No announcement yet.

evercookie - virtually irrevocable persistent cookies

  • Filter
  • Time
  • Show
Clear All
new posts

    evercookie - virtually irrevocable persistent cookies

    Covered on last week's Security Now! podcast with Steve Gibson and Leo Laporte. Episode is definitely worth a listen, and I recommend anyone interested in security subscribe to the podcast.

    evercookie -- never forget.
    October 11, 2010: Reported on the front page of the New York Times


    evercookie is a javascript API available that produces
    extremely persistent cookies in a browser. Its goal
    is to identify a client even after they've removed standard
    cookies, Flash cookies (Local Shared Objects or LSOs), and

    evercookie accomplishes this by storing the cookie data in
    several types of storage mechanisms that are available on
    the local browser. Additionally, if evercookie has found the
    user has removed any of the types of cookies in question, it
    recreates them using each mechanism available.

    Specifically, when creating a new cookie, it uses the
    following storage mechanisms when available:
    - Standard HTTP Cookies
    - Local Shared Objects (Flash Cookies)
    - Silverlight Isolated Storage
    - Storing cookies in RGB values of auto-generated, force-cached
    PNGs using HTML5 Canvas tag to read pixels (cookies) back out
    - Storing cookies in Web History
    - Storing cookies in HTTP ETags
    - Storing cookies in Web cache
    - caching
    - Internet Explorer userData storage
    - HTML5 Session Storage
    - HTML5 Local Storage
    - HTML5 Global Storage
    - HTML5 Database Storage via SQLite