cookie poisoning

Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie.

To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server.

Learn more about Identity Theft and Data Security Breaches

Quiz: Data loss prevention: Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material.
Information theft and cryptographic attacks: The third tip in our series, "How to assess and mitigate information security threats".
Balancing the cost and benefits of countermeasures: The final tip in our series, "How to assess and mitigate information security threats".
Elements of a data protection strategy: An overview of the importance of securing data for regulatory compliance and the five components of an enterprise data protection strategy.
	Ensure that legal responsibilities are clear -- Especially when trouble strikes: Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Internet.com has an article, "Ingrian Protects Against 'Cookie Poisoning.'" - Jeremy Wolff has a presentation about security that discusses cookie poisoning.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT Health Net healthcare data breach affects1.5 million A lost hard drive contained seven years of patient data including Social Security numbers and medical records of more than a million Health Net... Massive T-Mobile UK security breach involves insiders A UK agency suspects insiders are behind a massive data breach at T-Mobile UK where customer data was pilfered and sold to competitors. Chip and PIN adoption serves lesson for U.S. payment industry As payment processors offer plans for end-to-end encryption, the UK is finding success with chip and pin deployments. The U.S. payment industry should...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary bot worm  (SearchSecurity.com) A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself... CISP-PCI  (SearchFinancialSecurity.com) CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...