Beware the cookie monster

Tracking cookies are undesirable and should be avoided, but cookies that remember your login details are diabolical. Unfortunately, more and more websites are using cookies, or dare I say, demanding that you enable cookies, before you can do anything on the website. There are inherent dangers in doing this. Let me explain.

Cookies are designed to enhance your browsing experience. This is achieved by remembering what you looked at the last time you visited the website. It thus tries to gauge what you require and where you intend to browse to next. Hopefully, the dangers, or possibilities, are starting to spark off warning signals in your mind. It, therefore, builds up a profile of your activities. Some cookies are designed to remember your login details once you have visited a site, once again, to make your browsing experience more pleasurable. The obvious danger here is that anyone can log into your account if they have access to the computer on which you logged in on. If you use multiple computers or a publicly accessible computer, such as those found in libraries, then your login details will become compromised. It is as though you wrote those details on a piece of paper for everyone to see. I doubt that I have to elaborate anymore on this.

Some cookies report back to their authors the information they gathered. Although some authors are reputable and will only use some of the information to improve their sites, others may have more devious intent and use the data to capture as much information about you as possible. I shall illustrate using a simple example. Suppose you went to a site that demanded the installation of a cookie. This site may also contain some information you would be interested in and thus you decide to subscribe to this site. To do this you may have to enter your name and email address, and perhaps even a physical address and phone number. Already the amount of information submitted is quite astounding. The cookie grabs all the information and then starts tracking your movements. So after clicking the submit button, you go to your email account to check whether the subscription is successful. The cookie grabs your email URL, username and password. Voila! You afterwards proceed to Amazon.com or your banks website. Although both of these site have a secure login and te cookie may not be able to grab those details, it has tracked your visit to these sites, and consequently, you must have some association with this site.

In this instance, the amount of information is phenomenal, and the deviously minded will use this to create a new identity based on your own identity. And the rest is history, anxiety, tears, etc.

The final, and perhaps most malicious, cookie is the one that delivers a malicious payload. These are cookies found on bona fide looking websites that appear respectable, however, the will ask to enable cookies. Once this is done, a cookie is downloaded and installed, but this cookie contains script that downloads further into your system. From here it can observe all your activity and grab whatever details it likes. It too reports them back to the author. It can also propagate itself throughout a local network and thus infect other systems, and thereby compromise those users.

The point here is that threats do not always come into a system via email. Websites are equally dangerous. Try to stick to reputable websites, however, as this is not always possible, at least clear your cookies and restart the browser before going to another site.

Caution and common sense to all.