First of all, cookies are not even programs. They are small strings of text that are generated by a web server and stored in a client's computer. When a client sends an HTTP request to the server, the server sends a cookie embedded in the data stream back to the client. Cookies were implemented to allow a user to customize a website.
Cookies usually store a person's user name, so that they won't have to login every time they go to the website. When a user requests a URL with their browser, the browser will match the URL against all of the user's cookies. If any one of the user's cookies match, it will be sent along in the HTTP request.
As with everything involving the Internet, there is always a slight threat to your privacy. A website will only know what you yourself have told them. A cookie cannot search through your files; it is not a program! It is just two key/value pairs saved to a text file on your computer. Cookies may, however, allow for a website to track you better.
A server cannot set a cookie for a domain that it isn't a member of. But, almost everyone will end up with a cookie from "ad.doubleclick.net" without ever having seen it. DoubleClick has a clever solution that enables them to track users and serve media content without doing the (almost) impossible.
Most websites do not keep arrange their own advertisements. They usually arrange for a separate media service to give them advertisements. When a URL is requested, it is an HTTP request by the browser. First, there is a request for the HTML code. Then, everything the HTML needs is requested, including images and sounds.
The media service uses an HTTP request for a certain image. Once the request is made to the service, it can return more than just an ad. It can also return a cookie. Or, if is has given the user a cookie before, it will read that, and check to see which ad to send. What happens as a result is that the user gets a cookie from the media service without ever having been to their website.
Recently, a large security flaw was found in the way that Microsoft Internet Explorer processes cookies. This can lead to a remote exploit that allows the attacker to get a user's personal information and possibly authentication records. This could lead to the attacker being able to masquerade as the user on certain websites.
Microsoft has released a patch which rectifies this issue (note that users of Internet Explorer 5.5 must apply Internet Explorer Service Pack 2 before applying the fix):
Microsoft Internet Explorer 5.5SP2:
Microsoft Hotfix Q312461
http://download.microsoft.com/download/ie55sp2/secpac22/5.5_SP2/WIN98Me/EN-US/q312461.exe
Microsoft Internet Explorer 5.5SP1:
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:
Microsoft Hotfix Q312461
http://download.microsoft.com/download/IE60/secpac22/6/W98NT42KMeXP/EN-US/q312461.exe
Hopefully you've learned a bit while reading this. Maybe, you hadn't even heard of cookies before. If you haven't yet applied that security patch, you should make sure to do so right now. Thank you for taking the time to read this.
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|