It is currently Fri Nov 22, 2024 8:49 am
The Evercookie
3 posts
• Page 1 of 1
The Evercookie
by Zancarius » Wed Sep 22, 2010 11:08 am
If you're paranoid about privacy on the Interwebs, things have just gotten a whole lot more interesting. Introducing the evercookie, a cookie that uses eight different mechanisms to recover cookie data after cookies have been removed, rebuilding the cookie from any single source that remains. It's really ingenious.
I gave that lich a phylactery shard. Liches love phylactery shards.
-
Zancarius - Site Admin
- Posts: 3907
- Joined: Wed Jul 05, 2006 3:06 pm
- Location: New Mexico
- Gender: Male
Re: The Evercookie
by Killemal » Wed Sep 22, 2010 2:16 pm
I'm not liking this so much. How is this a good thing?
-
Killemal - Retired Goon
- Posts: 272
- Joined: Sun Feb 03, 2008 1:54 pm
- Location: Boston Mass, Kid.
- Gender: Male
Re: The Evercookie
by Zancarius » Wed Sep 22, 2010 5:01 pm
That's basically the point, it's not.
However...
It does appear that disabling JavaScript (or using NoScript and some permutation of various anti-scripting addons--Chrome has a functionally equivalent one called NotScript) defeats the vast majority of these attacks, effectively reverting the browser back into the user's control. Furthermore, the Firefox 4 beta appears to clear all cache sources, honoring the user's directives, but 3.6.x appears to only clear the cache--not the HTML5 datastores or anything of the likes (unless you have scripting disabled, of course).
There are some points of interest in the Slashdot discussion on this. If you're interested in NotScript, you can find it here.
I agree. This is definitely not a good thing, regardless of what that site's author claims. This could clearly be misused, and I think there's some indication that the black hats and malware authors have already been using these techniques for a while. I sometimes (rarely) read black hat SEO blogs and the likes since it's appropriate to defeat their techniques in the software I write, so it might be worthwhile to check whether they're pushing something of this sort.
However...
It does appear that disabling JavaScript (or using NoScript and some permutation of various anti-scripting addons--Chrome has a functionally equivalent one called NotScript) defeats the vast majority of these attacks, effectively reverting the browser back into the user's control. Furthermore, the Firefox 4 beta appears to clear all cache sources, honoring the user's directives, but 3.6.x appears to only clear the cache--not the HTML5 datastores or anything of the likes (unless you have scripting disabled, of course).
There are some points of interest in the Slashdot discussion on this. If you're interested in NotScript, you can find it here.
I agree. This is definitely not a good thing, regardless of what that site's author claims. This could clearly be misused, and I think there's some indication that the black hats and malware authors have already been using these techniques for a while. I sometimes (rarely) read black hat SEO blogs and the likes since it's appropriate to defeat their techniques in the software I write, so it might be worthwhile to check whether they're pushing something of this sort.
I gave that lich a phylactery shard. Liches love phylactery shards.
-
Zancarius - Site Admin
- Posts: 3907
- Joined: Wed Jul 05, 2006 3:06 pm
- Location: New Mexico
- Gender: Male
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 56 guests