What are the security risks involved in allowing cookies to be stored on your computer?

Expert Solution

Risks associated with storing cookies-

Cross Site Request Forgery Attack (XSRF)

A browser sends a cookie in response to a request, regardless of where the request came from. This is where the actual problem with cookies comes in. When a website receives a request, it cannot distinguish whether the action is initiated by the user or not. It looks for the cookie and, if the cookie is available, it deliberately performs the action as if the user initiated it.

Session Fixation

Session fixation attacks are based on application level. In this type of attacks, an attacker impels the user to use the attacker’s or another’s session ID. This can be done by using the cookie’s browser directive path, hence the user pretends to be someone else. Using this method, an attacker can urge the user to log in as the attacker on various application levels.

Cross-Site Scripting

In order to carry out a cross-site scripting exploit, an attacker has to place the exploit in a cookie. Then the exploit vector will fetch the payload from the cookie and the exploitation is carried out. This type of attack will become difficult if the cookie has already been set; in this case, the attacker has to control the first cookie in the cookie string and only then can the attack be carried out.

Rahul Sunny answered 1 year ago

What are the benefits and risks of being completely legal with green cards or allowing illegal’s...

What are the benefits and risks of being completely legal with green cards or allowing illegal’s to remain that have not begun the process to earn their green cards?

Which of the following is not a phishing technique? Installing cookies on your computer Sending fraudulent...

Which of the following is not a phishing technique? Installing cookies on your computer Sending fraudulent emails Creating fraudulent Web sites Hijacking and rerouting Web traffic If you were traveling abroad and needed to use some software that you did not currently have, and did not want to purchase, what type of software could you rent during this trip? Leasing Online Software and Services (LOSS) Software-as-a-Service (SaaS) Electronic Rental Software (eRent) Application Service Provider (ASP) What types of activities commonly...

Temporary cookies only are stored while the individual is on the website and are deleted after...

Temporary cookies only are stored while the individual is on the website and are deleted after they leave ("What is a cookie?"). Do you feel that since it is only kept for such a brief time it isn't worth diving into or do you feel like it would be a worthy option to consider rather than using no cookies at all ?

What are the differences and similarities between security, network security, and computer security in IT fields?

What are the differences and similarities between security, network security, and computer security in IT fields? Do the fields cover clearly delineated areas, or is there considerable overlap? Would you say that one of these areas is more technical than the other two?

12. What is the swiss cheese model for security? Explain to your employees the risks of quality vulnerabilities.

Congratulations! You are the CEO of GE. GE company culture is all about quality and process improvement!You are leading a company meeting where you need to convince and inspire your employees that Quality Systems will be the tools to market your Brand and skyrocket your revenue.12. What is the swiss cheese model for security? Explain to your employees the risks of quality vulnerabilities.13. What is the Domino effect? Explain to your employees how one quality issue escalates to several company...

Considering the information stored in the Sports Physical Therapy database, what security measures are important?

how privacy, security, and ethics in computer system changed your life?

With respect to the C.I.A. and A.A.A. concepts, what risks are posed by computer viruses?

CIAConfidentiality - The avoidance of the unauthorized disclosure of informationIntegrity - The property that information has not be altered in an unauthorized wayAvailability - The property that information is accessible and modifiable in a timely fashion by those authorized to do soAAAAssurance - How trust is provided and managed in computer systemsAuthenticity - The ability to determine that statements, policies, and permissions issued by persons or systems are genuine.Anonymity - The property that certain records or transactions not to be...

Managing IT security and risks Information security is critical in the development and implementation of information...

Managing IT security and risks Information security is critical in the development and implementation of information systems in organizations. Assume that you are developing a customer relationship management system for Morita Loan, list five methods that you can use to protect the data in such a system and discuss how you can implement these five means for information security.

What role does password expiration play in computer security?

What role does password expiration play in computer security? Briefly explain a major advantage of password expiration, and briefly explain a major disadvantage.

Question