January 9, 2014All web browsers store cookies in plain text, or in databases, that can be read with the right tools. That requires local access to the system, which means that the chance of cookie data leaking is limited. Still, malicious software could pull the information from user PCs considering that cookie storage is usually linked to a single location on the system. If a computer is accessed by multiple people, one person might scan another’s cookie folder and look for things like passwords or long-life session IDs. If an attacker has the physical access to your system they can steal all your cookies easily to hijack accounts. There are many tools available on the Internet that can make it quicker and easier for an attacker to export all your cookies from the browser. The Google Chrome web browser saves cookies to a SQLite database file in the user’s data folder. One can import that file to SQL Editor Software to read all cookies in plain text format. Google’s open source project Chromium browser now has a new feature that encrypts stored cookies by default by the browser, whereas similar feature is already implemented in Chrome OS and Android OS. A recent change to Chromium has the consequence that all desktop versions of Google Chrome will encrypt stored cookies in the near future. The official desktop versions of Chrome browser will encrypt the browser cookies with 128-bit AES encryption before saving to the hard disk. If you share your PC, or do not use full disk encryption, then you may benefit from this new encryption of cookies.
We hear about the hackers who steal people’s sensitive information and often even their identities. So some of us decide to take action and employ some software to encrypt all inbound and outbound traffic from our computers. Nowadays there are several encryption programs that can provide a layer of security to the internet traffic of the user. Many people are not convinced or do not know about their necessity and their value. Business like banks and online retailer’s make internet transactions safe by implementing an encryption/decryption stage between the program one uses to access the internet and the server it connects to on backend. Let’s SSL and TLS in more detail. SSL (Secure Socket Layer) is the time tested security protocol for encrypting information that is sent across the internet. SSL has been replaced by the new but similar TLS (Transport Layer Security) and it is often used everywhere on the web for email, messaging, faxes, and file transmission. Typically data is encrypted using 1024-bit and 2048-bit RSA. In other words, it helps keep people from eavesdropping in on what you’re transmitting between your computer and the destination server. If you want an extra layer of security you need to encrypt you browser traffic and use a non-Operating System integrated browser like Firefox or Chrome. Encrypt Firefox traffic For this you will need an addon Visit the add-on’s website https://www.eff.org/https-everywhere Click the big blue button that says Encrypt the web Install https everywhere. Restart Firefox Firefox Tools > Add-ons Click the Extensions tab of the Add-ons window Then HTTPS-Everywhere Click the Options button Click Allow to give it permission. Enable All Encrypt Chrome traffic Same process is going to apply to Chrome and the addon is found at the same site https://www.eff.org/https-everywhere Your going to want encrypt you chrome Sync as well Go to...