1 / 18

Assessing Privacy Risks of Flash Cookies

Assessing Privacy Risks of Flash Cookies. Kevin Fuller and Stacy Jordan February 2011 Joint Written Project . Objective. Provide an overview of http and flash cookies Describe the problem with storing flash cookies Provide tools that will detect, manage and analyze flash cookies.

vianca
Download Presentation

Assessing Privacy Risks of Flash Cookies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February 2011 Joint Written Project SANS Technology Institute - Candidate for Master of Science Degree

  2. Objective • Provide an overview of http and flash cookies • Describe the problem with storing flash cookies • Provide tools that will detect, manage and analyze flash cookies SANS Technology Institute - Candidate for Master of Science Degree

  3. What are Cookies? • Cookies! Cookies everywhere! • What are cookies? • Text file of information • Tells website you are you (HTTP cookie) • Keeps you logged into your website • Your Internet “ID card” SANS Technology Institute - Candidate for Master of Science Degree

  4. So What’s The Problem? • Cookies can store a lot of information • Name, address phone number • Websites visited, Webpages viewed • Account logon IDs, passwords • On and On and….. • All happening without the users knowledge or permission SANS Technology Institute - Candidate for Master of Science Degree

  5. The Cookie Cold War • Advertisers and e-tailers • Targeted advertising • Gather your info and sell it to customers • Privacy and Internet Security Advocates • Features to block and delete cookies • Software to manage cookies • Laws and rules to aid Internet users SANS Technology Institute - Candidate for Master of Science Degree

  6. The Advertisers' Response? Flash Cookies!! • They hold more information (100k+ vs 4k) • They can have no expiration date • They cannot be handled by existing cookie management technologies • Re-Spawning!! • They can do more to control your computer • Trojan-like behavior SANS Technology Institute - Candidate for Master of Science Degree

  7. Flash Cookie • Super Cookie • Component of Adobe Flash Player • Local Storage Object • Three Types • Master Cookie • Settings Cookie • Content Cookie • Stored in a different location SANS Technology Institute - Candidate for Master of Science Degree

  8. How Much Information? Common Information Like: Name, UserID, websites accessed, general location and purchases More Personal Information Like: Home address, sexual preference, health conditions, financial information Settings Information Like: Allowing other domains access to cookie Allowing third party access to cookie Camera settings Audio and video settings SANS Technology Institute - Candidate for Master of Science Degree

  9. Risk and Response • Risk • Privacy • Trojan? • Malicious • Response • Legal Pressure • New Rules • Industry Self Regulation? SANS Technology Institute - Candidate for Master of Science Degree

  10. Private Browsing Mode • Internet Explorer • In-Private Browsing • Safari • Private browsing • Google • Incognito • Firefox • Private browsing • New Rules SANS Technology Institute - Candidate for Master of Science Degree

  11. How to Find Flash Cookies • The use of DIR command with command line switches can find flash cookies SANS Technology Institute - Candidate for Master of Science Degree

  12. Simple Detection and Deletion • Flash Cookies Cleaner • Flash Cookie Cleaner SANS Technology Institute - Candidate for Master of Science Degree

  13. Managing Flash Cookies • Adobe Flash Player Settings Manager • Maxa Cookie Manager • CCleaner SANS Technology Institute - Candidate for Master of Science Degree

  14. Analyze Flash Cookies • Edit Plus: can convert flash cookie data into hexadecimal(HEX) format • SOLCAT: Perl tool created by Kristinn Guidjonssonto parse flash cookie created in Action Message Format 0 (AMF0) • Galleta: forensic tool created by Keith Jones that will recreate Internet History SANS Technology Institute - Candidate for Master of Science Degree

  15. Analysis of In-Private Browsing Session • Tools used for analysis • CCleaner • NetAnalysis • Results of Analysis • No flash cookies were saved • Other files were saved that could be used to trace Internet activity SANS Technology Institute - Candidate for Master of Science Degree

  16. Browser Plugins • Mozilla Firefox • Better Privacy • Tracker Scan • Google Chrome • Click and Clean SANS Technology Institute - Candidate for Master of Science Degree

  17. The (Near) Future • NPAPI ClearSiteData • Integrated flash cookie deletion • Google and Firefox • Adobe Flash Player Settings Manager • Integrate it into client Flash Player • Internet Explorer 9 • Tracking Opt Out feature SANS Technology Institute - Candidate for Master of Science Degree

  18. Summary • Cookies provide a treasure trove of information concerning Internet browsing habits • As a result, companies that collect information need to protect the data • Variety of tools are available to detect, manage and analyze flash cookies • In the future, browsers will have new features to better protect from tracking SANS Technology Institute - Candidate for Master of Science Degree

More Related