What are Cookies used for?
Cookies have acquired as an insecure form of data depot because of its propensity of storing passwords and other personal information. They are also used for saving preferences of the homepage. A malicious use who has an access to the cookies can easily decipher them to gather information about the legitimate user. He cannot just open the file and get the information. He has to access it by a Cookie Grabber and then edit the codings to get fruitful results. Cookies have some advantageous uses too. Site Surfing is the most advantageous use of Cookies. Suppose you are visiting any site like Rediff. You don't want to check all the offers presented by them. So, after denying it, you will not get it until the cookie expires. You must have also seen the innovative implementation of a new option called "Remember Me" in forums and mail sites. This makes your surfing much more hassle-free than usual, but yes, it is quite dangerous as it can be exploited very roughly.
Section 6 - How do Cookies Function?
The functionality of a Cookie isn't complex. They are very straightforward to understand. Here is an example of a cookie, which I am going to elaborate profusely:
Set-Cookie:TZID=VALUE;
Expires= At end of session;
Path=/a
Domain= .ad.uk.tangozebra.com
Now, let me elaborate the above script set by the cookie:
TZID=VALUE
This thread is a series of characters, there is a requirement to emplace data like name or the specific value. There is some encoding required for the above script. Encoding like URL style %XX is suggested.
Expires= At end of session
This feature defines a specific date thread which validates the time of the cookie. When the expiration date is attained, then the cookie becomes unusable.
Path=/a
This feature is used to define the division of the URL in a specific domain. If the path is not given, then it is assumed that path is the same document positioned in the header of the cookie.
Domain= .ad.uk.tangozebra.com
This feature defines the specific domain from which the cookie has been stored.
Section 7 - Getting Rid of Cookies
Invalidating Cookies
In Internet Explorer 6, go to Tools, then Internet Options and then click on privacy. Then slide the bar to whichever point you are satisfied. When you are contented, select OK or Apply.
In Internet Explorer 4 and 5, go to Tools, then Internet Options, after that Security. Choose Internet, and then click on Custom level. Scroll down to Cookies and pick Disable.
In Netscape Navigator, go to Edit and then Preferences. Choose advanced, check "Disable Cookies" and press OK.
NOTE: Some sites like Yahoo! Require cookies.
Deleting Cookies
Internet Explorer 5: Just open the folder C:\Windows\Temporary Internet Files\Now, you will see some text files, select all of them and delete them.
Internet Explorer 6: Go to Tools, then Internet Options, Press "Delete Cookies" and press ok.
Netscape 4: Open the file cookies.txt using your favorite text editor and delete the objects.
Netscape 6: Go to Edit, then Preferences, then select Privacy and Security, then click on View Stored Cookies. Choose "Remove All Cookies".
Section 8 - Cookie Hijacking
It is the law of the computing nature that cookies can only be read by the domains which created and stored it. Quite a few exploits has been initiated to allow cookies to be managed. Let me intricate one exploit, which is a very popular exploit used by malicious attackers. In this exploit, the attacker can access anyone's cookie by simply knowing the cookie's name and supplementing three dots in the domain panel.
www.anysite.com.../getcookie.cgi
The three dots affixed after the domain name can trick the web browser. The web browser won't recognize the origin of the cookie. It won't know whether it is from the supplicant or it has been approved to read. If the cookie is read by malevolent attacker, then he will surely use the cookie to emulate the legitimate user. So, Cookie Hijacking can be defined as when an attacker steals a cookie of a legitimate user and emulates malicious operations. Cookie Hijacking can be so potent, that it can even trounce SSL. What happens is that whenever a secure connection is instituted and the same connection is connected to another unsecured website, then the cookie becomes unencrypted and thus it can be penetrated easily.
Security Note: Microsoft released a patch to prevent cookie hijacking from IIS servers. You can get more information by viewing Security Bulletin MS00-080.
Section 9 - Cookie Spoofing
An attacker can easily utilize legitimate user's cookie to impersonate as the user on a specific site. As I have earlier told you that an attacker can acquire cookie via cookie hijacking. But, imagine if the website which stored the cookie has infixed password information in their cookie! The attacker can easily infiltrate any website by the means of the legitimate user's cookie as he can gather fruitful information from the cookie. This may comprise password information, credit card information, and personal information like phone number, residence address etc. Let me tell you that hijacking cookies can be potentially strong, but hijacking session cookies is one of the most powerful attacks because it gives you a fuller access to a specific websites. To prevent these attacks, one must be aware of the threats. Secondly to repress the usage of session cookies, the webmaster should reduce the session time of the cookie, like if the expiry of these cookies is 30 minute, then the webmaster should reduce it to 15 minutes. Thirdly if you can encipher the cookie or affix a Message Authentication Code to the footer of the cookie. Cookie Spoofing is one of the easiest to practice, but it can be precarious if altered maliciously. Like, if you hijack a cookie and adjust your cookie, so that it shows the hijacked cookie, then you can enter any website by the means of the hijacked cookie. Once you enter you can infuse malwares in the web server. Well I don't encourage crime, but I am just describing you what an attacker can do if he gets an access to your cookies.
Section 10 - Conclusion
Okay, now let me tell you that staying anonymous on the web is almost impossible. It is not an automated process of getting tracked; it is the malicious usage of cookie. A delicate alteration of a cookie can lead to many problems. So it's better to be aware of the threats, so that you try your best to prevent these attacks. Don't wait, just act fast because these attacks are going to be more and more potent and destructive.