Since cookies have become an integral part of browsers, and one of the most important applications used by many website programmers, they are a feature and service of the HTTP protocol Through which site programmers can track the user by monitoring information about him, which are text files on the user’s device that contain information about the user and are read by the browser.
Cookies are of two types: temporary cookies for a certain period and then deleted, or permanent cookies that the site uses every time the user enters the site to learn more about it, knowing that it is possible for cookies to breach your confidentiality, and the privacy of your data online without your knowledge, and it is also possible to One file is the deepest and most sensitive information, so you can imagine if a file containing the e-shopping card number was stolen.
Some also spied you by planting such files that record what you do on your browser as a person chasing you with a camera hidden to record a video clip about you without your knowledge, and that some of the attackers ( AttackersExploit the cookie vulnerability plaguing browsers with so-called ( cross-site cooking)) To be able to read cookies that he did not create.
What are cookies ( the Cookies)?
They are text files that the browser creates from some websites requesting these files using the http: HyperText Transfer Protocol.(It contains encrypted user information that is saved on the user's machine and not on the web server) (].
What is the http protocol Why is it used in cookies?
Simple definition of http: It is the current protocol for linking websites to users, and transferring data, information, pictures and files, and it is used in cookies for the ability to track the user in it.
An example of an identity cookie ( identification):
The most common cookies and is used a lot in forums to save your login information on the forum (your identity), if we assume that somebody has a membership in Forum (x) then automatically once you open the forum page (Q) from somebody's device, we will find that the forum (Q) got to know somebody and showed a message Welcome (Welcome back, somebody), and he did not ask for a username or password, but on the condition that the forum page (x) had already been visited with somebody’s membership and entering somebody’s username and password.
What are cookies useful for?
Asking the user for his name and password every time he logs onto the site is a tedious way, and the user may hate to enter the site because the same data must be entered every time.
Cookies are a feature that made it easier for the user to recognize the user as well, to identify the operations that he performed on all the pages of the site, for example: If we assume that somebody entered a commercial site offering some goods and chose a commodity (o) on a specific page, if somebody moved to another page, then it would remain a commodity (Q). ) Added to your shopping list; Because all the information is saved in cookies, in addition to that, cookies save what has been modified on the layout of the page itself, so if you change the page colors to suit your taste, the changes will remain every time you enter the page.
Once the user logs on to the site, the browser is searched for cookies for the site itself. Cookies reduce the burden on the user to enter a username and password every time, and they also made it possible to save other information about the user such as: device type, operating system type, .. Etc.
What are the risks of cookies?
Cookies are text files that do not contain any code, so how can they harm them ?!
In fact, these files do not harm the device itself, but on the opposite side of the benefit of cookies there are many risks and threats that may be contained or exposed to these files that may lead to breach of the confidentiality of user data. Here we will list the risks that have been raised about cookies:
1- Spy cookies:
Since cookies save valuable information, it is sensitive, such as: device type, IP number (A number assigned to your device to distinguish it from other devices when you connect to the Internet), the most visited site, and it may have come down to tracking your secret numbers, your credit card number and what you enter on the keyboard that completely violates the privacy of the user without his knowledge.
Therefore, some took advantage of that point. As soon as you visit a specific site, cookies are created on your computer through which they are spying on your computer, so you can imagine how dangerous these files are when they are used in this way.
Suggestions: It is forbidden to save and delete cookies, but you will have to identify yourself every time.
Steps to completely prevent cookies from being saved and read for Internet Explorer):
From the Control Panel(<< Network and Internet) >> Go
To Internet options) << from the Privacy tab ( Contact Us) << Move the privacy control button up until you reach the maximum limit that prevents all cookies from being saved on your device ( Block all cookies<< Then press OK.
You can go to Internet Options From the same browser from the Tools menu<< Internet Options).
Note: Under this option, even if you have previously saved cookies, the browser will not be able to read them.
Steps to delete cookies:
To begin with, if we only want to enter the cookie folder, we will follow the following steps:
Go to Start) >> run ( the Run) >> Write Cookies >> Select OK, you will directly enter your cookie folder.
Delete cookies from your browser:
A- Steps to delete cookies from Internet Explorer):
After opening Internet Explorer,>> From the menu select Tolls>> Select Internet options) >> Select the General tab ( General(>> Select Delete) Deletes) >> Choose OK >> After that will open a new window of them choose Delete cookies ( the Delete the Cookies) >> A confirmation message will appear, choose Yes
Note: You can delete all cookies and files saved passwords and also files history ( the History They are files that keep track of all the websites that you have visited during the past days.
If you are a user of Fire FoxYou must follow the following steps:
B- Steps to delete cookies from Fire Fox):
After opening Vairvks ( Fire the Fox>> From the menu select Tools>> Choose Options) >> Select the Privacy tab ( Contact Us>> Select Remove individual cookies(>> Choose OK << Another window will appear showing all the cookies that Firefox has saved, and you can delete whatever files you want by using the ( Remove Cookie ) option.) Or delete all cookies via the ( Remove all Cookies ) option).
2- Ease of modification to cookies:
Also, the risks of cookies are easy to obtain and modify, as they are saved on the user's hard drive and in the form of a txt text file This provides an opportunity for modification by any user of the device, whether with the intention of spying or by the user himself accidentally modified them unintentionally. The ability to open cookies and steal passwords This means the possibility of impersonating you with those sites, and the most dangerous of which is theft of your credit card number.
3- The ability to read cookies from other websites ( Cross-site cooking):
As a general matter, no site should read any cookies for another website.
But one vulnerability in browsers opened up room for so-called cross-site cookingThis allows the sites to read and modify cookies belonging to other sites, for example: if the site is www.parent.org It has cookies saved on your device and entered the www.child.org website The browser will search for files named child-orgIf it does not find it, it can obtain the parent-org cookies].
Therefore, we find that the confidential information is encrypted in the cookie files, but this method does not give us a final solution because even the encryption can be decrypted. We see that some hackers took advantage of this negative point and created suspicious websites that read the user's cookies.
Also, this point is used by some advertising companies to obtain user-specific information, which breaches the user's privacy without his knowledge. If we assume that the attacker ( Attacker He was able to access your device and modify the cookies to become his page www.attacker.com It is the home page of your browser, so it can read cookies on your device and obtain information such as device type and device number ( IP).
Suggestions: Filter the websites that can save cookies on your device through the internet options on your browser.
Steps to filter websites that can store cookies. Internet Explorer):
From the Control Panel(<< Network and Internet) >> Go to Internet options << ( Internet options) Of the Privacy tab ( Contact Us<< Select Sites(<< Block suspicious websites from the block) To prevent it from saving cookies << After that, press OK.
Conclusion:
There must be an awareness of the user about any risk surrounding his privacy, and cookies have become storing a large part of the privacy of the user, so he must make sure to whom you send and who can access this information, I tried to show the types of risks surrounding cookies, including: defects of the same browser and without that Also, the user should always try to delete any trace that might be used to track it or violate its privacy.
read also : Virtual Machine
Comments
Post a Comment