Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: Blocking those Secret, Stubborn Cookies - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Blocking those Secret, Stubborn Cookies

Robert wrote in last night in response to a story in the latest SANS NewsBites newsletter that discussed a report about the increasing use of flash cookies, using Adobe Flash, that are not affected the privacy controls setup in the web browser.

He pointed out that for folks who use Firefox, there is an add-on called Better Privacy that can block them.

Here is the original Wired story and here is a link to the Better Privacy add-on.

David

78 Posts
My online banking access relies on Flash cookies for identifying a computer I've used in the past, allowing me to avoid challenge questions or SMS'd one-time passcodes. If you decide to start blocking these en masse, your spouse might not be too happy when they go to an online banking account.
Anonymous
True, the add-on author does point out you should "exclude important cookies from deletion" and has steps in the FAQ on how to exclude certain flash cookies from any automatic deletion.
David

78 Posts
More coverage here: http://www.bmighty.com/blog/main/archives/2009/05/more_ways_to_de.html, including info on how to clean them out even if you don't use Firefox. CCleaner from ccleaner.com now deletes flash cookies AND all the directories in %APPDATA%\Macromedia.
David
1 Posts
I prefer the Flash Block plugin :P
Steven C.

171 Posts
Macintouch is covering this from the Mac side of the fence, and has pointers to a simple app that deletes all the Flash cookies. It also deletes your Flash security preferences, it seems...
http://www.macintouch.com/readerreports/security/index.html#d12aug2009
Paul

44 Posts
Flash has "security"? lol
Steven

42 Posts

Sign Up for Free or Log In to start participating in the conversation!