Cookies: An overview of associated privacy and security risks - Security Boulevard

Cookies: An overview of associated privacy and security risks

Introduction

Anyone who regularly browses the internet must have seen some sort of pop-up or other form of alert about the use of cookies. Some sites even give you the option to accept cookies completely or only partially. So, there is an important question to answer: is it safe to enable cookies?

In truth, the use of cookies can be traced back to the dawn of the world wide web. In 1994, a Netscape Communications employee created them as a solution that would help make shopping carts for e-commerce stores possible. They have been widely used since then. However, even today, most internet users still do not understand exactly what they are or how their use can pose risks to information security and privacy.

Concerns in this area are also not exactly new. For example: in 2011, the European Union approved the Cookie Law: even though some people were a bit disappointed after discovering it would not make access to delicious chocolate cookies a fundamental human right, this new regulation was another important step towards protecting personal data and guaranteeing the right to privacy. It basically states that websites need to seek consent before exposing you to cookies.

Simply put, cookies are an important tool on the internet and have the potential to give businesses a great deal of insight into their users’ online activity. Far beyond the privacy-related issues, there are many ways that unprotected cookies can be manipulated and expose both users and organizations to severe security incidents.

What are cookies and how do they work? 

Cookies are small text files that websites place on your devices as you are browsing. In fact, the cookies themselves are quite harmless; they are processed and stored by your web browser and are fundamental to some functions on websites, such (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Claudio Dodt. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/GCWgly94t9I/