Browser Cookies:Truths & Myths

Browser cookies are very common – you probably have hundreds or even thousands stored in your browser right now.

Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders.  Another way to think of this is that a cookie is a message given to a web browser from a web server that is then sent back to the web server whenever the browser requests a page from it. Cookies are used to identify users, store shopping cart information, and prepare customized web pages that utilize user information. The cookie may be used to remember a username, for example, so that the name will auto-fill on the user’s next visit. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions.The website stores a corresponding file(with same ID tag)to the one they set in your browser and in this file they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address.

Cookies only contain bits of text, not anything else. The text can be a user ID, session ID, or any other text. For example, web pages can be configurable – a web page could have a Hide link that hides a certain element on the page. The page can save this setting on your computer with a cookie. When you load the page in the future, the page can examine the cookie and automatically hide the element.

Cookies are an important browser feature – if you disable cookies, you’ll find yourself unable to log into websites. If you clear your cookies, you’ll be logged out of all websites and websites won’t remember any settings you’ve changed on them. 

Your web browser stores and manages cookies. You can find a list of websites storing cookies and view the cookies themselves – although it’s usually not interesting to look at the content of the cookies – in your browser’s settings. If you use multiple web browsers on your computer, each browser has its own set of cookies.

Websites are only allowed to look at their own cookies – for example, when you visit Coolhackingtricks, we can’t examine cookies from other websites. This prevents malicious websites from snooping and stealing your login sessions.

While cookies have important, good uses, they also have more questionable uses.Cookies may be disabled, or cookie options customized, due to privacy concerns and the risk of some cookies being used as spyware. It should be noted that because cookies are not executable files, they cannot be considered viruses as they do not have the ability to replicate. However, We’ve recently been hearing about tracking cookies and laws in the European Union forcing websites to explain their use of cookies to their visitors. 

There are various kinds of cookies depending upon their implication. Session cookies last only for as long as a user is on a website; they expire after the browser window is closed or the session times out. Persistent cookies (also known as tracking cookies) remain active for a period of time on a user’s machine and are used whenever the website is accessed. Secure cookies are used when accessing a website via HTTPS and are encrypted for greater safety. We might have issues with Persistent cookies in some cases.

Pros of Cookies

• Cookies store your login state. Without them, you wouldn’t be able to log into websites. Websites use cookies to remember and identify you.

• Cookies store preferences on websites. You couldn’t change settings and have them persist between page loads without cookies.

• Cookies allow websites to provide personalized content. For example, if you’re shopping on Amazon, Amazon can remember the products you’ve browsed and recommend similar products – even if you’re not logged in.

Cons of Cookies

As we’ve seen, cookies have a number of very important uses. The web wouldn’t be what it is without them today.

However, cookies can also be used for more annoying purposes. Advertising and tracking networks use tracking cookies to track you across the web. When you visit website that uses scripts from an advertising network, that network can set a cookie in your browser. When you visit another website that uses tracking scripts from the same network, the advertising network can check the value of your cookie – it knows the same person visited both websites. In this way, the advertising networks track you across the web.

This information is used to target ads to you – for example, if you search for car insurance and later visit a news website, you may see advertisements for car insurance on the news website. The advertisements may not be related to the website you’re currently on, but they will be related to the websites you were visiting before. Depending on the advertising network, you may be able to opt out of this – as with the Google ads preferences page, which also shows the advertising categories you’ve been assigned by Google based on the websites you’ve been tracked across. For eg, we have been also featuring google ads on our page. So while reading our post, you are seeing ads of only those sites similar which you generally visit on your browser. If your wife/husband is using your device, the page will only show ads related similar to the websites visited by your wife/husband!

How to view/control cookies on my Web browser?

We will see this for few browsers as below:

Chrome

1. From the Chrome menu in the top right corner of the browser, select Settings.

1. At the bottom of the page, click Show advanced settings....

1. Under Privacy, select Content settings....

• To manage cookie settings, check or uncheck the options under "Cookies".

• To view or remove individual cookies, click All cookies and site data... and hover the mouse over the entry. Select the X that appears next to the cookie to remove it.

• To delete all cookies, click All cookies and site data... and select Remove all.

Firefox

1. From the Tools menu, select Options.

1. At the top of the window that appears, click Privacy.

• To manage cookie settings, from the drop-down menu under "History", select Use custom settings for history. Enable or disable the settings by checking or unchecking the boxes next to each setting:

• To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.

• To accept third-party cookies, check Accept third-party cookies. In the "Keep until:" drop-down menu, select the time period you wish to keep cookies on your computer.

• To specify how the browser should clear the private data it stores, check Clear history when Firefox closes. Click Settings.... Check the items to be cleared when you close Firefox.

• To view or remove individual cookies, click remove individual cookies.

• To remove all cookies, from the History menu, select clear your recent history. Click the arrow next to "Details" to expand the menu, check the items you want to clear, and then click Clear Now.

Internet Explorer

Note:

On January 12, 2016, Microsoft ended support for Internet Explorer versions prior to version 11 . We strongly recommend that you upgrade to a new operating system if your current system does not support Internet Explorer 11.

1. From the Tools menu, or the Tools drop-down at the upper right, select Internet Options.

• To manage cookie settings, select the Privacy tab and click Advanced. To override the automatic cookie settings, click Override automatic cookie handling and then make your selections using the radio buttons.

• To view or remove individual cookies, select the General tab. Under "Browsing history", click Settings. Select either View objects or View files.

• To delete all cookies, under "Browsing history", click Delete.... Check Cookies and then click Delete.

1. If the menu bar is hidden, press Alt to make it visible.

This content is adapted from Microsoft Help and Support article 278835.

Search Microsoft Support.

Safari

Note: To determine the version of Safari you're using, from the Safari menu, select About Safari.

Safari 5.1 and later

1. In Safari, from the Safari menu, select Preferences....

1. In the Safari preferences window, click Privacy.

• To manage cookie settings, next to "Block cookies", select From third parties and advertisers, Always, or Never.

• To view or remove individual cookies, click Details.... Select the cookie to delete and click Remove.

• To delete all cookies, select Remove All Website Data... In the window that appears, select Remove Now.

Safari 5.0.x and earlier

1. In Safari, from the Safari menu, select Preferences....

1. In the Safari preferences window, click Security.

• To manage cookie settings, next to "Accept Cookies:", select Always or Only from sites you navigate to. To disable cookies, select Never.

• To view and delete individual cookies, click Show Cookies. In the sheet that drops down, you can browse the list of cookies on your computer.

• To delete all cookies, click Show Cookies. In the window that appears, select Remove All.

Generally, above browsers are used by the people around the globe. In case you are using other browser, a little tweaking with the settings will find you the solutions.

To understand jovascript cookies and design them, you might want to visit our partner site https://www.w3schools.com/

Please get back to us with your queries, suggestions or concerns by replying to this post.

And folks, please keep liking our facebook page Hacknstuff

Safe internet banking & internet banking security protocols

In the age of the Internet and Mobile devices, everything is getting going digital, whether it is shopping or even Banking. More and more customers do their day to day transactions using a mobile app of their bank, merchant transactions done through Apple Pay or transferring funds with the help of numerous P2P transfer apps like PayPal. Everyday, a new banking appliction is born bragging its uniqueness. The uses are unlimited, the versatilty have no boundaries and many people are sometimes confused whether this technological advancement out their hard earned money at risk!

The question begs, is all this safe?

Yes and No.

Yes, because there are numerous safeguards in place by the banks and other financial organizations to prevent fraud, theft and other mischievous activities online. There are more complicated passwords, multiple levels of confirmation & identification that generally ensure that your financial capital is safe.

No, because even despite of all this, nothing, and I mean nothing in the financial world or any other world for that matter is 100% safe.

Hackers, cyber criminals and other mischievous lot try and steal/fraud their way into people's capital.
Lets asesse all the posibilities, all the issues that are at our in front of us and how do we deal with them. Below are the do's to ensure that this doesn't happen to any of us:

1. Access your bank website only by typing the URL in the address bar of your browser.

2. Choose an account with two factor authentication. Try to get a bank account that offers some form of two factor authentication for online banking. You might have also heard about extended Validation SSL in this regard. Extended Validation SSL Certificates give high-security web browser information to clearly identify a website's organizational identity. For example, if you use Microsoft Internet Explorer 7 to visit a website secured with an SSL Certificate that meets the Extended Validation Standard, IE7 will cause the URL address bar to turn green. A display next to the green bar will toggle between the organization name listed in the certificate and the Certificate Authority (VeriSign, for example). Firefox 3 also supports Extended Validation SSL. Other browsers are expected to offer Extended Validation visibility in upcoming releases. Older browsers will display Extended Validation SSL Certificates with the same security symbols as in the existing SSL Certificates.

3. These days many, but not all, banks offer a small device that can be used to generate a unique code each time you log in. This code is only valid for a very short period of time and is required in addition to your login credentials in order to gain access to your online account.

4.Create a strong password. If your bank requires a user-generated password in order to access online accounts make sure you choose one that is strong. The best way to achieve this is by making it long and a mix of upper and lower case letters, numbers, and special characters. Always avoid using any common words or phrases and never create a password that contain your name, initials, or your date of birth. If your bank allows it, change your password every few months. When setting up online banking, if your bank asks you to provide answers to some standard security questions remember that the answer you give doesn’t have to be the real one. So you don’t have to answer “Thumper” to the name of your first pet – make it something else, as if it was a password. Use a password manager if you are concerned about how to remember everything!

5. Be aware of downloading any malicious application from mobile application stores (Google Playstore, Apple App Store, Blackberry App World, Ovi Store, Windows Marketplace etc) that are offering Online Banking. Check their authenticity before downloading, by contacting your Bank.

6. Secure your computer and keep it up-to-date. Security software is essential these days, regardless of what you use your computer for. As a minimum, make sure you have a firewall turned on and are running antivirus software. This will ensure you are protected from Trojans, keyloggers and other forms of malware that could be used to gain access to your financial data. You’ll also want to keep your operating system and other software up-to-date to ensure that there are no security holes present.

7. Do not click on any links in any e-mail message to access the site. No financial institution worth their salt will send you an email asking you to provide any of your login details. If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may well be a phishing attempt to trick you into handing your credentials over.

Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to ‘your account’ they will steal your username and password and, ultimately, your cash. It is always safer to access your online bank account by typing the address into your browser directly. Also, be aware of unsolicited phone calls that purport to be from your bank. While your financial institution may require you to answer a security question, they should never ask for passwords or PINs (they may ask for certain letters or numbers from them, but never the whole thing). If in doubt, do not be afraid to hang up and then call your bank back via a telephone number that you have independently confirmed as being valid.

8. A bank/financial institution never sends you email/SMS or calls you over phone to get your personal information, password or one time SMS (high security) password. Any such e-mail/SMS or phone call is an attempt to fraudulently withdraw money from your account through Internet Banking. Never respond to such email/SMS or phone call. Please report immediately on report dot phishing at sbi dot co dot in if you receive any such e-mail/SMS or Phone call. Please lock your user access immediately, if you have accidentally revealed your credentials.

9. Do not be lured if you receive an e-mail/SMS/phone call promising reward for providing your personal information or for updating your account details in the bank site.

10. Access your accounts from a secure location. It’s always best practice to connect to your bank using computers and networks you know and trust. But if you need to access your bank online from remote locations you might want to set up a VPN (Virtual Private Network) so that you can establish an encrypted connection to your home or work network and access your bank from there. Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with ‘https’. Both act as confirmation that you are accessing your account over an encrypted connection.

11. Always log out when you are done. It is good practice to always log out of your online banking session when you have finished your business. This will lessen the chances of falling prey to session hijacking and cross-site scripting exploits. You may also want to set up the extra precaution of private browsing on your computer or smart phone, and set your browser to clear its cache at the end of each session.

12. Set up account notifications (if available). Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent. Such alerts could give quick notice of suspicious activity on your account.

13. Monitor your accounts regularly.It should go without saying that monitoring the your bank statement each month is good practice as any unauthorised transactions will be sure to appear there. But why wait a whole month to discover a discrepancy? With online banking you have access 24/7 so take advantage of that and check your account on a regular basis. Look at every transaction since you last logged in and, if you spot any anomalies, contact your bank immediately.

The above tips should go a long way to ensuring that you enjoy the advantages offered by online banking without experiencing any of the pitfalls.

Now, lets look at below precautions which will improve your internet security: Newer version of Operating System with latest security patches. Latest version of Browsers (IE 7.0 and above , Mozilla Firefox 3.1 and above, Opera 9.5 and above, Safari 3.5 and above, Google chrome,etc.)

• Firewall is enabled.
• Antivirus signatures applied.
• Scan your computer regularly with Antivirus to ensure that the system is Virus/Trojan free.
• Change your Internet Banking password at periodical intervals.
• Always check the last log-in date and time in the post login page.
• Avoid accessing Internet banking accounts from cyber cafes or shared PCs.
• After you have logged in, you will not be asked to provide your username and login password again. Also, you will not be asked to provide your CREDIT or DEBIT CARD details while using internet banking. If you get a message (such as through a pop-up) asking for such information, please do not provide this information no matter how 'genuine' the page appears to be. Such pop-ups are most likely the result of malwares infecting your computer. Please take immediate steps to disinfect your device.
• When logging into your netbanking, a lock sign appears before the adreess in the address bar. Also, the address must start with https and not http."S" means that the page is secured in general.

Hope we have covered all the points related to internet bank safety and security in general. In case you have got any more information, we welcome you to share your thoughts.