Opening any site, the first thing one will probably see is an emerging use notice cookies.
It is usually given the option for the user to accept all cookies, to accept only the necessary or to reject them completely. Whatever the choice you make, you probably won’t notice any difference and the notice disappears from the screen.
With every visit to a site, this sends a cookie to the browser. This is a small text file containing data for you, your system and the actions you have done on the site.
Your browser stores this data on your device and sends it back to the server every time you return to the site. This simplifies your interaction with the site: You do not have to connect to each page separately.
Sites remember your appearance settings, online stores keep the products in your cart, the Streaming platforms They know which episode you stopped watching – the benefits are countless. Cookies can store your username, password, personal information, phone number, home address, bank details and session ID.
The session ID is a unique code attributed to each user when connected to a website. If a third party manages to steal This code, the server will consider it a legal user. A simple example: Imagine you can enter your office with an e -card that has a unique code. If someone steals your card, the thief – whether you look like or not – can open any door you have access without problems. In the meantime, the security system will believe that you are. Is it reminiscent of a scene from a police series? In 2023, hackers gained access to all three YouTube channels of the well -known Tech Blogger Linus Sebastian – “Linus Tech Tips” and two other Linus Media Group channels with tens of millions of subscribers – and did it exactly that way.
Cookies can be classified according to the time and way of storing, their origin and importance. Session cookies are used only while you are on the site and erased as soon as you leave. Persistent cookies remain on your device after departure and usually last about a year. First-party cookies are created by the site itself, while third-party cookies are collected from external platforms. The necessary cookies support basic features of the site, while optional cookies are used to monitor users’ behavior and personalization of ads. Specific types, such as supercookies and evercookies, store data in non -conventional ways that allow them to avoid deleting or be restored through javascript.
How to stay safe
Cookies containing session ID are the most tempting goals for hackers. The theft of a session ID is known as session hijacking. Session sniffing occurs on http sites instead of https, allowing malicious perpetrators to steal traffic and export cookies. Cross-site Scripting (XSS) allows attackers to introduce malicious scenarios on a site, gaining full access to cookies. The Cross-Site Request Forgery (CSRF) deceives a certified user’s browser to perform actions unknowingly. Session IDs that are predictable can be “bypassed” if the sites produce them with weak algorithms. Other methods include Session Fixation, Cookie Tossing and Man-in-the-Middle attacks.
However, there are things we can all do to stay safe on the internet and Kaspersky gives some tips …
- Enter Personal Data Only on Websites Using HTTPS Protocol. If you see ‘http’ on the address line, do not accept cookies and do not share sensitive information such as usernames, codes or credit card details.
- Pay attention to browser notifications. If you see a warning for an invalid or suspected security certificate when you visit a site, close the page immediately.
- Regularly update your browser or turn on automatic updates. This protects you from possible security gaps.
- Regularly clean the cookies and cache (cache) of the browser. This prevents the exploitation of cookies and session files that may have leaked. Most browsers have a setting for automatic deletion of this data when you close it.
- Do not follow suspicious links. Especially those you receive from strangers through messages or email applications. If you find it difficult to distinguish a safe from a phishing link, Kaspersky Premium may warn you before visiting malicious sites.
- Turn it on two -factor authentication (2FA) where possible. Kaspersky Password Manager can help you store your 2FA codes and create unique temporary codes. This synchronizes them on all your devices, making it much more difficult to access an attacker to your account after the session expires – even if your session ID is stolen.
- You reject acceptance of all cookies on all sites. Acceptance of all is not the best strategy. Many sites now offer the option of accepting all or only the necessary cookies. Whenever possible, you choose ‘only necessary cookies“, As this is what the site needs to work properly.
- Log in to public networks Wi-Fi only as the last solution. They usually have inadequate protection, something that attackers exploit. If you need to log in, avoid entering social networks or messaging applications, use e -banking or access to other certification services.