Time to get serious.....about cookies! :D

Bad threads go here

Time to get serious.....about cookies! :D

Post by centip3de on Wed Aug 25, 2010 2:30 am
([msg=44264]see Time to get serious.....about cookies! :D[/msg])

So, so far, i've been more or less screwing around on this site, reading fourms, collecting info, etc etc. But now, is the time i get serious! :x

So I've had this question on my mind for quite some time now, I know a cookie is a data transfer of packets? between your computer and the server, my question is, when you go to a malicious site, how would you "receive" the virus/malware etc, etc.
I had an idea that they would embed it in the cookie via PHP maybe? But then I thought the file would be much to big for a cookie, because, aren't they supposed to be kilobytes of information, not megabytes? Anyway, just thought I should figure this out before I go out giving nooby advice that will probably end up blowing up a computer in fiery flames and destruction >.<"

Sorry for the noob question,
centip3de
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by Goatboy on Wed Aug 25, 2010 2:50 am
([msg=44267]see Re: Time to get serious.....about cookies! :D[/msg])

I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2788
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by centip3de on Wed Aug 25, 2010 11:45 am
([msg=44293]see Re: Time to get serious.....about cookies! :D[/msg])

Goatboy wrote:I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.


Oh.....Well then whats all this I hear about "Cookie editing" and "Malicous cookies"?
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by cilpolir on Thu Aug 26, 2010 7:37 am
([msg=44349]see Re: Time to get serious.....about cookies! :D[/msg])

centip3de wrote:
Goatboy wrote:I'd drop that definition in a heartbeat. A cookie is little more than a small file stored on your computer by a browser, usually used to hold preference and visit information, and sometimes login status or other things. There would be no way to effectively embed PHP inside of it, and even if you could, no way to effectively run it.


Oh.....Well then whats all this I hear about "Cookie editing" and "Malicous cookies"?

Real malicious cookies are those with milk from manboobiez :P
Image
Image
User avatar
cilpolir
Poster
Poster
 
Posts: 214
Joined: Sat Sep 12, 2009 10:46 am
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by centip3de on Mon Aug 30, 2010 6:57 pm
([msg=44555]see Re: Time to get serious.....about cookies! :D[/msg])

Mmmmm smexi 8-)
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by sanddbox on Mon Aug 30, 2010 7:08 pm
([msg=44557]see Re: Time to get serious.....about cookies! :D[/msg])

First of all, cookies are less than kilobytes. Also, viruses are usually much smaller than megabytes - they're usually just kilobytes.

Anyways, as Goatboy said, your definition of cookies is off. He's already been over what cookies are, so I won't go more into that.

You asked what malicious cookies are. These are usually cookies that track where you've been and are used to generate advertisements that are relevant to where you have been. They are considered malicious because they pose a privacy threat.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by imcrafty on Mon Aug 30, 2010 7:43 pm
([msg=44559]see Re: Time to get serious.....about cookies! :D[/msg])

Cookies?? Are they like donuts?
imcrafty
Experienced User
Experienced User
 
Posts: 75
Joined: Mon Jul 12, 2010 5:34 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by centip3de on Tue Aug 31, 2010 2:29 pm
([msg=44603]see Re: Time to get serious.....about cookies! :D[/msg])

sanddbox wrote:First of all, cookies are less than kilobytes. Also, viruses are usually much smaller than megabytes - they're usually just kilobytes.

Anyways, as Goatboy said, your definition of cookies is off. He's already been over what cookies are, so I won't go more into that.

You asked what malicious cookies are. These are usually cookies that track where you've been and are used to generate advertisements that are relevant to where you have been. They are considered malicious because they pose a privacy threat.



Thanks :roll:
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by tgoe on Tue Aug 31, 2010 8:07 pm
([msg=44611]see Re: Time to get serious.....about cookies! :D[/msg])

centip3de,

What you're trying to accomplish will always require a browser exploit that gives you a way to execute arbitrary code on the client machine. Getting the code to the client is the easy part. You could use a traditional cookie if the code is <3-4k, a flash LSO: <100k, HTML5 Web Storage: 3-5mb?, a JavaScript file with an encoded var, an engineered image, a Java applet .jar...

At the root of all this is a browser exploit and at that point delivery is moot.
User avatar
tgoe
Contributor
Contributor
 
Posts: 633
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Time to get serious.....about cookies! :D

Post by sanddbox on Tue Aug 31, 2010 9:26 pm
([msg=44624]see Re: Time to get serious.....about cookies! :D[/msg])

The main problem with your logic, OP, is that cookies are read, not executed.

Of course, when I say "main problem", I'm ignoring your fundamental misunderstanding of cookies :P
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Next

Return to Graveyard

Who is online

Users browsing this forum: No registered users and 0 guests