Cookies can do a lot more than just track your web browsing activity. Now it appears that hackers have found a way to steal your passwords too.
What are computer cookies?
A cookie is a tiny file that websites store on your computer. They are normally perfectly harmless – and quite useful too. In fact, many of the websites you use every day rely on cookies to work properly.
What are cookies used for?
Cookies were designed to be a reliable mechanism for websites to remember information or to record the users browsing history. These tiny text files can be used for storing login information, credit card information and help advertisers show ads they think will be relevant to your preferences.
Cookies can be useful, saving time to type in previously visited website login information for instance. Cookies do not directly display passwords, instead they contain a hash that stores your password. When a password has been hashed, it has been scrambled so only the website it came from can read it. The website uses a unique encryption algorithm to encode and decode the hash.
Why do hackers want your cookies?
Normally hackers love to steal passwords, but stealing your cookies may be just as good. By installing your cookies with hashed passwords into their web browser, the criminal can immediately access your account, no login required.
Your cookies can be used to easily compromise social media, email and many other services.
How do hackers steal cookies?
If hackers can access your computer or your network, they can probably steal your cookies. Sometimes they can steal them directly from an insecure webserver too.
People are getting smarter about protecting their computers against malware, by installing a reputable anti-malware solution for instance (you can download a free Panda Dome trial here). As a result, criminals are having to resort to more advanced techniques, like stealing information passing through public WiFi networks.
All a hacker needs to hack your cookies is a Firefox extension called Firesheep. Firesheep is an extension that uses a technology to detect and copy cookies that are sent sent over a wireless network. As the extension discovers cookies, it creates a list on the hacker’s computer. They can then simply click on the cookies, and it logs into the website as the unsuspecting user.
What can I do to protect my cookies?
A simple but effective way to stop hackers from stealing your personal information is to simply clear cookies on a regular basis. Experts recommend doing this every 7 to14 days. They also advise never storing credit card information on a site unless it is trusted. Deleting cookies does have one drawback however – you will have to re-enter passwords and personal information next time you logon to a website. This may be inconvenient and annoying, but it is also much safer in the long run, protecting you against cookie theft.
And if you have problems remembering lots of passwords, consider using a password manager to keep them safe and secure for you. Take a look at our guide How To Protect Your Password and Keep Hackers Away to learn more.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
Panda Free Antivitus
FREE TECHNICAL SUPPORT
