Cookie Naming Convention

Discussion in 'Internet Explorer' started by Remove the XX's, Aug 19, 2011.

  1. Hi, my cookies are being named some kind of encrypted type.

    ie: WNGTBJW1.txt

    Using IE8

    They are not recognizable. Is there a setting that has changed recently?

    TIA, Dennis
    =========================
     
    Remove the XX's, Aug 19, 2011
    #1
    1. Advertisements

  2. Remove the XX's

    Buckeye9 Guest

    Microsoft changed the cookie file names to a random generated letters as
    part of the last security update which was issued in August.

    Buckeye9
     
    Buckeye9, Aug 19, 2011
    #2
    1. Advertisements

  3. Remove the XX's

    VanguardLH Guest

    That's a good thing. As I recall, Java[script] cannot list the files in
    a folder but ActiveX components can (with which you can use Javascript;
    http://ns7.webmasters.com/caspdoc/html/jscript_filesystemobject_object.htm).
    Some web page could look at the cookies names to determine where you
    were before you visited their site. Since the domain names were in the
    cookie .txt files, it was easy for a site to see that you had previously
    visited eBay, PayPal, which banks, which credit card issuer sites, your
    hospital, your insurer's site, your real estate agent's site, or
    wherever else you went within that IE session (and other IE sessions if
    you do not configure IE to purge its TIF file on exit). They can
    compile a whole history of where you surfed before by looking at the
    filenames for the cookie .txt files. Now they'll just see garbage and
    have to use other means of drilling out your web navigation history.

    http://www.microsoft.com/technet/security/bulletin/MS11-057.mspx

    Although not mentioned in this security update, other users (e.g.,
    http://securitygarden.blogspot.com/2011/08/microsoft-update-impacts-winpatrol.html)
    have confirmed that cookie naming got randomized after this update was
    installed.

    http://blogs.msdn.com/b/ieinternals...-changes-file-protocol-and-cookie-naming.aspx

    This mentions the cookie renaming got added to IE9. Apparently
    Microsoft decided to migrate this security feature to prior versions of
    IE, too.
     
    VanguardLH, Aug 19, 2011
    #3

  4. Got it, thanx for the replys.

    I write my own utility that removes just the cookies I dont want. So instead
    of interegating the file name I just read each file into a string and search
    the said string for criteria. Surprisingly it's not using anymore cpu time
    than what I did with the file names.

    Dennis
    ===================
     
    Remove the XX's, Aug 20, 2011
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.