Wednesday, May 26, 2010

Do You Like Being Flashed?

The second of my posts on cookies (the first is available here) addresses Flash cookies.  These are a lot less well known as compared to HTML cookies and are in many ways a lot sneakier.  HTML cookies, as per my previous post, are relatively easy to stop using one of a few methods and are easy to clean out from your browser of choice.  Flash cookies, well, aren't.

Now, anyone who pays any attention to computer security knows that Adobe isn't well known for having secure products - Flash and Adobe Reader are two of the most common sources of vulnerabilities in modern computers.  Now we can add Flash cookies to the legion issues that Adobe products have (which - I'm *sure* is why Apple hates them so much - if it weren't for Adobe, Apple would be far and away the leader in insecure software releases).

I'm not going to repeat information that's already available - have a read of this post from August 2009 and also this post from October 2009 (updated in Mar 2010) for some background information and ways to address this issue.

Basically, Flash cookies can be (and are) used to reinstate some HTML cookies after you delete them - this is poor form.  Sneaky and poor form.  Make sure you have a read of the comments to these posts to learn more than is contained in the posts themselves.

So, as well as the relatively easily handled HTML cookies, you should also be aware of - and wary of - the Flash cookies that may well be stored on your computers.


The Outspoken Wookie

No comments: