12(a) Flashcards
(3 cards)
Explain one security or privacy issue related to HTTP cookies, focusing on potential malicious activities involving users.
One security issue related to HTTP cookies is Session Hijacking. Since HTTP is stateless, cookies are used to maintain session state for clients, such as for authentication after login. If an attacker obtains a user’s cookie (for instance, if users could swap or steal cookies), they may be able to use it to take over the legitimate user’s active session without needing to re-authenticate. Relatedly, the ability for users to change cookies before continuing to browse can also introduce security vulnerabilities depending on how the server processes altered cookie data.
Explain one security or privacy issue related to HTTP cookies, focusing on privacy concerns regarding tracking and data sharing.
A key privacy issue with HTTP cookies stems from their use in tracking clients and building usage profiles. Servers can use cookies to remember your previous actions across multiple requests. If you later provide personal information to the server, it can then link that information to your previous actions tracked via cookies, potentially creating a detailed profile of your online behavior tied to your identity. Furthermore, servers can facilitate this tracking across different sites by sharing cookie information through use of a cooperating third party.
Explain one security or privacy issue related to HTTP cookies, focusing on the risk of sensitive information exposure.
A significant security/privacy issue arises when poorly designed sites store sensitive information like credit card numbers directly in cookie. While cookies are intended for purposes like maintaining shopping carts or authentication states, they are fundamentally just small pieces of text data stored client-side. Storing highly sensitive personal or financial information directly and unencrypted within a cookie makes that data vulnerable if the user’s computer or the cookie file itself is compromised.
