Download Security of Cookies in a computer lab setting

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
Document related concepts

Cyber-security regulation wikipedia , lookup

Citizen Lab wikipedia , lookup

Outlook.com wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer security wikipedia , lookup

Web of trust wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Cross-site scripting wikipedia , lookup

Internet privacy wikipedia , lookup

HTTP cookie wikipedia , lookup

Transcript 
Security of Cookies In A Public
Computer Lab Setting
Russell Fech
November 30, 2000
Outline
•
•
•
•
•
•
•
Introduction of Cookies
Problem Statement
Motivation/Importance
Objective
Research Plan
Assumptions
Conclusion
What are cookies?
• “Cookies are a general mechanism which
server side connections can use to both store
and retrieve information on the client side
of the connection.” - Netscape
• Also known as “Magic Cookies”
• Cookies can only be read by the website
that issued them
Types of cookies
• Persistent
– Stored on hard drive for the long time duration
• Non-persistent
– Stored only for the current session of the web
browser
Where are the cookies?
• Cookies exist on both major web browsers
– Netscape stores all cookies in the cookies.txt
file in a Netscape directory
– Internet Explorer stores individual cookies as
text files in a cookies directory
Why use cookies?
• Used to keep track of the client session state
– Allows the “Full Web Experience”
•
•
•
•
•
Rotating banners
Electronic shopping carts
Password saving
Data mining
Other uses
Why use cookies?
• Web browsers do not keep continuous
connections to the web sites
– Cookies send the information to reestablish
connections
• Web sites keep information about users to
customize the “Full Web Experience”
Problem Statement
• With the emergence of cookies, many users
are unknowingly releasing data about
themselves
• Win95/98 does not provide security to
protect users’ cookies
• Cookies are not designed to be used in a
multi-user environment
Problem Statement
• There are methods to eliminate/disallow the
use of cookies, but this blocks the “Full
Web Experience”
Motivation/Importance
• With the controversy concerning the safety
of cookies, it is in the best interest of the
administrator to ensure the security of user
information being transmitted to web sites
Motivation/Importance
• Protect the user from cookie crime
• Protect the subsequent users from getting
unwanted advertisement
• If cookie theft occurs, the administration
may be held accountable, however, if the
cookies are cleared off, there will be no
such threat
Objective
• Evaluate the use of cookies in public lab
settings
• Develop a hands-off approach to protect
users against the cookies threat by
providing a transparent layer of protection
• Provide formidable arguments why users
need protection from cookies
Research Plan
• Review current methods that attempt to
solve the cookie security problems
• Test these methods in a lab setting and
review their performance
• Improve on these methods
Methods and Problems
• Disable cookies completely
– Provides high security because no cookies are
formed
– Takes away from the “Full Web Experience”
• Clear cookies at startup/shutdown
– Safer than no protection, but requires a user to
do something
Methods and Problems
• Intercept the web browser and clean after
exiting
– High security, cleans up cookies when the user
shuts down the web browser
– Mischievous user may “disable” the program in
some fashion
– Program may crash
Assumptions
• Use of Win 95/98
– Win95/98 does not provide any security for
files or folders
– Most other operating systems protect users
because they require users to log into an
account in which their data is saved in a
secured area
Resources and Special Needs
• Public computer lab
– Computers with Win95/98
• Various cookie security methods
–
–
–
–
–
Disabling cookies
Batch file deletion of cookies
User deleting cookies themselves
Cookie Crunching Software
Most are free and easily obtainable over the
internet
Conclusion
• With the threat of mischievous users and the
possible misuse of cookies, it is up to the
administration to protect users from as many
threats as possible.
• Cookie security continues to be under major
dispute. If cookies are cleared from computers in
a lab setting the administration is no longer prone
to receiving any future threat to cookies.
Questions?
Questions?
Related documents
SSEMI2: Law of Demand, Law of Supply
SSEMI2: Law of Demand, Law of Supply
Ethical issues
Ethical issues
Disclaimer/Cookies
Disclaimer/Cookies
Legal Notice and Privacy Policy
Legal Notice and Privacy Policy
Supply and Demand Graphs
Supply and Demand Graphs
Data Mining / Partitioning Example Training Data Set Validation
Data Mining / Partitioning Example Training Data Set Validation
Chapter 4
Chapter 4
Online Security - Nassau Financial
Online Security - Nassau Financial
Privacy, copyright and use policies for ENSTOR Energy Services
Privacy, copyright and use policies for ENSTOR Energy Services
Math Test Review – Multiples, factors, prime and composites
Math Test Review – Multiples, factors, prime and composites
Session 8: Working with Form
Session 8: Working with Form
Third Party Web Tracking Policy and Technology
Third Party Web Tracking Policy and Technology
Cookies
Cookies