How can Cookies be a threat?

Cyber SecuritySafe & SecurityAnti Virus

The Internet is unquestionably the finest source of information regarding items, stores, customer complaints, user experiences, and so on. Companies employ cookies to try to pique users' interest in browsing and give the best experience possible.

  • Lon Montulli is credited with inventing cookies in 1995 for the Netscape Communication Corporation.

  • The term "cookies" comes from the programming phrase "magic cookies," which refers to exchanged data across programs.

  • http cookies, browser cookies, and web cookies are all terms for cookies.

What are Cookies?

Cookies are little text files a web server stores on a user's computer.

  • This text file includes information in the form of a name-value pair that a website may get.

  • This one-of-a-kind variable is used to differentiate between various users who are attempting to access the system.

  • Only the website that originally set the cookie may retrieve it.

  • Some cookies additionally include unique session identifiers and a time value.

Why Do Cookies Exist?

A cookie is a very small text file that stores the current state on the user's computer. This information may be obtained by the website to determine the current condition of the website. A website can deduce that the user has already visited by glancing at the cookie's ID field.

  • A website's hit count is determined by the unique id assigned to each user. A website may, therefore, uniquely identify the number of visits by utilizing cookies.

  • Cookies may also be used to classify repeat users and track how many times a single person sees the page.

  • Cookies can record preferences and settings, and this information can be used to recall user choices and create customised experiences for specific users. When it comes to e-commerce sites, the unique ID can be utilised to create a user's shopping cart. A user can add things to a shopping cart, and this preference, together with the unique id, is saved in the site's database. When the same user returns to the site, the unique id from the cookie may be utilised to obtain that user's buying preferences.

  • Cookies are also used by websites to measure how much time a user spends on the site and which links the user hits. Furthermore, Cookies can also be used to remember a user's personal preferences and colour settings.

How Does YouTube Use Cookies

Consider the case of YouTube, which is owned by Google. YouTube utilises cookies to assess user preferences and personalize user results based on that information.

  • When a person first views YouTube, he or she will be presented with a random number of results.

  • After one or two views, the user establishes a preference, which is saved in the user's cookies.

  • When the same user logs in again, YouTube might utilise this cookie to find videos that are similar to the user's preferences.

How to Securely Manage Cookies and Browse

Given the nature of cookies and their possible privacy implications, it's crucial to think about how they affect your personal security. As a result, here are some helpful hints for maintaining your online privacy −

  • Check the privacy options in your browser − If you'd want to disable some or all cookies, go to Settings > Privacy on your browser (or similar, depending on the browser). However, deactivating all cookies may have a significant impact on your browsing experience, especially if functions that rely on them are broken.

  • Remove all cookies from your computer − To be secure, you may delete cookies on a regular basis, which will clear any browser tracking and customisation attempts. However, you will have to re-enter your login information if necessary, which may be inconvenient.

  • Using a proxy server is a good idea − VPN to surf anonymously. Cookies are kept on a distant server rather than on your machine in this situation.

  • Browse in a secure environment −Alternatively, you may surf in Incognito mode using browsers like Google Chrome, which prevents websites from using cookies. However, many functionalities may be affected, making it more difficult to traverse a page.

Finally, stay away from dubious websites (pay attention to any browser warnings) and keep your browser up to date. You might be subject to malicious attacks if you use an older version. As a result, it's a good idea to update your browser on a frequent basis to ensure that all security updates are installed.

Risks Associated with Cookies

Following are some of the examples in which the attackers use cookies to carry out an attack −

  • Cross-site Request Forgery (XSRF) Attack

  • Fixation of the Session

  • Site-to-site Scripting

  • Cookie Tossing Attack

  • Cookie Overflow Attack

Cross-site Request Forgery (XSRF) Attack

A cookie is sent by a browser in response to a request, independent of the source of the request. This is where the real issue with cookies arises. When a website gets a request, it is unable to determine whether or not the activity was started by the user. It checks for the cookie and, if one is found, it conducts the action as if it were initiated by the user. An example may be used to clarify this.

Consider a user named "John" who visits a reputable website called "www.example.com" and has a valid cookie on his computer. Meanwhile, "Crusoe," an attacker, embeds a link to conduct some delete action on "www.example.com" in an image and uploads it on "www.exploit.com." When John goes to "www.exploit.com," the website loads the picture and sends a delete request to "www.example.com." The web server searches for the cookie when it gets the request. It then looks for John's cookie, interprets it as a legitimate request, and deletes it.

Fixation of the Session

Attacks on session fixation are based on the application level. An attacker forces the victim to use the attacker's or another's session ID in this sort of attack. This is accomplished by exploiting the cookie's browser directive route, which allows the user to impersonate someone else. An attacker can use this strategy to persuade the user to log in as the attacker on several application levels.

Site-to-site Scripting

An attacker must embed the vulnerability in a cookie to carry out a crosssite scripting attack. The exploit vector will then get the payload from the cookie and carry out the exploitation. This type of assault gets more difficult if the cookie has already been established. In this situation, the attacker must first get controlof the first cookie in the cookie string before launching the assault.

Cookie Tossing Attack

Cookie throwing is one of the most common sorts of cookie attacks, and it works like this −

  • Consider a user who goes to "www.example.com" and gets a domain cookie.

  • The cookie is delivered to the web server the next time the user visits the same site.

  • The issue now is that the cookie has no path or website name. As a result, if an attacker creates a subdomain cookie and transmits it along with a real cookie, the webserver will accept both.

  • Due to the absence of a rule requiring the browser to transmit the domain cookie first, it may send the subdomain cookie first.

  • If the malicious subdomain cookie is the first one received by the web server, it will be treated as genuine, and the value of that cookie will be used to give the user a session.

  • The web server cannot determine whether a cookie is real since cookie properties such as domain path secure and Http Only are not supplied to it.

Cookie Overflow Attack

A parent domain cookie can be changed with a subdomain cookie in this sort of attack by employing a Jscript in the subdomain.

  • Browsers have a restriction on how many cookies they may keep, and some, such as Chrome, don't check if the cookies are from a domain or a subdomain. It does nothing but save the cookies that are supplied to it.

  • The subdomain cookies that will be updated will not be of the HttpOnly or secure types.

  • After saving the subdomain cookie, an attacker can modify the cookie's expiration date, rendering the cookie meaningless.

  • Now the attacker has the ability to create a new malicious cookie and send it to the webserver.

  • Furthermore, there is no way for a web server to tell if a cookie is secure or HttpOnly. As a result, manufactured cookies can be used to carry out an attack.

Conclusion

To conclude, stay away from dubious websites (pay attention to any browser warnings) and keep your browser up to date. You might be subject to malicious attacks if you use an older version. As a result, it's a good idea to update your browser frequently to ensure that all security updates are installed.

raja
Updated on 28-Dec-2021 11:03:27

Advertisements