What are Cookies & Do They Compromise Security?

Computer cookies are messages that a Web server transmits to a Web browser so that the Web server can enhance a users' experience. Cookies help store personal information about you so that when you return to the site, you have a more personalized experience.

Cookies often collect demographical information about who is visiting the website, in order to track how often visitors come to the site or how long they remain there. Some online shopping sites will make recommendations to you based on any previous purchase from that site, such as Amazon or NetFlix. These messages may contain your user name, email address, IP address, shopping cart items, preferred language and any other string that can be connected to your identity.

Cookies are stored in hard disks but their exact location (i.e. folder) depends on the browser you use. It is possible to view the cookies that are on your hard disk but the content stored in each cookie may not make much sense to you because it does not consist of plain text in English but combination of symbols, characters, characters and numbers.

A cookie is a mere piece of information and not a program code or a plug-in, so it does not act maliciously on computer systems. Cookies can not be used to spread malware, spyware or adware nor can they access your hard drive to find out information about you.

However, cookies can be a threat to privacy only when you give any sensitive information, such as credit card details, or other personal information which will most likely be also stored in a cookie unless you have the feature turned off in your browser. Some security issues associated with cookies include:

Cookie Poisoning

Cookie poisoning is performing of unauthorized modification of data stored inside the cookie. This can be easily performed with the help of tools available from internet. Most websites store secure cookies but still there are websites that apply poor encryption on cookies, which can be easily decoded. A good example of cookie poisoning is to attack a shopping cart on a website to change the total shopping cost to a huge discount.

Worms & Trojans

Worms such as Lohack and NetSky, which are associated with mass-mailing are capable to search and collect email addresses to text files and this can also include a user’s cookie.

Often Trojans are used to help steal a user’s cookie, which could be related to banking and contain sensitive information.

Exploits

An attacker could insert a malicious code to a legitimate and vulnerable website and when visitors come to the site, all get automatically redirected to another site where a malicious cookie stealer code awaits. The attacker then uses the stolen cookies to steal user’s online identity. These kinds of exploits and attacks are known as 'phishing', in which links can look legitimate, however it is not.

Backdoor

Backdoors can also be used to steal cookies associated to banks or online shopping sites such as eBay, Amazon, Kindle etc.

For your safety, every time you enter information on web forms whether it be when you are writing email, doing internet banking or shopping, make sure to delete the cookies together with your browsing history, after you are finished.

It is also possible to reject cookies if you prefer to use Internet without enabling storing of cookies. Method for disabling cookies varies from browser to browser; you just need to look at settings page to find the cookie options.

Using a firewall is highly recommended, which can help protect your computer from various different types of threats. Also, always use antivirus software so that it can detect and delete any malicious code-injectected cookie from your computer that might may come from Internet.

You should also more secure your Internet browser. If you use Microsoft Internet Explorer, learn about Securing Microsoft Internet Explorer, which explains how I.E can be made fully secure and how to configure cookie settings.