Jason Levine
Premium
join:2001-07-13
USA
| reply to mziemba
said by mziemba  :
Now my dad is all pissed off be cause I'm visiting all of these sites that are hacking into me. Yes you read that right. By simply visiting a website I can be hacked because of the cookies. Cookies can do EVERYTHING according to my dad.
Let me guess: He probably thinks that sites can also read your e-mail address via cookies and then spam you.
It really is a shame that people overreact so much to cookies. They really aren't much of a threat. The worst that can be done with cookies is that a banner ad network can track which sites you've been to via 3rd party cookies. Disable 3rd party cookies or delete their cookies, and all that information is lost.
As far as hacking "through" cookies goes, cookies are just plain text files. A website (for example, BBR) will store a cookie on your hard drive containing some information (for example, your username/password) that it will need later. This information is stored in plain text and can only be accessed by the website that stored it. (Security holes notwithstanding.)
Any hacker that is trying to gain access to your system won't do it by writing a small text file to your computer. They'll do it by trying to get you to run a program, become infected with a virus/worm, visit a site with malicious ActiveX content, or exploit a security hole that you haven't patched. Cookies are useless for hackers attempting to gain entry. Of course, once a hacker gains access to your system, all bets are off and they might read your cookies to get some personal information that is stored there.
said by mziemba :
(P.S. I'm willing to bet anyone $100 when I show him this he'll say "See you just gave out more of our information. you told them our router and now they can do more hacking!")
I won't take that bet. I know about controlling fathers who don't know much about technology. (Or rather, know just enough terminology to be dangerous.) 
I agree that any information that you show him will be quickly written off as not proving him wrong. I'm a big proponent for educating users who don't know much, but, unfortunately, there are some people in this world that you just can't reason with. They think they know everything there is to know and any evidence to the contrary must be mistaken. With these folks, it's sometimes best just to either nod and then do your own thing. Either that or have some fun with their mis-understanding of technology. ("Yes, it turns out that the hacker tried to come in through the cookie, but luckily I was able to inject some JavaScript into his system via the TCP port in the nick of time." )
--
-Jason Levine
http://www.jasons-toolbox.com/
http://www.PCQandA.com/
http://www.urateit.com/ |
·
