#BeAware: Cookies

3. July 2019

On almost every website, banners and overlays point out that this specific website will save Cookies. But what exactly are Cookies?

Cookies are text files created by the website/the browser that are saved locally on the computer. Since a file in this format cannot be used to execute code on its own, the file itself is harmless.

However, Cookies are the “memory” of the webseite. They have been designed to recognize the user and individualize his or her browsing experience by, for example, saving website settings and/or the shopping cart. They are also used for personalizing ads or for showing content which had been clicked on before. Furthermore, if you don’t explicitely log out of a website, you stay logged in. That fact is critical, especially when using public computers, because the next person using the device can access the previous user’s account.

Some Cookies are a concern because they follow and save surfing patterns over several websites or sessions. As a result, detailed user profiles can be created and used for advertising purposes.

There are some technical possibilities to stop or at least restrict tracking via Cookies:

Delete Cookies (existing Cookies will be deleted completely or for a specific time period)

  • Internet Explorer: Internet Options > General > Browsing history
  • Chrome: Settings > Open Advanced Menu > Privacy and security > Clear browsing data

Deactivate Cookies (as a result some websites might not load correctly)

  • Internet Explorer: Internet Options > Privacy > Settings > Move the slide control to the top “Block all Cookies”
  • Chrome: Settings > Open Advanced Menu > Privacy and security > Site settings > Cookies > deactivate “Allow sites to save and read cookies data”

Cookie whitelist (you can manually add websites to allow them to save Cookies)

  • Internet Explorer: Internet Options > Privacy > Settings > Sites
  • Chrome: Settings > Open Advanced Menu > Privacy and security > Site settings > Cookies

About #BeAware:
We all know them from our daily work: security tips, the latest virus reports, horror stories from the world of cyber security. With #BeAware, usd security awareness experts would like to help you understand these messages. The articles highlight relevant IT security issues and the most common methods used by hackers and criminals, and give tips on what anyone can do to protect themselves and their company. For more security.

Also interesting:

Software Security: Requirement and Threat Analysis

Software Security: Requirement and Threat Analysis

In practice, it is not an easy task for manufacturers to continuously integrate a strong security mindset into complex software projects. In our blog series, Stephan Neumann, Head of usd HeroLab, and Torsten Schlotmann, Head of PCI Security...

Security Advisory for VMware Workspace ONE Intelligent Hub

Security Advisory for VMware Workspace ONE Intelligent Hub

Our usd HeroLab pentesters have identified a vulnerability in VMware Workspace ONE Intelligent Hub software while conducting their security analyses. It is a Hidden Functionality / Backdoor (CWE-912) and affects the versions 21.01.0.24 (Android) and 21.01.0 (build...

Security Advisory 11/2021

Security Advisory 11/2021

The usd HeroLabs pentesters have identified vulnerabilities in various products of well-known manufacturers while conducting their security analyses. These include the CVE database from the open source software company SUSE, an appliance from Sophos that is used in...

Categories

Categories