130 likes | 353 Views
Cookie – small chunk of data generated by a Web server and stored in a text file on your computer. Cookies: What is a “cookie”?. A cookie is created by a Web server and stored on your computer’s hard disk. 24. What is a “cookie”?. Web sites use cookies to:
E N D
Cookie – small chunk of data generated by a Web server and stored in a text file on your computer Cookies: What is a “cookie”? A cookie is created by a Web server and stored on your computer’s hard disk 24 Dr. Roger Webster & Dr. Nazli Mollah
What is a “cookie”? • Web sites use cookies to: • Track your path through a site to keep track of the pages you viewed or the items you purchased • Provide information that allows the Web site to present you with ad banners targeted to products you previously purchased at that Web site • Collect personal information you type into a Web page form and retain any personal information that you type into a Web page form 25 Dr. Roger Webster & Dr. Nazli Mollah
Why do Web sites use cookies? • You are on your favorite online music store • You search for your favorite band, new music, listen to sample tracks • Altogether you may have viewed 2- Web pages • Each time you connect to a different page, the server regards it as a new visit • Cookies allow the music site’s server to identify you so that your request won’t be mixed up with other thousands of people visiting the same online music store • Cookies also enables the server to keep track of your activity and compile a list of your purchases Dr. Roger Webster & Dr. Nazli Mollah
How do cookies work? • the cookie message can include a: • customer number • shopping cart number • part number • other data • expiration date • domain name of the host that created the cookie • a server that creates a cookie can request it the next time you connect to one its Web pages your browser connects to a site that uses cookies browser server the server sends a “set-cookie” HTTP message the cookie is saved by your browser onto your computer’s hard disk Dr. Roger Webster & Dr. Nazli Mollah
Are cookies safe and private? • Cookies are a relatively safe technology • Data, not computer program • cannot executed to activate worms or viruses • Can only be accessed by site that created it • Contain only information you disclose while using the site • a cookie cannot rummage through your hard drive to find passwords • BUT if you enter your credit card number during an online purchase it is possible for the cookie to store that number – same with SSN • most reputable Web sites do not store such sensitive information • Uses a customer account generated number instead of your name • your name is not associated with your cookies unless you entered it into a form, which is then transferred to a cookie 26 Dr. Roger Webster & Dr. Nazli Mollah
Does my computer have to accept cookies? 27 Dr. Roger Webster & Dr. Nazli Mollah
How long do cookies stay on my computer? • A Web programmer can program cookie to “time out” • You can delete the cookies • Firefox uses Cookies.txt or Magiccookie • IE stores each in a separate file 28 Dr. Roger Webster & Dr. Nazli Mollah
Online Shopping Dr. Roger Webster & Dr. Nazli Mollah
Shopping Carts: What’s an online shopping cart? • Shopping cart – cyberspace version of the good old metal cart that you wheel around a store and fill up with merchandise • Shopper browses Web site, and then adds products using a “Buy” or “Add to Cart” button • Uses cookies to store information about your activities on Web site Dr. Roger Webster & Dr. Nazli Mollah
Shopping Carts: What’s an online shopping cart? • Add to Cart • when you click the “Add to Cart” button, the merchant’s server sends a message to your browser to add that item number (or ID number) to your cookie, which is them stored on your computer • View Cart • When you check out, the server asks your browser for all the cookie data that pertains to your chopping cart items • Cookies • Your browser sends those cookies along with a request for an order summary • Web Server • The Web server uses the cookies to produce a Web page listing the items you want to purchase Dr. Roger Webster & Dr. Nazli Mollah
Is it safe to shop online? • spyware is any technology that surreptitiously gathers information • In the context of the Web and e-commerce, spyware secretly gathers information and relays it to advertisers or other interested parties • Web marketers use several spyware techniques, including ad-serving cookies and clear GIFs • Ad-serving cookies • if you click an ad, this 3rd party can create an ad-serving cookie and use it to track your activities at any site containing banner ads from that third party • They claim that it is to simply serve you better targeted advertising • but privacy advocates worry that shopper profiles are compiled, sold, and used for unauthorized purposes • Clear GIFs • typically 1x1 pixel graphic on a Web page • can be used to set cookies to a 3rd party Web site • You don’t even have to click a banner ad to receive the GIF-activated cookie • simply viewing the page that contains a clear GIF sets the cookie • Cookies created with clear GIFs have the same uses and potential for misuse as ad-serving cookies • ad-blocker software and anti-spyware are designed to block ad-serving cookies, clear GIFs, and other spyware – some even block banner and pop-up adverts altogether – these are becoming increasingly popular products, despite their tendency to slightly slow your browser’s response time Dr. Roger Webster & Dr. Nazli Mollah
Can credit cards be intercepted? • Can credit card numbers be intercepted while traveling over the Internet? • YES • A packet sniffer (protocol analyzer) is a computer program that reads (sniffs) data packets as they travel over networks • most devices read only packets addressed to them, but packet sniffers read packets addressed to other devices • good for network administrators who have a legitimate need to observe/ open packets to their network • dangerous for hackers • Ethereal is a well-known packet sniffer software Dr. Roger Webster & Dr. Nazli Mollah
Transaction Privacy & Security • To protect your data from packet-sniffing data, you should engage in electronic transactions only over secure connection • A secure connection encrypts the data flowing between your computer and the Web server • Even if a hacker can access packets containing your payment data, it is of little use if the data is cannot be decrypted • Technologies that create secure connections include SSL and HTTPS Dr. Roger Webster & Dr. Nazli Mollah