assessing privacy risks of flash cookies

1SANS Technology Institute - Candidate for Master of Science Degree 1

Assessing Privacy Risks of Flash Cookies

Kevin Fuller and Stacy JordanFebruary 2011

Joint Written Project

SANS Technology Institute - Candidate for Master of Science Degree 2

Objective• Provide an overview of http and

flash cookies • Describe the problem with storing

flash cookies • Provide tools that will detect,

manage and analyze flash cookies


What are Cookies?

• Cookies! Cookies everywhere!

• What are cookies?• Text file of information• Tells website you are you (HTTP

cookie)• Keeps you logged into your website• Your Internet “ID card”


So What’s The Problem?

• Cookies can store a lot of information– Name, address phone number– Websites visited, Webpages viewed– Account logon IDs, passwords– On and On and…..

• All happening without the users knowledge or permission


The Cookie Cold War

• Advertisers and e-tailers– Targeted advertising– Gather your info and sell it to

customers• Privacy and Internet Security

Advocates– Features to block and delete cookies – Software to manage cookies– Laws and rules to aid Internet users


The Advertisers' Response?

Flash Cookies!!• They hold more information (100k+ vs 4k)• They can have no expiration date • They cannot be handled by existing

cookie management technologies• Re-Spawning!!• They can do more to control your

computer• Trojan-like behavior

Flash Cookie

• Super Cookie– Component

of Adobe Flash Player

• Local Storage Object

• Three Types– Master Cookie– Settings Cookie– Content Cookie

• Stored in a different location


How Much Information? Common Information Like:Name, UserID, websites accessed, general location and purchasesMore Personal Information Like:Home address, sexual preference, health conditions, financial informationSettings Information Like:Allowing other domains access to cookie Allowing third party access to cookieCamera settingsAudio and video settings


Risk and Response• Risk

– Privacy– Trojan?– Malicious

• Response– Legal Pressure– New Rules– Industry Self Regulation?


Private Browsing Mode• Internet Explorer

– In-Private Browsing• Safari

– Private browsing• Google

– Incognito• Firefox

– Private browsing– New RulesSANS Technology Institute - Candidate for Master of Science Degree 10


How to Find Flash Cookies

• The use of DIR command with command line switches can find flash cookies

Simple Detection and Deletion

• Flash Cookies Cleaner

• Flash Cookie Cleaner


Managing Flash Cookies

•Adobe Flash Player Settings Manager


• Maxa Cookie Manager

• CCleaner


Analyze Flash Cookies

•Edit Plus: can convert flash cookie data into hexadecimal(HEX) format

•SOLCAT: Perl tool created by Kristinn Guidjonsson to parse flash cookie created in Action Message Format 0 (AMF0)

•Galleta: forensic tool created by Keith Jones that will recreate Internet History


Analysis of In-Private Browsing Session

• Tools used for analysis– CCleaner– NetAnalysis

• Results of Analysis– No flash cookies were

saved– Other files were saved

that could be used to trace Internet activity


Browser Plugins

• Mozilla Firefox– Better Privacy– Tracker Scan

• Google Chrome– Click and Clean


The (Near) Future

• NPAPI ClearSiteData– Integrated flash cookie deletion– Google and Firefox

• Adobe Flash Player Settings Manager– Integrate it into client Flash Player

• Internet Explorer 9– Tracking Opt Out feature


Summary• Cookies provide a treasure trove of

information concerning Internet browsing habits

• As a result, companies that collect information need to protect the data

• Variety of tools are available to detect, manage and analyze flash cookies

• In the future, browsers will have new features to better protect from tracking

assessing privacy risks of flash cookies

Documents

cookies of internet

cookies software

storing flash cookies

website logins

specific website

originating website

value of website tracking

internet websites