background preloader

HTTP cookie

HTTP cookie
A HTTP cookie (also called web cookie, Internet cookie, browser cookie or simply cookie, the latter which is not to be confused with the literal definition), is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity.[1] Cookies were designed to be a reliable mechanism for websites to remember stateful information (such as items in a shopping cart) or to record the user's browsing activity (including clicking particular buttons, logging in, or recording which pages were visited by the user as far back as months or years ago). §History[edit] The term "cookie" was derived from the term "magic cookie", which is a packet of data a program receives and sends back unchanged. Together with John Giannandrea, Montulli wrote the initial Netscape cookie specification the same year. §Structure[edit] Related:  PrivacyPrivacy

Local shared object Local shared objects (LSOs), commonly called Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player (developed by Macromedia, which was later acquired by Adobe Systems) since version 6.[1] Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to that of cookies, they can be used to store user preferences, save data from flash games, or to track users' Internet activity.[2] LSOs have been criticised as a breach of browser security, but there are browser settings and addons to limit the duration of their storage. Storage[edit] Local shared objects contain data stored by individual websites. Adobe Flash Player does not allow 3rd-party local shared objects to be shared across domains. Application to games[edit] Privacy concerns[edit]

Session (computer science) In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, this process is called sessionization, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses. An established session is the basic requirement to perform a connection-oriented communication. HTTP/1.0 was thought to only allow a single request and response during one Web/HTTP Session.

How I divorced Google March 16, 2012, 8:00 AM — I sat recently at the Grand Opening Ceremony at CeBIT 2012 in Hannover. There was a huge crowd of dignitaries, business people, and captains of German industry. They were waiting to hear from the President of Brazil, the Chancellor of Germany, and the Executive Chairman of Google, Eric Schmidt. Each gave a keynote. You see, I'm leaving Google, in toto -- meaning in every single possible personal way. If you live in the modern world, leaving Google is both heresy and damn difficult to do. [ The first truly honest privacy policy ] Day one: Inventory The content industry is tied to Google Analytics, which is the oil well in Google's basement that fuels and funds many things that Google does. That machine is charged with robbing most of your personal characteristics in a quest to make the ads better. Day one was spent totaling the way Google has permeated my online life. Day two: Leave no tracks, start to delete cookies First, I had to remove the cookies.

Browser Fingerprinting - Panopticlick Session ID A session ID is typically granted to a visitor on his first visit to a site. It is different from a user ID in that sessions are typically short-lived (they expire after a preset time of inactivity which may be minutes or hours) and may become invalid after a certain goal has been met (for example, once the buyer has finalized his order, he cannot use the same session ID to add more items). As session IDs are often used to identify a user that has logged into a website, they can be used by an attacker to hijack the session and obtain potential privileges. Examples of the names that some programming languages use when naming their cookie include JSESSIONID (JEE), PHPSESSID (PHP), and ASPSESSIONID (Microsoft ASP). See also[edit] Session management References[edit]

Is it possible to quit Google? 9 July 2012Last updated at 20:42 ET By Kate Dailey BBC News Magazine VIDEO: How to kiss Google goodbye Google's reach spreads far across the web. But is it possible to go online without being noticed by the search giant? Three computer professionals try to part ways with Google. Tom Henderson spends what he describes as "way too much" time online. The managing director for Extreme Labs, a technology company in Bloomington, Indiana, Henderson says he's often up late in the evening doing work for clients - and having fun exploring the far reaches of the internet. But when Google announced earlier this year that it would be streamlining the privacy agreements for all of its products - including YouTube, Blogger and Gmail - Henderson decided to find a way to stay online without patronising Google. The policy was criticised by EU officials for being too invasive. "At that point I had to make a decision," says Henderson. So Henderson decided to quit Google for good. 'Mission impossible'

Acoustic Snooping on Typed Information Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.) Asonov and Agrawal had a similar result previously, but they had to assume (unrealistically) that you started out with a recording of the person typing a known training text on the target keyboard. The algorithm works in three basic stages. The third stage is the hardest one. (This means that the first keystroke is in category 35, the second is in category 12, and so on. The only advantage you have is that English text has persistent regularities.

Session hijacking A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine. If source-routing is turned off, the hacker can use "blind" hijacking, whereby it guesses the responses of the two machines. A hacker can also be "inline" between B and C using a sniffing program to watch the conversation. History[edit] Session hijacking was not possible with early versions of HTTP. HTTP protocol versions 0.8 and 0.9 lacked cookies and other features necessary for session hijacking. Early versions of HTTP 1.0 did have some security weaknesses relating to session hijacking, but they were difficult to exploit due to the vagaries of most early HTTP 1.0 servers and browsers. The introduction of supercookies and other features with the modernized HTTP 1.1 has allowed for the hijacking problem to become an ongoing security problem. Methods[edit] Prevention[edit] Exploits[edit]

Google privacy changes 'in breach of EU law' 1 March 2012Last updated at 10:00 ET The new privacy policy is rolling out around the world on 1 March Changes made by Google to its privacy policy are in breach of European law, the EU's justice commissioner has said. Viviane Reding told the BBC that authorities found that "transparency rules have not been applied". The policy change, implemented on Thursday, means private data collected by one Google service can be shared with its other platforms including YouTube, Gmail and Blogger. Google said it believed the new policy complied with EU law. "We are confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles," it said in a statement. It said the new set-up would enable it to tailor search results more effectively, as well as offer better targeted advertising to users. It went ahead with the changes despite warnings from the EU earlier this week. Continue reading the main story Deleting your Google browsing history

PRISM (surveillance program) Below are a number of slides released by Edward Snowden showing the operation and processes behind the PRISM program. It should be noted that the "FAA" referred to is Section 702 of the FISA Amendments Act ("FAA"), and not the Federal Aviation Administration, which is more widely known by the same FAA initialism. Slide showing that much of the world's communications flow through the U.S. Details of information collected via PRISM Slide listing companies and the date that PRISM collection began Slide showing PRISM's tasking process Slide showing the PRISM collection dataflow Slide showing PRISM case numbers Slide showing the REPRISMFISA Web app Slide showing some PRISM targets. Slide fragment mentioning "upstream collection", FAA702, EO 12333, and references explicitly in the text. FAA702 Operations, and map FAA702 Operations, and map. Senator John McCain (R-AZ) Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee Senator Rand Paul (R-KY)

Magic cookie A magic cookie, or just cookie for short, is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket – to identify a particular event or transaction.[1] In some cases, recipient programs are able to meaningfully compare two cookies for equality. Cookie as token[edit] Cookies are used as identifying tokens in many computer applications.[2] When one visits a website, the remote server may leave an HTTP cookie on one's computer, where they are often used to authenticate identity upon returning to the website.[3] Cookies are a component of the most common authentication method used by the X Window System.[4] See also[edit] References[edit]

Facebook: The challenges ahead for the social network 25 July 2012Last updated at 23:08 GMT Plenty to think about: Facebook boss Mark Zuckerberg has several key problems to solve, the experts say When Facebook first floated on the stock exchange earlier this year, it started out at an astronomical high, valued at over $100bn (£65bn). Since then, rockier times. From an initial share price of $38, Facebook's stock dipped to below $29 in May. This week, there comes another huge test for the site as it releases the financial results for its first quarter of public trading. The BBC has asked four key experts for their views on where Facebook's challenges lie in the coming months. What do you think Facebook should do next? Jennifer Lynch is a staff attorney at the Electronics Frontier Foundation, a privacy campaign group. Facebook's acquisition of facial recognition software is concerning from a privacy perspective for two reasons. First, it is unclear what Facebook intends to do with the facial recognition data collected.

ECHELON ECHELON[needs IPA], originally a code-name, is now used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory nations to the UKUSA Security Agreement[1] — Australia, Canada, New Zealand, the United Kingdom, and the United States. Referred to by a number of other abbreviations, including AUSCANNZUKUS[1] and Five Eyes,[2][3][4] it has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications.[5] It was created in the early 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and was formally established in the year of 1971.[6][7] §Name[edit] Britain's The Guardian newspaper summarized the capabilities of the ECHELON system as follows: §History[edit] §Origins (1960s–1970s)[edit] §Expansion (1980s)[edit] §Organization[edit]

save state