What are Cookies?

Download Report

Transcript What are Cookies?

Chapter 12: How Private
are Web Interactions?
Why we care?


How much of your personal info was
released to the Internet each time you
view a Web page?
How secure is your personal (credit
card) info when moved from your
browser to the Web server?
How info is transmitted?

Uniform Resource Locator (URL)
http://www.cs.uofs.edu/~bi/2005f-html/cil102/chap-sum.html
Hypertext Transfer
Protocol
Directory path
Domain name
of the Web server
Web page
How info is transmitted?

Forms using the GET method
– Your shipping address
– In the webpage, <FORM … METHOD=“GET” …
– Your address is displayed publicly

http://www.some.com/shop.php?name=‘smith’...
– Anyone over your shoulder can read it
– Since using the GET method is determined by
the Web server, there is nothing you can do to
avoid it
How info is transmitted?

Forms using the POST method
– Your shipping address
– In the webpage, <FORM …
METHOD=“POST” …
– Your address is NOT displayed publicly
– This does NOT mean it is safe.
What info is transmitted?

Each time you access the Web, the browser
sends the following to the Web server
– The IP address of your machine

Often it can identify your town or ISP
– The web server’s IP address
– The OS you use on your machine
– The browser you use

Goto
http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php
to see how much info is sent to the Web server
What are Cookies?


Have you ever gone to a website that seemed to
remember you?
Websites use cookies to store info about you on your
own computer
– When you visit such a website, it stores info as cookies (that
appear as files) on your computer
– Next you visit the same website, your browser sends over all
the cookies stored by that website

What info is stored in cookies?
– In theory, anything the website wants to
– Normally, it is about how you used the website
– A website could store your id, password, etc in cookies if it
has that info.
What are Cookies?

The positive side of cookies
– A Web server can use cookies to streamline and
personalize your interactions with it
– A browser is supposed to send cookies only to the
Web server who stored them.

The negative side of cookies
– Companies may use cookies to store info for other
purposes without your permission
– There are ways for a Web server to get cookies
that were stored by other Web servers.
What defenses against Cookies

For the website you visit, especially, those
websites you need to register, check:
– How will the company use the info you
supply?
– Will the company share info with others?
– Can you limit access of other to this info?
– What protections are in place to keep this
info?
What defenses against Cookies

If you use a computer at work or school,
cookies would be stored on school or
company’s computer:
– System administrators or managers may read your
cookies files

View your organization’s privacy policy
– Technicians may inadvertently access your cookies,
when your computer was sent for repair, for example.
– Best way to protect yourself, delete cookies.

Almost every browser has a function you can use to delete
cookies.
How secure is info during
transmission



When you use the Internet, all data you put
on the network is visible to computers on
the same Ethernet, as discussed in Ch 8.
When your data need to be passed from
one segment to another segment of the
network, the intermediate computers can
read your data.
Thus, info is not secure at all when
transmitted on the Internet.
How secure is info during
transmission

One way to protect yourself is to encrypt
info that you want to be confidential
– When data is encrypted, it can still be copied or
intercepted by other computers, however, they
would not know what it means.
– When a good encryption is used, it may take
years, decades to break the code

When shopping (or passing private info) on
the Web, make sure the website uses
HTTPS protocol.
– HTTPS: Secure HTTP, which asks the browser to
encrypt the data before it is transmitted and the
server decrypts data upon receiving.
How can one get credit card #
online?

If you don’t use encryption when you send your
credit card number (via email, or the Web) on the
Internet, someone may intercept the data and get
the card number.
– Encrypt your email and use HTTPS

Someone may install a keyboard sniffer, a spyware,
to record every key stroke, and the sniffer sends
credit card # to an accomplice site.
– Remove spyware from your computer

Credit card companies and companies that have
your credit card info may not have that info
securely protected. Hackers may steal info from
those companies’ computers.
How can online companies
defraud me?



If the online company (a website) is not a
real company or it engages in unethical
practices, you may be charged but never
receive the merchandise or overcharged.
It is very hard to recover the charges over
the Internet.
To protect yourself, only deal with
companies with well-established reputation,
like amazon.com, etc.
How can I secure my private
computer files?





Install a firewall to restrict ports that can be used
for Internet communications to your computer
Require users of computer to have an account and
password.
Use anti-virus software to check all incoming
materials (through email, ftp, webpages) for virus
and spyware.
Carefully monitor new programs, games and other
files you bring into your system. Some programs
may be vulnerable to security breaches.
If the operating system supports file permissions,
keep your private files accessible to you only.
Does keeping a computer
online comprise its security?

Operating systems and other programs are
quite complex, and thus prone to containing
errors that in turn could create vulnerability.
– Software vendors monitor their products and
release updates to resolve security risks and
other errors.
– Thus, make sure install those updates on your
computer.


Configure your Windows XP to download updates from
Microsoft and install them on a regularly basis.
Use password, encryption, etc to protect
your wireless network from unauthorized
access.
Summary – chapter 12


When you surf to a Web page,
information is sent to the site that you
surf to about you, including but not
limited to, your Web address,
Operating System, Browser, time of
day.
The Web page you surf to can also set
cookies on your machine.
Summary (Continued)




Cookies can be beneficial by customizing
your experience at that site and making
things easy. But
Cookies can also pass information about you
to third parties including info about other
places you surf.
Anything that you do on the Web can be
traced and intercepted.
https is an encrypted secure protocol for
browsing and should be used for all
transactions which need to be secure.
Summary (Concluded)


If your computer is connected to the
internet, there is a chance that
outsiders can gain access to your
computer.
You should use a Firewall, anti-virus,
password protection, and spy ware
detectors to protect yourself.
Terminology






Cookies
Decryption
Encryption
Form
Secure HTTP
Uniform Resource
Locator (URL)