[ PERSONAL RISK] [ ACCEPTING] [ VIEWING]

Cookies can be set in two ways; one is when you load an HTML page from a server, the other way is when you load a graphic from a WWWServer (Newsgroups don't count).

Since a cookie only stores information any security risks are not with the cookie but with data that you give out to websites that can then be stored as a cookie. The current Cookie RFC will not allow cookies to be set by gifs, when it's finalized I'll change this paragraph.

  • Don't type your email address into forms if you don't want that person/organization to have it. There is a simple way to have your web browser automatically email someone when you load a page so don't type your email address or name into your webbrowser. this means that you can't get your email with your web browser but that's what programs like Eudora and Em at iler are for.
  • Don't type your credit card info on the Web if you don't trust the site. I have personally ordered lots of things on the web and haven't had a problem yet. But if your paranoid, better safe than sorry.
  • Always Update your web browser. Netscape and Microsoft internet explorer have both had some security bugs, that's why there are updates to these programs.

Another Opinion This is a thread snippet (moved to the WWW) on cookies & security. Our hero is Greg, who works at C|Net (among other infamous establishments... at least that is where his email address is). It's a clear message on cookie related risk.

You can have your browser alert you before it accepts a cookie.

Netscape Navigator 3.0 & up

  • Go to the Options Menu
  • Select the Network Preferences Menu Item
  • From the window that appears Select the Protocols tab
  • Locate the Section Show an Alert Before
  • Check the box labeled Accepting a Cookie

Internet Explorer

  • Go to the View Menu
  • Select the Options Menu Item
  • Click the Advanced tag
  • Select the option that says "Warn Before Accepting Cookies"

From now on you will get an Alert box telling you that a server is trying to set a cookie at your browser. It will tell you what the cookie value is and how long it will last before your browser deletes it
If you lock the cookies.txt (non-Mac machines) or MagicCookie (Mac) file this will not stop cookies from working. Cookies will still reside in memory. It will however make it so the cookie data doesn't get saved past your current browsing session e.g. when you quit the cookie data will be gone, it may also cause Netscape to bomb when you quit.

You can view the Cookie that I set (If you didn't deny it) by pressing the big cookie.
This CGI will show you all the cookies I have access to on your machine (which is one). There are other things transmitted to the server from your browser that don't have anything to do with cookies. These are; You computer type, browser type, IP (internet protocol) address, the page that linked you to here etc.

If you would like to see all the cookies you have stored on your hard drive search for the word cookies on IBM or MagicCookie on Macintosh, then open this file with a text editor. It won't look like much but there it is.

Here are some sample cookies on my hard drive:

domain ??? path secure expire date cookie name cookie data
.illuminatus.com TRUE

/

FALSE 945734399 Count 71
.linkexchange.com TRUE

/

FALSE 942191999 SAFE_COOKIE 338ce11d04001532
.hotbot.com TRUE

/

FALSE 937396800 ink IU0DDzlh50BBEA6AEE1ED

Domain is the domain name of the server that set the cookie.
??? I don't know what this is.
Path is the minimum path that is required before your browser will send it's cookie.
Secure tells the browser if it should require a secure socket connection before sending it's cookie
Expire Date this is the date the cookie will be go away
Cookie Name this is the name of this particular cookie
Cookie Data this is the data contained in the cookie.


[ MAIN] [ CODE] [ SECURITY] [ TIPS] [ LINKS]
Last Modified 6/29/97
Copyright© 1995, 1996, 1997 Andy Kington


WEBSPACE PROVIDE BY:
ILLUMINATUS INC.