Cookie is a text only strings which is sent by server and stored into yours pc and reports backs to server (when server requests it) when you acess it again, to detect that you have been in site before. (HTTP cookies are used for user authentication, user tracking, and maintaining user-specific information (preferences, electronic shopping cart, etc.)
Some Missconception
- cookies are like worms and viruses (they can erase data from the user's hard disks);
- cookies are a form of spyware (they can read personal information stored on the user's computer);
- cookies generate popups;
- cookies are used for spamming;
- cookies are only used for advertising.
Cookies are data, not code: they cannot erase or read information from the user's computer.
Cookies can be used for targetted advertising and gathering alot of user info.
Cookie Theft
In particular, scripting languages such as JavaScript and JScript are usually allowed access to cookie values and have some means to send arbitrary values to arbitrary servers on the Internet. These facts are used in combination with sites allowing users to post HTML content that other users can see.
As an example, an attacker running the domain example.com may post a comment containing the following link to a popular blog they do not otherwise control:
Quote:
| Click here! |
This type of attack is difficult to detect on the user side because the script is coming from the same domain that has set the cookie, and the operation of sending the value appears to be authorised by this domain. It is usually considered the responsibility of the administrators running sites where users can post to disallow the posting of such malicious code.
No comments:
Post a Comment