cookie poisoning
Home > Security Definitions - Cookie poisoning
SearchSecurity.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

cookie poisoning

Show me everything on Identity Theft and Data Security Breaches

DEFINITION - On the Web, cookie poisoning is the modification of a cookie (personal information in a Web user's computer) by an attacker to gain unauthorized information about the user for purposes such as identity theft. The attacker may use the information to open new accounts or to gain access to the user's existing accounts.

Cookies stored on your computer's hard drive maintain bits of information that allow Web sites you visit to authenticate your identity, speed up your transactions, monitor your behavior, and personalize their presentations for you. However, cookies can also be accessed by persons unauthorized to do so. Unless security measures are in place, an attacker can examine a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie.

To guard against cookie poisoning, Web sites that use them should protect cookies (through encryption, for example) before they are sent to a user's computer. Ingrian Networks' Active Application Security platform is one means of securing cookies. When cookies pass through the platform, sensitive information is encrypted. A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server.

Learn more about Identity Theft and Data Security Breaches
Mass 201 CMR 17: Basics for security practitioners: MA data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements, and find out what needs to be done to become compliant with the law.
Quiz: Data loss prevention: Take this five-question quiz to test your knowledge of Rich Mogull's data loss prevention material.
Fact or fiction: Building and enforcing DLP policies: Deploying a data loss prevention (DLP) solution is just the first step in the process of controlling the sensitive data flowing through your company's network.
Information theft and cryptographic attacks: The third tip in our series, "How to assess and mitigate information security threats".
Balancing the cost and benefits of countermeasures: The final tip in our series, "How to assess and mitigate information security threats".

LAST UPDATED: 05 Jun 2007

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Internet.com has an article, "Ingrian Protects Against 'Cookie Poisoning.'"
- Jeremy Wolff has a presentation about security that discusses cookie poisoning.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #


RELATED CONTENT
At RSA Conference, experts dismiss end-to-end encryption claims
Payment industry "buzz" term isn't really reality, say some industry experts at RSA Conference 2010.
Companies urged to share data breach information
Sharing breach data with law enforcement is necessary for fighting sophisticated online criminals, panelists say.
Mass 201 CMR 17: Basics for security practitioners
MA data protection law 201 CMR 17 went into effect on March 1, 2010. Get an in-depth look at the requirements, and find out what needs to be done to...

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
bot worm  (SearchSecurity.com)
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself...
CISP-PCI  (SearchFinancialSecurity.com)
CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit...




Get More cookie poisoning Answers