Cookies: a threat to privacy and security on the web

Not to be confused with the delicious chocolate biscuitis, traditional of American cuisine, cookies in computer science are something very different. They are nothing more than tracks and information, during which Internet connections are left on the server or by the same, the passage of a user on the network. It is a question of lines of text used to perform automatic authentication, session tracking and storage of specific information about users accessing the server. We use cookies from a site to remember “who wants what“.

These reminders are useful for the proper functioning of the pages. There are a number of things that can be done through the use of cookies as: fill a virtual shopping cart, change your browser’s preferences, open sites without having to enter the password, and customize the look of a page, or view the ads that are relevant their interests.

Cookies were created in 1994 by Lou Montulli, an employee of Netscape, to solve some problems related to limitations in identifying the computers connected to a web page. Without cookies the sites can not know if two requests come from the same device, so you must assign them labels. Therefore, if on the one hand cookies can improve the navigation, on the other hand can threaten both privacy and information security to every user on the network. The latest versions of both browsers (Netscape and Internet Explorer) offer the possibility to launch information whenever a server tries to send a cookie.

If you enable this option, you can decline cookies. So, they are very useful, for example, if, after the subscription to a site that requires the use of a username and password, you receive a cookie, which allows to avoid the inclusion of these two parameters whenever we connects you browse from one page to the other of the reserved area; the browser will use the cookie as badge. Per with regard to security, however, only one “spy” armed with a sniffer, or passive interception activities of information, could intercept the cookie while going from the browser to the server, and use it for free access to the site. But since, the browser uses the domain name system (DNS) to determine which cookies belong to a server, you can change a browser, or enter and spy cookies on your computer in order to send a cookie to a server pirate, to subvert temporarily DNS.

To avoid this, among many technologies, the primary processes for those sites, is not to create cookies that have long life, because they can be stolen from the database of the user’s cookies and be read. Cookies do not contain executable code and therefore cannot corrupt data, are completely harmless, unable to contain the virus. Right now the scams that occurred are minor and e-commerce seems to be quite safe.

Imagine credits header:huffingtonpost.it