THE WHATIS.COM WORD-OF-THE-DAY November 6, 2002 cookie poisoning ______________ TODAY'S SPONSOR: NetIQ WebTrends
Free White Paper: The Executive Pocket Guide to Smarter Marketing Myth: The Web will never be a significant piece of the media mix. Fact: Your Web site is already a critical part of the blend. Break down the myths and get smarter about how the Web changes the marketing principles you already know. You can't afford to lose on the Web. So get your free copy of "Winning on the Web: The Executive Pocket Guide to Smarter Marketing" from NetIQ WebTrends today! http://WhatIs.com/r/0,,7236,00.htm?freewhitepaper ______________ TODAY'S WORD: cookie poisoning See our definition with hyperlinks at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci861584,00.html On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user's existing accounts. Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie. To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server. RELATED TERMS: cookie http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211838,00.html identity theft http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci801871,00.html encryption http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212062,00.html digital signature http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211953,00.html ______________________ SELECTED LINKS: Internet.com has an article, "Ingrian Protects Against 'Cookie Poisoning.'" http://siliconvalley.internet.com/news/article.php/1475471 Jeremy Wolff has a presentation about security that discusses cookie poisoning. http://www.oft.state.ny.us/security/electronic presentations/conference2001/ChartingtheUnknown-WebAppHacking.pdf SearchSecurity.com offers "Best Web Links for Common Vulnerabilities and Prevention Tips." http://searchsecurity.techtarget.com/bestWebLinks/0,289521,sid14_tax281934,00.html ______________________ QUIZ #32 | Logic Chips How much do you know about the little machine inside your computer that carries out the orders of whatever program happens to be in charge? We're betting you know quite a bit - no pun intended! >> Take the quiz http://whatis.techtarget.com/definition/0,,sid9_gci861268,00.html ______________________ CROSSWORD PUZZLE #6 | Wireless Improve your flexible thinking skills. Print out the puzzle and keep it nearby to work on throughout your day! http://whatis.techtarget.com/definition/0,,sid9_gci861329,00.html ______________________ REAL-LIFE CHALLENGE #19 | Internet banking while at work Rob's fellow employees want to know if it's safe to do their Internet banking over the company LAN. Can you advise them? http://whatis.discussions.techtarget.com/WebX?msgInContext@;233.yYyLaVl9sHU.5@.1dcfae0e/154 ______________________________ RECENT ADDITIONS AND UPDATES [1] nagware http://whatis.techtarget.com/definition/0,,sid9_gci860960,00.html [2] Daylight Saving Time http://whatis.techtarget.com/definition/0,,sid9_gci860747,00.html [3] X dimension http://whatis.techtarget.com/definition/0,,sid9_gci860044,00.html [4] DOT4 http://searchhp.techtarget.com/sDefinition/0,,sid6_gci860597,00.html [5] Stefan-Boltzmann constant http://whatis.techtarget.com/definition/0,,sid9_gci861008,00.html ____________________________________________________________________ ::::::::::::::::::: WHATIS.COM CONTACTS ::::::::::::::::::: LOWELL THING, Site Editor ([EMAIL PROTECTED]) ____________________________________________________________________ MARGARET ROUSE, Associate Editor ([EMAIL PROTECTED]) ___________________________________________________________________ :::::::::::::::::::: ABOUT THIS NEWSLETTER ::::::::::::::::::::: Published by TechTarget (http://www.techtarget.com) TechTarget - The Most Targeted IT Media Copyright 2002, All Rights Reserved. If you would like to sponsor this or any TechTarget newsletter, please contact Gabrielle DeRussy at [EMAIL PROTECTED] Unsubscribe from 'Word of the Day' - Simply Reply to this Email with REMOVE within the Body or Subject > or - Go to: http://WhatIs.techtarget.com/register - Log in to edit your profile. - Click on the link to Edit email subscriptions. - Uncheck the box next to the newsletter you wish to unsubscribe from. - When finished, click "Save Changes to My Profile."