Monday, July 11, 2011

The Truth About Cookies Exposed

When you are trying to bypass the security checks and login more times than you should at your favorite site, or create 100 MySpace accounts, then you know that cookies are there to track you. All cookies could potentially warn the administrators that you are coming, based on tracking your previous actions. This is so that they can block your requests and have minimal abuse on their server or site. Most people that are involved with bypassing these checks are aware that they have to delete ALL of their cookies or risked all of their requests being blocked. Many sites use this type of technology. However, the Internet is changing. You can't just get by with clearing your cookies anymore, big sites are hip to this game. Removing your standard HTTP cookies still leaves the possibility of being tracked by flash cookies, or LSO (Local Shared Object) cookies. These are relatively new, but still are an avenue for big sites to detect where the user is coming from, and what a user has done so far on the administrator's site.

I want to talk briefly about a new cookie I have come in contact with. Site administrators are calling it the Evercookie. Evercookie is a javascript API that allows site owners to create 'zombie' cookies that can be resurrected when a user deletes them. It does this by storing cookie data in locations that standard browsers have access to by default, and when it notices the user has deleted cookies, even Adobe LSO cookies, then it re sets the cookie from different locations on the local machine. This means that if you clear your cookies, remove Adobe LSO files, then you still have not deleted all of the cookies that are being used to track you. Why is this? Because of Evercookie. Evercookie was used by a javascript worm on MySpace and Facebook. This API is a complete hacker tool used to track the user's every move, regardless if the user wants that or not. I have mentioned in the past that I use BetterPrivacy to delete hidden adobe flash cookies, on top of deleting the standard cookies. Now I know why they call it Better Privacy. Even though Better Privacy add-on for Firefox works for most sites, some sites deploy the Evercookie Javascript api, and are able to track you regardless what cookies you think you are removing. It is BetterPrivacy, not the best privacy. In order to have the best privacy in Firefox I recommend people not only use BetterPrivacy add-on, but also use Nevercookie. Nevercookie is an add-on that has been developed that allows you to browse sites without Evercookie injecting cookies in weird locations so that the site can bring them back when you delete them. This is an awesome plugin and is the final line of defense to date, when it comes to being tracked. Have fun!

Here is a link to download the Firefox plugin Nevercookie:
Nevercookie download

Evercookie Wikipedia Page:
Evercookie in WikiPedia

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Monday, May 9, 2011

Delete Hidden Flash Cookies Aka Local Shared Objects


Have you ever wondered why your favorite site is still tracking how many e-mail accounts you have created, or how many times you have viewed a video on YouTube, even though you are deleting your HTTP cookies with the browser? It is because of Flash. They have what is called Local Shared Objects or LSOs that allow you to be tracked just like cookies, but aren't as easily removed. With conventional cookies you can always clear your cookie cache from within your favorite browser, however with the plugin for Mozilla called BetterPrivacy, you are able to get rid of those hidden LSO files so that big sites can't track what you are doing so easily. Even advertisers take advantage of LSOs via Adobe Flash embedded programs. This is your best defense. You can set it so that it removes every Flash LSO file when you close the browser, this way in conjunction with clearing your cookies, you can do many things that you could not before. Experiment with this add-on and have fun. Create as many of those e-mail accounts as you want. This is the answer. Have fun!

Download this plug-in for Mozilla Firefox here: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !

Monday, March 7, 2011

How To Use PHP Proxy/CGI Proxy/Web Proxy To Bypass Firewalls


Web proxies are a great way to bypass firewalls. They are scripts setup on people's web server, that allow you to redirect HTTP traffic so that you can bypass your school, or company's firewall. I have gained access to MySpace, Craigslist, and YouTube while they have been blocked at certain locations. You can respond to messages, check your messages, and even engage in status updates, or even blog posts. Their is one problem with this method though, I have found that if the websites contain flash applications, or java applications that the embedded programs written in these languages will not use the PHP Proxy to access their data. This means that although you can check your messages on YouTube, or Facebook, you still cannot play Facebook games, or YouTube videos unless their destination servers have been allowed by your firewall. In most cases they are blocked as well, so you cannot do things like this. However, this is still a great way to bypass the firewall if all the traffic is HTTP requests. I recommend that everyone use these proxies when behind a very strict network.

Here is a free Web Proxy list: here

I recommend you visit that site, and see if any of those domain names allow you to access them from behind your firewall. If the above site has been blocked, I recommend writing down some of the domain names from a connection that isn't blocked, like your cell phone, and then trying to get access from behind the firewall. Have fun!

Share : Share On Facebook ! Share On Google Buzz ! Add To Del.icio.us ! Share On Digg ! Share On Reddit ! Share On LinkedIn ! Post To Blogger ! Share On StumbleUpon ! Share On Friend Feed ! Share On MySpace ! Share On Yahoo Buzz ! Share On Google Reader ! Google Bookmark ! Send An Email ! Blog Feed !