1SANS Technology Institute - Candidate for Master of Science Degree 1
Assessing Privacy Risks of Flash Cookies
Kevin Fuller and Stacy JordanFebruary 2011
Joint Written Project
SANS Technology Institute - Candidate for Master of Science Degree 2
Objective
• Provide an overview of http and flash cookies
• Describe the problem with storing flash cookies
• Provide tools that will detect, manage and analyze flash cookies
SANS Technology Institute - Candidate for Master of Science Degree 3
What are Cookies?
• Cookies! Cookies everywhere!
• What are cookies?• Text file of information• Tells website you are you (HTTP
cookie)• Keeps you logged into your website• Your Internet “ID card”
SANS Technology Institute - Candidate for Master of Science Degree 4
So What’s The Problem?
• Cookies can store a lot of information– Name, address phone number– Websites visited, Webpages viewed– Account logon IDs, passwords– On and On and…..
• All happening without the users knowledge or permission
SANS Technology Institute - Candidate for Master of Science Degree 5
The Cookie Cold War
• Advertisers and e-tailers– Targeted advertising– Gather your info and sell it to
customers• Privacy and Internet Security
Advocates– Features to block and delete cookies – Software to manage cookies– Laws and rules to aid Internet users
SANS Technology Institute - Candidate for Master of Science Degree 6
The Advertisers' Response?
Flash Cookies!!• They hold more information (100k+ vs 4k)• They can have no expiration date • They cannot be handled by existing
cookie management technologies• Re-Spawning!!• They can do more to control your
computer• Trojan-like behavior
Flash Cookie
• Super Cookie– Component
of Adobe Flash Player
• Local Storage Object
• Three Types– Master Cookie– Settings Cookie– Content Cookie
• Stored in a different location
SANS Technology Institute - Candidate for Master of Science Degree 7
How Much Information?
Common Information Like:Name, UserID, websites accessed, general location and purchases
More Personal Information Like:Home address, sexual preference, health conditions, financial information
Settings Information Like:Allowing other domains access to cookie Allowing third party access to cookieCamera settingsAudio and video settings
SANS Technology Institute - Candidate for Master of Science Degree 8
Risk and Response
• Risk– Privacy– Trojan?– Malicious
• Response– Legal Pressure– New Rules– Industry Self Regulation?
SANS Technology Institute - Candidate for Master of Science Degree 9
Private Browsing Mode
• Internet Explorer– In-Private Browsing
• Safari– Private browsing
• Google– Incognito
• Firefox– Private browsing– New RulesSANS Technology Institute - Candidate for Master of Science Degree 10
SANS Technology Institute - Candidate for Master of Science Degree 11
How to Find Flash Cookies
• The use of DIR command with command line switches can find flash cookies
Simple Detection and Deletion
• Flash Cookies Cleaner
• Flash Cookie Cleaner
SANS Technology Institute - Candidate for Master of Science Degree 12
Managing Flash Cookies
•Adobe Flash Player Settings Manager
SANS Technology Institute - Candidate for Master of Science Degree 13
• Maxa Cookie Manager
• CCleaner
SANS Technology Institute - Candidate for Master of Science Degree 14
Analyze Flash Cookies
•Edit Plus: can convert flash cookie data into hexadecimal(HEX) format
•SOLCAT: Perl tool created by Kristinn Guidjonsson to parse flash cookie created in Action Message Format 0 (AMF0)
•Galleta: forensic tool created by Keith Jones that will recreate Internet History
SANS Technology Institute - Candidate for Master of Science Degree 15
Analysis of In-Private Browsing Session
• Tools used for analysis– CCleaner– NetAnalysis
• Results of Analysis– No flash cookies were
saved– Other files were saved
that could be used to trace Internet activity
SANS Technology Institute - Candidate for Master of Science Degree 16
Browser Plugins
• Mozilla Firefox– Better Privacy– Tracker Scan
• Google Chrome– Click and Clean
SANS Technology Institute - Candidate for Master of Science Degree 17
The (Near) Future
• NPAPI ClearSiteData– Integrated flash cookie deletion– Google and Firefox
• Adobe Flash Player Settings Manager– Integrate it into client Flash Player
• Internet Explorer 9– Tracking Opt Out feature
SANS Technology Institute - Candidate for Master of Science Degree 18
Summary
• Cookies provide a treasure trove of information concerning Internet browsing habits
• As a result, companies that collect information need to protect the data
• Variety of tools are available to detect, manage and analyze flash cookies
• In the future, browsers will have new features to better protect from tracking