Assessing Privacy Risks of Flash Cookies

1SANS Technology Institute - Candidate for Master of Science Degree 1

Assessing Privacy Risks of Flash Cookies

Kevin Fuller and Stacy JordanFebruary 2011

Joint Written Project

SANS Technology Institute - Candidate for Master of Science Degree 2

Objective• Provide an overview of http and

flash cookies • Describe the problem with storing

flash cookies • Provide tools that will detect,

manage and analyze flash cookies


What are Cookies?

• Cookies! Cookies everywhere!

• What are cookies?• Text file of information• Tells website you are you (HTTP

cookie)• Keeps you logged into your website• Your Internet “ID card”


So What’s The Problem?

• Cookies can store a lot of information– Name, address phone number– Websites visited, Webpages viewed– Account logon IDs, passwords– On and On and…..

• All happening without the users knowledge or permission


The Cookie Cold War

• Advertisers and e-tailers– Targeted advertising– Gather your info and sell it to

customers• Privacy and Internet Security

Advocates– Features to block and delete cookies – Software to manage cookies– Laws and rules to aid Internet users


The Advertisers' Response?

Flash Cookies!!• They hold more information (100k+ vs 4k)• They can have no expiration date • They cannot be handled by existing

cookie management technologies• Re-Spawning!!• They can do more to control your

computer• Trojan-like behavior

Flash Cookie

• Super Cookie– Component

of Adobe Flash Player

• Local Storage Object

• Three Types– Master Cookie– Settings Cookie– Content Cookie

• Stored in a different location


How Much Information? Common Information Like:Name, UserID, websites accessed, general location and purchasesMore Personal Information Like:Home address, sexual preference, health conditions, financial informationSettings Information Like:Allowing other domains access to cookie Allowing third party access to cookieCamera settingsAudio and video settings


Risk and Response• Risk

– Privacy– Trojan?– Malicious

• Response– Legal Pressure– New Rules– Industry Self Regulation?


Private Browsing Mode• Internet Explorer

– In-Private Browsing• Safari

– Private browsing• Google

– Incognito• Firefox

– Private browsing– New RulesSANS Technology Institute - Candidate for Master of Science Degree 10


How to Find Flash Cookies

• The use of DIR command with command line switches can find flash cookies

Simple Detection and Deletion

• Flash Cookies Cleaner

• Flash Cookie Cleaner


Managing Flash Cookies

•Adobe Flash Player Settings Manager


• Maxa Cookie Manager

• CCleaner


Analyze Flash Cookies

•Edit Plus: can convert flash cookie data into hexadecimal(HEX) format

•SOLCAT: Perl tool created by Kristinn Guidjonsson to parse flash cookie created in Action Message Format 0 (AMF0)

•Galleta: forensic tool created by Keith Jones that will recreate Internet History


Analysis of In-Private Browsing Session

• Tools used for analysis– CCleaner– NetAnalysis

• Results of Analysis– No flash cookies were

saved– Other files were saved

that could be used to trace Internet activity


Browser Plugins

• Mozilla Firefox– Better Privacy– Tracker Scan

• Google Chrome– Click and Clean


The (Near) Future

• NPAPI ClearSiteData– Integrated flash cookie deletion– Google and Firefox

• Adobe Flash Player Settings Manager– Integrate it into client Flash Player

• Internet Explorer 9– Tracking Opt Out feature


Summary• Cookies provide a treasure trove of

information concerning Internet browsing habits

• As a result, companies that collect information need to protect the data

• Variety of tools are available to detect, manage and analyze flash cookies

• In the future, browsers will have new features to better protect from tracking

Assessing Privacy Risks of Flash Cookies

Documents

Transcript of Assessing Privacy Risks of Flash Cookies