Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Media

Assessing Privacy Risks of Flash Cookies

advertisement 
Assessing Privacy Risks of Flash Cookies
Kevin Fuller and Stacy Jordan
February 2011
Joint Written Project
SANS Technology Institute - Candidate for Master of Science Degree
1
1
Objective
• Provide an overview of http and flash
cookies
• Describe the problem with storing flash
cookies
• Provide tools that will detect, manage
and analyze flash cookies
SANS Technology Institute - Candidate for Master of Science Degree
2
What are Cookies?
• Cookies! Cookies everywhere!
• What are cookies?
•
•
•
•
Text file of information
Tells website you are you (HTTP cookie)
Keeps you logged into your website
Your Internet “ID card”
SANS Technology Institute - Candidate for Master of Science Degree
3
So What’s The Problem?
• Cookies can store a lot of information
– Name, address phone number
– Websites visited, Webpages viewed
– Account logon IDs, passwords
– On and On and…..
• All happening without the users
knowledge or permission
SANS Technology Institute - Candidate for Master of Science Degree
4
The Cookie Cold War
• Advertisers and e-tailers
– Targeted advertising
– Gather your info and sell it to customers
• Privacy and Internet Security Advocates
– Features to block and delete cookies
– Software to manage cookies
– Laws and rules to aid Internet users
SANS Technology Institute - Candidate for Master of Science Degree
5
The Advertisers' Response?
Flash Cookies!!
• They hold more information (100k+ vs 4k)
• They can have no expiration date
• They cannot be handled by existing cookie
management technologies
• Re-Spawning!!
• They can do more to control your computer
• Trojan-like behavior
SANS Technology Institute - Candidate for Master of Science Degree
6
Flash Cookie
• Super Cookie
– Component of
Adobe Flash
Player
• Local Storage
Object
• Three Types
– Master Cookie
– Settings Cookie
– Content Cookie
• Stored in a different
location
SANS Technology Institute - Candidate for Master of Science Degree
7
How Much Information?
Common Information Like:
Name, UserID, websites accessed, general location and
purchases
More Personal Information Like:
Home address, sexual preference, health conditions, financial
information
Settings Information Like:
Allowing other domains access to cookie
Allowing third party access to cookie
Camera settings
Audio and video settings
SANS Technology Institute - Candidate for Master of Science Degree
8
Risk and Response
• Risk
– Privacy
– Trojan?
– Malicious
• Response
– Legal Pressure
– New Rules
– Industry Self Regulation?
SANS Technology Institute - Candidate for Master of Science Degree
9
Private Browsing Mode
• Internet Explorer
– In-Private Browsing
• Safari
– Private browsing
• Google
– Incognito
• Firefox
– Private browsing
Technology Institute - Candidate for Master of Science Degree
– NewSANS
Rules
10
How to Find Flash Cookies
• The use of DIR command with
command line switches can find flash
cookies
SANS Technology Institute - Candidate for Master of Science Degree
11
Simple Detection and Deletion
• Flash Cookies
Cleaner
• Flash Cookie
Cleaner
SANS Technology Institute - Candidate for Master of Science Degree
12
Managing Flash Cookies
• Adobe Flash
Player Settings
Manager
• Maxa Cookie
Manager
• CCleaner
SANS Technology Institute - Candidate for Master of Science Degree
13
Analyze Flash Cookies
• Edit Plus: can convert flash cookie data
into hexadecimal(HEX) format
• SOLCAT: Perl tool created by Kristinn
Guidjonsson to parse flash cookie
created in Action Message Format 0
(AMF0)
• Galleta: forensic tool created by Keith
Jones that will recreate Internet History
SANS Technology Institute - Candidate for Master of Science Degree
14
Analysis of In-Private
Browsing Session
• Tools used for analysis
– CCleaner
– NetAnalysis
• Results of Analysis
– No flash cookies were saved
– Other files were saved that
could be used to trace
Internet activity
SANS Technology Institute - Candidate for Master of Science Degree
15
Browser Plugins
• Mozilla Firefox
– Better Privacy
– Tracker Scan
• Google Chrome
– Click and Clean
SANS Technology Institute - Candidate for Master of Science Degree
16
The (Near) Future
• NPAPI ClearSiteData
– Integrated flash cookie deletion
– Google and Firefox
• Adobe Flash Player Settings Manager
– Integrate it into client Flash Player
• Internet Explorer 9
– Tracking Opt Out feature
SANS Technology Institute - Candidate for Master of Science Degree
17
Summary
• Cookies provide a treasure trove of
information concerning Internet browsing
habits
• As a result, companies that collect
information need to protect the data
• Variety of tools are available to detect,
manage and analyze flash cookies
• In the future, browsers will have new
features to better protect from tracking
SANS Technology Institute - Candidate for Master of Science Degree
18
Related documents
the doorbell rang powerpoint
the doorbell rang powerpoint
Word Study Activity
Word Study Activity
Hyper Media Math Quiz
Hyper Media Math Quiz
Commercial awareness – the interviewers perspective
Commercial awareness – the interviewers perspective
Cookie Stealing and XSS Presentation (Click to
Cookie Stealing and XSS Presentation (Click to
Fortune Cookie Handout Abby Hargreaves Head RA of
Fortune Cookie Handout Abby Hargreaves Head RA of
All the world`s a stage, And all the men and women merely players
All the world`s a stage, And all the men and women merely players
Download
advertisement