Are Browser Cookies Bad?

Are Browser Cookies Bad?

Browser cookies are an interesting topic, because it seems that anyone who knows anything about them has an opinion. Privacy-minded folks probably won’t give them a good review. Online merchants will tell you they’re invaluable. Most people probably fall somewhere in the middle.

If you don’t know much about browser cookies, read on for a brief description of what they are, what they can do, and what to look out for.

What is a browser cookie?

Browser cookies (AKA “cookies”, or “web cookies”) are text files that reside on your computer. Cookies get onto your computer by visiting a website that sets a cookie on your machine. A browser cookies lifetime can be updated by the website that sets the cookie, but as a user, you can always delete cookies at will through your web browser.

What kind of websites use browser cookies (and why)?

Any type of website can use cookies. If you’ve ever been to sites like Google, eBay, or Amazon then your computer has received a cookie. Some sites use cookies to keep track of preferences, such as what color you want a theme to be, or if the login mechanism should remember your username so you don’t have to keep typing it in. A cookie can also be used to keep track of what’s in your online shopping cart so the website can check you out faster or suggest other items you may be interested in.

Since anything that can be described in text can be set in a cookie, the possibilities are endless for what can be put in a browser cookie. The results are in a key=value format, but the key and value are determined by whomever writes the code, so they can be anything; the content can even be encrypted if the developer wants it to be.

What concerns should I have regarding browser cookies?

Can a browser cookie infect you with a virus or spyware? No, not directly. Browser cookies aren’t executable like software programs; they’re just text files. However, they can be used to track things you see, click on, etc. and are therefore technically a privacy concern. If you are concerned with remaining completely private and anonymous on the Internet, cookies probably won’t be your favorite topic.

Even though browser cookies themselves can’t cause problems, cookies can be used as part of the overall process in a malicious scheme. Cookie hijacking, where a third party intercepts your browser cookies on a non-secure connection, is a possibility, and that can lead to things like spyware and loss of privacy.

Are browser cookies bad? Are browser cookies good?

The answer, it seems, depends on many factors. Who (or rather, what website) wrote the cookie? What are they using it for? Is the information kept for use by the site only, or is tracking data passed to third parties? Does the website require cookies for the site to function? Does the website put sensitive information about you or your browsing session in the cookie data?

You can crack open any cookie on your machine to view the contents (remember: they’re just text files), so if you’re really concerned about what’s in a particular cookie, check them out in your browser and see what’s going on. Most cookies are pretty safe, especially those from the Amazons and eBays of the world, but you never know until you start poking around. If you’re really concerned, just be sure to keep your antivirus and/or antispyware software up-to-date and be careful about where you’re surfing. If you do those things, chances are pretty good you’re going to be OK.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

8 Character Passwords Are So 2009.

8 Character Passwords Are So 2009.

There’s a really interesting article from Georgia Tech that talks about how the advanced computing power that’s readily available today may actually be making password length an even more important factor for creating a secure password. Using graphics processors, researchers are able to quickly, and cheaply, break 8 character passwords in a matter of hours. From the article:

Georgia Tech researchers are investigating whether this new calculating power might change the security landscape worldwide. They’re concerned that these desktop marvels might soon compromise a critical part of the world’s cyber-security infrastructure — password protection.

We’re big proponents of secure passwords here at StopSign, so this story really spoke to us. It confirms that any password less than 8 characters in length is pretty much useless, and even 8 character passwords are now not exactly cutting edge. The new recommendation for the total number of characters in a password? The article says:

…any password shorter than 12 characters could be vulnerable — if not now, soon

Brute force attacks on passwords that are 12 characters would currently take approximately 17,134 years, while an 11 character password would take around 180 years. It’s amazing what one character difference can make.

As usual, we recommend not only longer passwords, but also that you use a mix of uppercase and lowercase letters, as well as other characters and symbols such as the asterisk (“*“), hash sign (“#“), ampersand (“&“), and the like. Doing so will greatly increase the time it takes to break your password. For more on creating strong passwords, check out our article “12 Tips for Making a Good Password.“.

Image courtesy of Georgia Tech, taken from a screenshot of their website

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

Who Do You Trust?

Who Do You Trust?

There are millions of websites online and many of them offer things you can buy, download, or receive by some method. They’ve got the stuff, and you want the stuff, but you’re worried that somehow/someway your info will get leaked out. So how do you know who you can trust with your personal information or credit card numbers?

One good way to determine who you can trust is by checking the website for trust, verification, or privacy seals/certificates from trusted third-party sources. There are companies out there whose job is vetting company’s and websites and ensuring that they are safe, secure, and legitimate. In most cases the seal/certificate will be a link back to the issuing company with details on who they are, what they do for the original site you clicked on, and what level of trust or security you can place on the site.

There are many options when it comes to third-party accreditation or authentication, but here are some of the more popular options: (Disclaimer)

  • Verisign:

    According to their website, “VeriSign is one of the most trusted and recognized brands on the Internet (Synovate/GMI research, September 2009)”, and the VeriSign Trust™ Seal is a widely-recognized program for monitoring sites for malicious software and website authentication.

  • BBB Online:

    A long-time favorite of consumers, the Better Business Bureau is one of the most widely trusted third party organizations that vets businesses. The BBB uses their own Standards of Trust as a “comprehensive set of policies, procedures and best practices focused on how businesses should treat the public – fairly and honestly in all circumstances.”

  • TRUSTe:

    As noted on the TRUSTe website, “For over a decade, TRUSTe’s online privacy services and trustmarks have enabled businesses to strive for the highest standards in online privacy and customer satisfaction.”

A seal or certificate from any of the aforementioned companies would be a good indicator of trust, as long as there’s a legitimate relationship between the site and one of the 3 companies listed above. Before you go entering your credit card number or other personally-identifiable information, be sure to click on those seals and certificates to make sure the website is actually part of their program. It’s easy to put up a picture of the seal/certificate with no real affiliation with the third party site, so be sure to do your own check first.

StopSign uses Verisign’s services and is also an accredited BBB company.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.

How to Avoid Craigslist Scams

How to Avoid Craigslist Scams

Gently used clothing, bartered services, even free books and bicycles… these are all commonly found deals you can luck into on Craigslist, one of the worlds most popular (mostly) free online sites for classified ads. But just like with any other popular website, the unscrupulous use Craigslist to scam folks looking for a great deal.

With all of the items and services being sold, bought, bartered, or advertised, there’s a lot of temptation for an e-crook to use Craigslist to scam people out of their hard earned cash. Luckily avoiding Craigslist scams mostly falls under common sense, but there are plenty of tricky grifters out there, so watch out!

To help you avoid scams on Craigslist, we’ve written down some of the commonly used tactics used by alert buyers and sellers to avoid hassles with scams. Hopefully these tips will help you avoid a big headache, too.

  • Meet Face To Face:

    Keeping things in the real world vs. on the Internet of via snail mail will help make sure that you actually get what you paid for. And this tip leads us to…

  • Locals Only:

    Only buy/sell from/to someone who is close enough to you that you could arrange to meet in a public place. Choose someplace like the parking lot of a grocery store or a department store, and only meet during the daytime. There’s no sense in letting a stranger know where you live and into your house just to save a buck on gas.

  • Cash Only:

    If you’re selling something, make sure to ask for cash only. Wire transfers and checks can be faked, but cash in hand is much harder to scam with.

  • Avoid 3rd Party Services:

    Many online escrow services are well-known to be run by scammers, so keep things nice and simple. If you’re dealing with someone who insists on using an online escrow service, save yourself the hassle of a headache and look for a new person to deal with.

For more details on Craigslist scams, check out the official word from Craigslist on their “about scams” page.

If you're looking for great anti-virus software that won't break the bank, try StopSign. You don't pay extra for tech support for difficult malware, and our web protection software just works. Download & install StopSign to find out why our members choose us over the other options.