Local shared object Local shared objects (LSOs), commonly called Flash cookies (due to their similarities with HTTP cookies), are pieces of data that websites which use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player (developed by Macromedia, which was later acquired by Adobe Systems) since version 6. Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to that of cookies, they can be used to store user preferences, save data from flash games, or to track users' Internet activity. LSOs have been criticised as a breach of browser security, but there are browser settings and addons to limit the duration of their storage. Storage Local shared objects contain data stored by individual websites. Adobe Flash Player does not allow 3rd-party local shared objects to be shared across domains. Application to games Privacy concerns
Session (computer science) In computer science, in particular networking, a session is a semi-permanent interactive information interchange, also known as a dialogue, a conversation or a meeting, between two or more communicating devices, or between a computer and user (see Login session). A session is set up or established at a certain point in time, this process is called sessionization, and torn down at a later point in time. An established communication session may involve more than one message in each direction. A session is typically, but not always, stateful, meaning that at least one of the communicating parts needs to save information about the session history in order to be able to communicate, as opposed to stateless communication, where the communication consists of independent requests with responses. An established session is the basic requirement to perform a connection-oriented communication. HTTP/1.0 was thought to only allow a single request and response during one Web/HTTP Session.
Browser Fingerprinting - Panopticlick Session ID A session ID is typically granted to a visitor on his first visit to a site. It is different from a user ID in that sessions are typically short-lived (they expire after a preset time of inactivity which may be minutes or hours) and may become invalid after a certain goal has been met (for example, once the buyer has finalized his order, he cannot use the same session ID to add more items). As session IDs are often used to identify a user that has logged into a website, they can be used by an attacker to hijack the session and obtain potential privileges. Examples of the names that some programming languages use when naming their cookie include JSESSIONID (JEE), PHPSESSID (PHP), and ASPSESSIONID (Microsoft ASP). See also Session management References
Is it possible to quit Google? 9 July 2012Last updated at 20:42 ET By Kate Dailey BBC News Magazine VIDEO: How to kiss Google goodbye Google's reach spreads far across the web. But is it possible to go online without being noticed by the search giant? Three computer professionals try to part ways with Google. Tom Henderson spends what he describes as "way too much" time online. The managing director for Extreme Labs, a technology company in Bloomington, Indiana, Henderson says he's often up late in the evening doing work for clients - and having fun exploring the far reaches of the internet. But when Google announced earlier this year that it would be streamlining the privacy agreements for all of its products - including YouTube, Blogger and Gmail - Henderson decided to find a way to stay online without patronising Google. The policy was criticised by EU officials for being too invasive. "At that point I had to make a decision," says Henderson. So Henderson decided to quit Google for good. 'Mission impossible'
Acoustic Snooping on Typed Information Li Zhuang, Feng Zhou, and Doug Tygar have an interesting new paper showing that if you have an audio recording of somebody typing on an ordinary computer keyboard for fifteen minutes or so, you can figure out everything they typed. The idea is that different keys tend to make slightly different sounds, and although you don’t know in advance which keys make which sounds, you can use machine learning to figure that out, assuming that the person is mostly typing English text. (Presumably it would work for other languages too.) Asonov and Agrawal had a similar result previously, but they had to assume (unrealistically) that you started out with a recording of the person typing a known training text on the target keyboard. The algorithm works in three basic stages. The third stage is the hardest one. (This means that the first keystroke is in category 35, the second is in category 12, and so on. The only advantage you have is that English text has persistent regularities.
Session hijacking A popular method is using source-routed IP packets. This allows a hacker at point A on the network to participate in a conversation between B and C by encouraging the IP packets to pass through its machine. If source-routing is turned off, the hacker can use "blind" hijacking, whereby it guesses the responses of the two machines. A hacker can also be "inline" between B and C using a sniffing program to watch the conversation. History Session hijacking was not possible with early versions of HTTP. HTTP protocol versions 0.8 and 0.9 lacked cookies and other features necessary for session hijacking. Early versions of HTTP 1.0 did have some security weaknesses relating to session hijacking, but they were difficult to exploit due to the vagaries of most early HTTP 1.0 servers and browsers. The introduction of supercookies and other features with the modernized HTTP 1.1 has allowed for the hijacking problem to become an ongoing security problem. Methods Prevention Exploits
PRISM (surveillance program) Below are a number of slides released by Edward Snowden showing the operation and processes behind the PRISM program. It should be noted that the "FAA" referred to is Section 702 of the FISA Amendments Act ("FAA"), and not the Federal Aviation Administration, which is more widely known by the same FAA initialism. Slide showing that much of the world's communications flow through the U.S. Details of information collected via PRISM Slide listing companies and the date that PRISM collection began Slide showing PRISM's tasking process Slide showing the PRISM collection dataflow Slide showing PRISM case numbers Slide showing the REPRISMFISA Web app Slide showing some PRISM targets. Slide fragment mentioning "upstream collection", FAA702, EO 12333, and references yahoo.com explicitly in the text. FAA702 Operations, and map FAA702 Operations, and map. Senator John McCain (R-AZ) Senator Dianne Feinstein (D-CA), chair of the Senate Intelligence Committee Senator Rand Paul (R-KY)
Magic cookie A magic cookie, or just cookie for short, is a token or short packet of data passed between communicating programs, where the data is typically not meaningful to the recipient program. The contents are opaque and not usually interpreted until the recipient passes the cookie data back to the sender or perhaps another program at a later time. The cookie is often used like a ticket – to identify a particular event or transaction. In some cases, recipient programs are able to meaningfully compare two cookies for equality. Cookie as token Cookies are used as identifying tokens in many computer applications. When one visits a website, the remote server may leave an HTTP cookie on one's computer, where they are often used to authenticate identity upon returning to the website. Cookies are a component of the most common authentication method used by the X Window System. See also References
Facebook: The challenges ahead for the social network 25 July 2012Last updated at 23:08 GMT Plenty to think about: Facebook boss Mark Zuckerberg has several key problems to solve, the experts say When Facebook first floated on the stock exchange earlier this year, it started out at an astronomical high, valued at over $100bn (£65bn). Since then, rockier times. From an initial share price of $38, Facebook's stock dipped to below $29 in May. This week, there comes another huge test for the site as it releases the financial results for its first quarter of public trading. The BBC has asked four key experts for their views on where Facebook's challenges lie in the coming months. What do you think Facebook should do next? Jennifer Lynch is a staff attorney at the Electronics Frontier Foundation, a privacy campaign group. Facebook's acquisition of facial recognition software face.com is concerning from a privacy perspective for two reasons. First, it is unclear what Facebook intends to do with the facial recognition data face.com collected.
ECHELON ECHELON[needs IPA], originally a code-name, is now used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory nations to the UKUSA Security Agreement — Australia, Canada, New Zealand, the United Kingdom, and the United States. Referred to by a number of other abbreviations, including AUSCANNZUKUS and Five Eyes, it has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications. It was created in the early 1960s to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, and was formally established in the year of 1971. §Name Britain's The Guardian newspaper summarized the capabilities of the ECHELON system as follows: §History §Origins (1960s–1970s) §Expansion (1980s) §Organization