10 Tips for Safer Browsing: Supercookies and New Dangers
From what your old copier says about you to your not-so-secret web tracks, security traps just keep on coming. CIO.com's Bill Snyder guides you through the newest minefields.
Mon, May 24, 2010
CIO — Who would have thought that a digital copier wasn't secure? And did you know that new technologies make it easier than ever to track your online trail? Keeping safe online used to be simple: Use anti-virus software. Not any more. There's a whole new generation of threats to your online security and privacy. We'll look at some of the newest tricks the bad guys have cooked up, and give you 10 tips to help foil them.
You wouldn't (or at least I hope you wouldn't) toss your bank statements or health records into the recycling bin without shredding them. But if you throw out higher-end multi-function printers without removing the hard drives, you're asking for trouble, says Kevin Brown, a testing manager at ICSA Labs, which tests security products. That's because some digital copiers and printers retain copies of everything they produce on a hard drive or flash storage module. If somebody finds that device, it's no trick at all to read it.
Yes, that sounds far-fetched. But the Federal Communication Commission is concerned enough that it is investigating this issue and some copier makers are giving away software that will help you wipe a drive clean. And remember, simply deleting files doesn't make the information disappear. It just makes it harder to find.
There's another copier-related threat as well. If you copy personal stuff at work (and who hasn't) it's no trick at all for an administrator to see what you've copied if the copier is networked. What's more, default passwords for networked copiers can be found on the Internet, says Brown.
Defeat Flash Cookies and Supercookies
Several browsers give you the option to select a privacy option that supposedly lets you surf the Web without leaving fingerprints. Don't believe it.
That option generally stops the browser from storing the URLs of pages you've visited in a pull down under the browser bar or recently visited tab. But it does nothing to conceal the pages and images you've viewed from advertisers who want to serve tailored ads to you, or even worse, from assorted snoops including private detectives and law enforcement agents.
The old solution, simply deleting cookies or clicking a setting that keeps your browser from accepting them, is much less effective than it used to be. That's because many Web sites are now using something called a "Flash cookie," which is maintained by the Adobe (ADBE) Flash plug-in on behalf of Flash applications embedded in Web pages, says Peter Eckersley a researcher with the Electronic Frontier Foundation.