Deleting cookies from computer.


P

Paul in Houston TX

Paul said:
Bleachbit uses XML files for control, with lines like this.
It's multi-platform, so path names for more than one platform
are present in the XML. There are 76 XML files in the Cleaners
folder.

<action command="delete" search="walk.files"
path="$localappdata\Mozilla\Profiles\default\Cache\"/>

And for some reason, I don't see a firefox.xml, just a seamonkey.xml.

Also, doing a text search on the source, I'm not seeing how they
access sqlite to do a VACUUM. There is a claim they do a VACUUM to
clean up unused space in .sglite files.

So the source package is a bit weird looking. Not
the evidence I was looking for. Why no Firefox.xml in there ?
Where does the sqlite3 file come from ?

Their builder script, also looks to pack (UPX) the Windows
version. Which isn't that reassuring for guys like me.
I don't have a good set of tools for UPX. I like to
inspect things when I download them. I can always toss
the thing into virustotal.com, but of course the people sourcing
the package can also do that.

When you click the "BleachBit portable (official)" link here...

http://bleachbit.sourceforge.net/download/windows

my downloader dialog says it comes from here.

http://katana.oooninja.com/bleachbit/sf/BleachBit-0.9.6-portable.zip

So you should be aware it hasn't been scanned by sourceforge. It's
an offsite link. Gets 3 hits out of 45. Could be related to packing,
but who knows...

https://www.virustotal.com/en/file/c0bc9d937d1a5c46a8d5a54c26a6f7d4a852463f96f77d0f09052fea8dfeedbd/analysis/


The complexion of the package is quite different in the ZIP.
It has an sqlite3.dll, so that answers the question how it
can VACUUM an .sqlite file.

Paul
Thank you Paul.
I got the evercookie from the link on your earlier post.
It set some but they were all stored in flash cookies, no where else.
Since I run a del bat file for those, they were all deleted and never
came back. My bat del's the entire macromedia folder in xp and W7.
I don't use HTLM5. SeaMonkey cache is set for RAM only, not hdd.
 
Ad

Advertisements

S

Steve Hayes

Good catch. What a nightmare.

At the end of this Arstechnica article, they mention a
"Nevercookie" addon.

http://arstechnica.com/security/2010/10/it-is-possible-to-kill-the-evercookie/?comments=1&start=40

Further info on Nevercookie. I hope the only source isn't
the Anonymizer site. I prefer Addons to be vetted at least
a little bit.

http://www.securityweek.com/nevercookie-eats-evercookie-new-firefox-plugin

All I can find on the anonymizer.com site is advertising. So
I guess it was just a bait and switch.

*******

If I saw evidence of that kind of tracking, I would simply
use Procmon, track all writefile operations, and identify
all the directories attacked in a browsing session. That
would be a start at "leak detection".

The author of Evercookie, has cookie test capability
on his personal web page. You can use this to test
your eradication capabilities. It plants a cookie, then
reads out all the storage methods that worked (for the
browser you chose to test with). Different browsers
may give different results, so you'll need to test
all the browsers you use normally. For example, I clicked
his button, stayed on the page, did a "clear cookies", and
the cookie could still be detected.

http://samy.pl/evercookie/

I sure hope there are some limits on where Javascript
can write. This suggests the browser is bloody porous.
Something I didn't know, would never have suspected.
Waiting for my first .exe to get overwritten...
Have you tested it with NoScript?

http://noscript.net/
 
P

Paul

Paul said:
Thank you Paul.
I got the evercookie from the link on your earlier post.
It set some but they were all stored in flash cookies, no where else.
Since I run a del bat file for those, they were all deleted and never
came back. My bat del's the entire macromedia folder in xp and W7.
I don't use HTLM5. SeaMonkey cache is set for RAM only, not hdd.
I found another solution here.

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=search

That add-on works, as long as you delete things at shutdown.

In one test, I selected the manual clearing the history function, and that
seemed to help. For a second test run, I modified the options in Firefox,
to keep my browsing history, but delete cookies at shutdown. For the test,
I installed Flash plugin and Silverlight plugin, so there would be "lots of LSO"
to work with. And no problem I could see there (unless I forgot to configure
something).

I tested in Windows 8, and I think I had Firefox 22.

This test, I could eventually get this clear, on re-invoking Firefox.

http://samy.pl/evercookie/

This test, was supposed to show something in the sidebar (which
I haven't managed to see with the couple browsers tested so far.

http://www.schneier.com/blog/archives/2010/09/evercookies.html

The only thing that add-on won't solve, is it doesn't include VACUUM.

But if you were that worried about it, after Firefox exits, you
could do the "sqlite cookies.sqlite VACUUM; " command, which should
result in a 2048 byte cookie file.

The session file (the one preserved on a Firefox crash), I
don't really see a reason to fear that one. I haven't had
a Firefox crash in some time - I do kill Firefox manually on
purpose (from Task Manager), but that's so I can restore the
previous session later (on the next invocation).

The samy.pl site has another test you can run - the above plugin
seems to take care of this as well, but I don't know why. This
should still have worked, because I like to keep my browsing
history, just not my cookies. And the CSS hack should have been
able to abuse the history.

http://samy.pl/csshack/

Paul
 
P

Peter Jason

Flash cookies are stored in a different place. The
word "Macromedia" may be in the path.

C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

And the Flash control panel, has a delete option. I just
tested it (there were three entries in the folder with "#"
character in their names), and all three were deleted
by the Delete button in the Flash control panel.

Paul

I keep getting these cookies revealed by CCleaner
whenever FF starts up and closes........

THe Ccleaner deletes them, but they are
regenerated whenever FF starts up.

I have the SysInternals, and is there any way to
catch the program involved by seeing which is
active the moment FF starts up? Presumably the
program must show some activity to regenerate the
list.


Removed Cookie: search.conduit.com 0 KB
Removed Cookie: ru4.com 0 KB
Removed Cookie: 247realmedia.com 0 KB
Removed Cookie: realmedia.com 0 KB
Removed Cookie: www.acxiom.com 0 KB
Removed Cookie: adadvisor.net 0 KB
Removed Cookie: adcentriconline.com 0 KB
Removed Cookie: afy11.net 0 KB
Removed Cookie: nspmotion.com 0 KB
Removed Cookie: heias.com 0 KB
Removed Cookie: abmr.net 0 KB
Removed Cookie: imiclk.com 0 KB
Removed Cookie: ask.com 0 KB
Removed Cookie: atdmt.com 0 KB
Removed Cookie: revsci.net 0 KB
Removed Cookie: bizographics.com 0 KB
Removed Cookie: bluekai.com 0 KB
Removed Cookie: btrll.com 0 KB
Removed Cookie: btbuckets.com 0 KB
Removed Cookie: casalemedia.com 0 KB
Removed Cookie: choicestream.com 0 KB
Removed Cookie: collective-media.net 0 KB
Removed Cookie: data.cmcore.com 0 KB
Removed Cookie: data.coremetrics.com 0 KB
Removed Cookie: exelator.com 0 KB
Removed Cookie: load.exelator.com 0 KB
Removed Cookie: serving-sys.com 0 KB
Removed Cookie: adsfac.sg 0 KB
Removed Cookie: adsfac.us 0 KB
Removed Cookie: adsfac.net 0 KB
Removed Cookie: adsfac.eu 0 KB
Removed Cookie: fetchback.com 0 KB
Removed Cookie: fwmrm.net 0 KB
Removed Cookie: doubleclick.net 0 KB
Removed Cookie: hitbox.com 0 KB
Removed Cookie: interclick.com 0 KB
Removed Cookie: crwdcntrl.net 0 KB
Removed Cookie: media6degrees.com 0 KB
Removed Cookie: mathtag.com 0 KB
Removed Cookie: msn.com 0 KB
Removed Cookie: live.com 0 KB
Removed Cookie: bing.com 0 KB
Removed Cookie: microsoft.com 0 KB
Removed Cookie: mmismm.com 0 KB
Removed Cookie: nexac.com 0 KB
Removed Cookie: nuggad.net 0 KB
Removed Cookie: openx.net 0 KB
Removed Cookie: ad.us-ec.adtechus.com 0 KB
Removed Cookie: adserverec.adtechus.com 0 KB
Removed Cookie: adserverwc.adtechus.com 0 KB
Removed Cookie: glb.adtechus.com 0 KB
Removed Cookie: precisionclick.com 0 KB
Removed Cookie: adsonar.com 0 KB
Removed Cookie: questionmarket.com 0 KB
Removed Cookie: smartadserver.com 0 KB
Removed Cookie: meetic-partners.com 0 KB
Removed Cookie: horyzon-media.com 0 KB
Removed Cookie: specificmedia.com 0 KB
Removed Cookie: specificclick.net 0 KB
Removed Cookie: adviva.net 0 KB
Removed Cookie: spotexchange.com 0 KB
Removed Cookie: trafficmp.com 0 KB
Removed Cookie: tribalfusion.com 0 KB
Removed Cookie: adlegend.com 0 KB
Removed Cookie: turn.com 0 KB
Removed Cookie: mediaplex.com 0 KB
Removed Cookie: yahoo.com 0 KB
Removed Cookie: adrevolver.com 0 KB
Removed Cookie: ads.undertone.com 0 KB
Removed Cookie: 33across.com 0 KB
Removed Cookie: quantserve.com 0 KB
Removed Cookie: rfihub.com 0 KB
Removed Cookie: amgdgt.com 0 KB
Removed Cookie: ads.pointroll.com 0 KB
Removed Cookie: atwola.com 0 KB
Removed Cookie: advertising.com 0 KB
Removed Cookie: chitika.net 0 KB
Removed Cookie: kontera.com 0 KB
Removed Cookie: www.burstnet.com 0 KB
Removed Cookie: adbrite.com 0 KB
Removed Cookie: pulse360.com 0 KB
Removed Cookie: contextweb.com 0 KB
Removed Cookie: yumenetworks.com 0 KB
Removed Cookie: www.yumenetworks.com 0 KB
Removed Cookie: navdmp.com 0 KB
Removed Cookie: adap.tv 0 KB
Removed Cookie: saymedia.com 0 KB
Removed Cookie: displaymarketplace.com 0 KB
Removed Cookie: www.tattomedia.com 0 KB
Removed Cookie: adinterax.com 0 KB
Removed Cookie: adotube.com 0 KB
Removed Cookie: lucidmedia.com 0 KB
Removed Cookie: eyewonder.com 0 KB
Removed Cookie: adblade.com 0 KB
Removed Cookie: adshuffle.com 0 KB
Removed Cookie: dotomi.com 0 KB
Removed Cookie: amazon.com 0 KB
Removed Cookie: vizu.com 0 KB
Removed Cookie: fimserve.com 0 KB
Removed Cookie: opt.fimserve.com 0 KB
Removed Cookie: rubiconproject.com 0 KB
Removed Cookie: intellitxt.com 0 KB
Removed Cookie: gigya.com 0 KB
Removed Cookie: addthis.com 0 KB
Removed Cookie: sharethis.com 0 KB
Removed Cookie: ads.us.e-planning.net 0 KB
Removed Cookie: www.flashtalking.com 0 KB
Removed Cookie: weborama.fr 0 KB
Removed Cookie: effectivemeasure.net 0 KB
Removed Cookie: richrelevance.com 0 KB
Removed Cookie: tumri.net 0 KB
Removed Cookie: tradedoubler.com 0 KB
Removed Cookie: demdex.net 0 KB
Removed Cookie: pubmatic.com 0 KB
Removed Cookie: aggregateknowledge.com 0 KB
Removed Cookie: rotator.adjuggler.com 0 KB
Removed Cookie: tremormedia.com 0 KB
Removed Cookie: tag.admeld.com 0 KB
Removed Cookie: brand.net 0 KB
Removed Cookie: optmd.com 0 KB
Removed Cookie: scanscout.com 0 KB
Removed Cookie: outbrain.com 0 KB
Removed Cookie: snap.com 0 KB
Removed Cookie: channelintelligence.com 0 KB
Removed Cookie: ytsa.net 0 KB
Removed Cookie: smtad.net 0 KB
Removed Cookie: xgraph.net 0 KB
Removed Cookie: ads.bridgetrack.com 0 KB
Removed Cookie: adroll.com 0 KB
Removed Cookie: connextra.com 0 KB
Removed Cookie: proximic.com 0 KB
Removed Cookie: owneriq.net 0 KB
Removed Cookie: criteo.com 0 KB
Removed Cookie: pulsemgr.com 0 KB
Removed Cookie: w55c.net 0 KB
Removed Cookie: scorecardresearch.com 0 KB
Removed Cookie: fastclick.net 0 KB
Removed Cookie: struq.com 0 KB
Removed Cookie: invitemedia.com 0 KB
Removed Cookie: beencounter.com 0 KB
Removed Cookie: vindicosuite.com 0 KB
Removed Cookie: netmng.com 0 KB
Removed Cookie: traveladvertising.com 0 KB
Removed Cookie: amadesa.com 0 KB
Removed Cookie: gbid.adbuyer.com 0 KB
Removed Cookie: connect.wunderloop.net 0 KB
Removed Cookie: everesttech.net 0 KB
Removed Cookie: adchemy.com 0 KB
Removed Cookie: delivery.ctasnet.com 0 KB
Removed Cookie: tidaltv.com 0 KB
Removed Cookie: raasnet.com 0 KB
Removed Cookie: rlcdn.com 0 KB
Removed Cookie: monster.com 0 KB
Removed Cookie: eyereturn.com 0 KB
Removed Cookie: netseer.com 0 KB
Removed Cookie: www.halogenmediagroup.com 0
KB
Removed Cookie: halogennetwork.com 0 KB
Removed Cookie: adgear.com 0 KB
Removed Cookie: mythings.com 0 KB
Removed Cookie: hurra.com 0 KB
Removed Cookie: yieldoptimizer.com 0 KB
Removed Cookie: mxptint.net 0 KB
Removed Cookie: esm1.net 0 KB
Removed Cookie: tellapart.com 0 KB
Removed Cookie: mixpo.com 0 KB
Removed Cookie: adready.com 0 KB
Removed Cookie: mookie1.com 0 KB
Removed Cookie: domdex.com 0 KB
Removed Cookie: legolas-media.com 0 KB
Removed Cookie: spongecell.com 0 KB
Removed Cookie: www.inadcoads.com 0 KB
Removed Cookie: lijit.com 0 KB
Removed Cookie: visiblemeasures.com 0 KB
Removed Cookie: ds.reson8.com 0 KB
Removed Cookie: ad.wsod.com 0 KB
Removed Cookie: triggit.com 0 KB
Removed Cookie: tracking.quisma.com 0 KB
Removed Cookie: keewurd.com 0 KB
Removed Cookie: vitamine.networldmedia.net 0
KB
Removed Cookie: p.brilig.com 0 KB
Removed Cookie: infra-ad.com 0 KB
Removed Cookie: chango.com 0 KB
Removed Cookie: newtention.net 0 KB
Removed Cookie: tracking.reedge.com 0 KB
Removed Cookie: optout.ib-ibi.com 0 KB
Removed Cookie: adv.adsbwm.com 0 KB
Removed Cookie: mybuys.com 0 KB
Removed Cookie: veruta.com 0 KB
Removed Cookie: mediaforge.com 0 KB
Removed Cookie: wtp101.com 0 KB
Removed Cookie: gwallet.com 0 KB
Removed Cookie: korrelate.net 0 KB
Removed Cookie: svc.pch.com 0 KB
Removed Cookie: convertro.com 0 KB
Removed Cookie: simpli.fi 0 KB
Removed Cookie: www.bnmla.com 0 KB
Removed Cookie: meebo.com 0 KB
Removed Cookie: server.cpmstar.com 0 KB
Removed Cookie: stage.traffiliate.com 0 KB
Removed Cookie: ads.creative-serving.com 0
KB
Removed Cookie: www.adsrvr.org 0 KB
Removed Cookie: glam.com 0 KB
Removed Cookie: liverail.com 0 KB
Removed Cookie: cmadseu.com 0 KB
Removed Cookie: cognitivematch.com 0 KB
Removed Cookie: nxtck.com 0 KB
Removed Cookie: crosspixel.net 0 KB
Removed Cookie: p-td.com 0 KB
Removed Cookie: tynt.com 0 KB
Removed Cookie: forbes.com 0 KB
Removed Cookie: a.intentmedia.net 0 KB
Removed Cookie: keyade.com 0 KB
Removed Cookie: rovion.com 0 KB
Removed Cookie: admailtiser.com 0 KB
Removed Cookie: adjug.com 0 KB
Removed Cookie: delivery.switchadhub.com 0
KB
Removed Cookie: audienceiq.com 0 KB
Removed Cookie: medicxmedia.com 0 KB
Removed Cookie: sageanalyst.net 0 KB
Removed Cookie: viglink.com 0 KB
Removed Cookie: tubemogul.com 0 KB
Removed Cookie: steelhousemedia.com 0 KB
Removed Cookie: oggifinogi.com 0 KB
Removed Cookie: psa.sophus3.com 0 KB
Removed Cookie: www.etracker.de 0 KB
Removed Cookie: sensic.net 0 KB
Removed Cookie: hit.gemius.pl 0 KB
Removed Cookie: hit.stat.pl 0 KB
Removed Cookie: hit.stat24.com 0 KB
Removed Cookie: qoof.com 0 KB
Removed Cookie: decideinteractive.com 0 KB
Removed Cookie: decdna.net 0 KB
Removed Cookie: zedo.com 0 KB
Removed Cookie: apture.com 0 KB
Removed Cookie: adform.net 0 KB
Removed Cookie: pswec.com 0 KB
Removed Cookie: martiniadnetwork.com 0 KB
Removed Cookie: adriver.ru 0 KB
Removed Cookie: c3tag.com 0 KB
Removed Cookie: xiti.com 0 KB
Removed Cookie: affinesystems.com 0 KB
Removed Cookie: gmads.net 0 KB
Removed Cookie: gravity.com 0 KB
Removed Cookie: smowtion.com 0 KB
Removed Cookie: webtrekk.net 0 KB
Removed Cookie: vdopia.com 0 KB
Removed Cookie: mydas.mobi 0 KB
Removed Cookie: www.adpredictive.com 0 KB
Removed Cookie: adfarm1.adition.com 0 KB
Removed Cookie: analogdemographics.com 0 KB
Removed Cookie:
www.monoloop.com/product/privacy-policy 0 KB
Removed Cookie: ad.yieldmanager.com 0 KB
Removed Cookie: datvantage.com 0 KB
Removed Cookie: tapad.com 0 KB
Removed Cookie: webtraffic.se 0 KB
Removed Cookie: simply.com 0 KB
Removed Cookie: pro-market.net 0 KB
Removed Cookie: rtbidder.net 0 KB
Removed Cookie: goldspotmedia.com 0 KB
Removed Cookie: vizury.com 0 KB
Removed Cookie: jumptap.com 0 KB
Removed Cookie: medialytics.com 0 KB
Removed Cookie: adsymptotic.com 0 KB
Removed Cookie: clover.com 0 KB
Removed Cookie: adnxs.com 0 KB
Removed Cookie: dmtry.com 0 KB
Removed Cookie: medrx.sensis.com.au 0 KB
Removed Cookie: advertserve.com 0 KB
Removed Cookie: network.bazaarvoice.com 0 KB
Removed Cookie: connexity.net 0 KB
Removed Cookie: ads.audience2media.com 0 KB
Removed Cookie: excitad.com 0 KB
Removed Cookie: ads.adacado.com 0 KB
Removed Cookie: adgenie.co.uk 0 KB
Removed Cookie: adyard.de 0 KB
Removed Cookie: groovinads.com 0 KB
Removed Cookie: ipromote.com 0 KB
Removed Cookie: 254a.com 0 KB
Removed Cookie: amxdt.com 0 KB
Removed Cookie: adspirit.de 0 KB
Removed Cookie: acuityplatform.com 0 KB
Removed Cookie: www.piximedia.com 0 KB
Removed Cookie: pictela.net 0 KB
Removed Cookie: jasperlabs.com 0 KB
Removed Cookie: roia.biz/ts 0 KB
Removed Cookie: roia.biz/im 0 KB
Removed Cookie: adknife.com 0 KB
Removed Cookie: go.affec.tv 0 KB
Removed Cookie: relestar.com 0 KB
Removed Cookie: appssavvy.net 0 KB
Removed Cookie: merchenta.com 0 KB
Removed Cookie: ez.n.btbuckets.com 0 KB
Removed Cookie: widdit.com 0 KB
Removed Cookie: skimlinks.com 0 KB
Removed Cookie: skimresources.com 0 KB
Removed Cookie: po.st 0 KB
Removed Cookie: adtech.de 0 KB
Removed Cookie: www.inskinad.com 0 KB
Removed Cookie: adhaven.com 0 KB
Removed Cookie: p.liadm.com 0 KB
Removed Cookie: sitecompass.com 0 KB
Removed Cookie: innity.com 0 KB
Removed Cookie: adextent.com 0 KB
Removed Cookie: impact-ad.jp 0 KB
Removed Cookie: adserver.mobsmith.com 0 KB
Removed Cookie: qwobl.net 0 KB
Removed Cookie: send.microad.jp 0 KB
Removed Cookie: gsimedia.net 0 KB


Peter
 
P

Paul

Peter said:
I keep getting these cookies revealed by CCleaner
whenever FF starts up and closes........

THe Ccleaner deletes them, but they are
regenerated whenever FF starts up.

I have the SysInternals, and is there any way to
catch the program involved by seeing which is
active the moment FF starts up? Presumably the
program must show some activity to regenerate the
list.


Removed Cookie: search.conduit.com 0 KB
Removed Cookie: gsimedia.net 0 KB


Peter
I recommend the following (as I pointed out in a previous post).

I found this Firefox add-on. This is a portion of battling the
Evercookie Javascript exploit.

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=search

To test whether it is working, Samy's web page has some
test buttons you can use. You can set an Evercookie (containing
a random number between 1 and 1000), do your best to erase the
Evercookie, then reenter the browser, go back to that web
page, and see if the random number is still being displayed
(i.e. cookie was recovered successfully by Evercookie).

http://samy.pl/evercookie/

What I found, is the "Self-Destructing-Cookies" add-on, was not
enough by itself. I had to go the Preferences panel in Firefox,
and set it to empty things like cookies.sqlite at shutdown. That
seemed to help. Once I did that, I could use the Samy.pl site,
set a cookie, exit Firefox, start Firefox, go back to the Samy.pl
page, and the random number between 1-1000 was no longer detectable.

As a bonus, the combo above also stops this one, but it
really shouldn't have. I don't delete my browsing history, and
choose to keep it (as a poor man's bookmarks, in a sense). If
I need to recover a URL for a page I visited in the last couple
of days for some reason, I use my history for that.

http://samy.pl/csshack/

What I suspect in your case, is you have an add-on which *puts back*
cookies in the browser. Apparently there is a plugin which puts "bogus"
cookies in the browser, to screw up these advertising sites. And that
plugin, and "self-destructing-cookies" plugin, are not a good match
for one another. You have to decide which philosophy you're going
to use - either erasing cookies, or try and "jam" fake cookies
into the browser, making the cookie contents useless. Note that,
with the Evercookie method, faking cookies is no longer as effective
as it used to be. To effectively fake a cookie, you would need to
use Evercookie javascript code to load the fake cookie into the browser,
so there are ten different copies of the fake, and no good copies
to be seen.

Try listing your add-ons, and see if one of them is responsible for
the fake cookies. Since the "filesize" field is zero bytes, that
tells me you've got fakes working for you. One of your add-ons
is doing that.

I also recommend you become familiar with sqlite.exe and the
..dump option. You look at all the .sqlite files in your profile,
and that will give you some idea how many of them have "interesting"
information. Your browsing history for example, can be a huge database,
with as many as 20,000 URLs in it.

Paul
 
Ad

Advertisements

P

Peter Jason

I recommend the following (as I pointed out in a previous post).

I found this Firefox add-on. This is a portion of battling the
Evercookie Javascript exploit.

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/?src=search

To test whether it is working, Samy's web page has some
test buttons you can use. You can set an Evercookie (containing
a random number between 1 and 1000), do your best to erase the
Evercookie, then reenter the browser, go back to that web
page, and see if the random number is still being displayed
(i.e. cookie was recovered successfully by Evercookie).

http://samy.pl/evercookie/

What I found, is the "Self-Destructing-Cookies" add-on, was not
enough by itself. I had to go the Preferences panel in Firefox,
and set it to empty things like cookies.sqlite at shutdown. That
seemed to help. Once I did that, I could use the Samy.pl site,
set a cookie, exit Firefox, start Firefox, go back to the Samy.pl
page, and the random number between 1-1000 was no longer detectable.

As a bonus, the combo above also stops this one, but it
really shouldn't have. I don't delete my browsing history, and
choose to keep it (as a poor man's bookmarks, in a sense). If
I need to recover a URL for a page I visited in the last couple
of days for some reason, I use my history for that.

http://samy.pl/csshack/

What I suspect in your case, is you have an add-on which *puts back*
cookies in the browser. Apparently there is a plugin which puts "bogus"
cookies in the browser, to screw up these advertising sites. And that
plugin, and "self-destructing-cookies" plugin, are not a good match
for one another. You have to decide which philosophy you're going
to use - either erasing cookies, or try and "jam" fake cookies
into the browser, making the cookie contents useless. Note that,
with the Evercookie method, faking cookies is no longer as effective
as it used to be. To effectively fake a cookie, you would need to
use Evercookie javascript code to load the fake cookie into the browser,
so there are ten different copies of the fake, and no good copies
to be seen.

Try listing your add-ons, and see if one of them is responsible for
the fake cookies. Since the "filesize" field is zero bytes, that
tells me you've got fakes working for you. One of your add-ons
is doing that.

I also recommend you become familiar with sqlite.exe and the
.dump option. You look at all the .sqlite files in your profile,
and that will give you some idea how many of them have "interesting"
information. Your browsing history for example, can be a huge database,
with as many as 20,000 URLs in it.

Paul
Thanks, and success! They've all disappeared
though I'll wait a while and check again..

Peter
 
A

Anthony Buckland

Get these two extensions for Firefox:

Better Privacy

Foundstone HTML5 Local Storage Explorer


Just click on Firefox in the upper left hand corner of the screen and
then click on addons and search for them. You can then delete them or
block them.

You probably have Adobe Flash Player installed. That's where the
cookies are coming from.
I deal with the problem by clearing current history
(click on Firefox at the top left, mouse over History
to get the option to click on) every time I exit
Firefox. Very easy, very quick.
 
J

Johnny

I deal with the problem by clearing current history
(click on Firefox at the top left, mouse over History
to get the option to click on) every time I exit
Firefox. Very easy, very quick.
If you don't want to be tracked, the cookies should not be allowed to be
installed. The extension Ghostery takes care of the regular cookies,
and Better Privacy takes care of the Flash cookies.

Now there is a new type of cookie to deal with, it's the Evercookie that
resists deletion, and is stored in many different places in the browser,
and will regenerate the the cookies that are found and deleted.

I thought is was wonderful that Adobe Flash would finally be replaced by
HTML5 video, but it is going to be worse than Adobe Flash Player.
 
P

Paul

Anthony said:
I deal with the problem by clearing current history
(click on Firefox at the top left, mouse over History
to get the option to click on) every time I exit
Firefox. Very easy, very quick.
Test your methods, with this site.

http://samy.pl/evercookie/

Plant a cookie by clicking the button.
Exit the browser, do whatever you would normally
do to remove the cookie.

Now, start the browser again. Does the samy.pl
Javascript recover the random number it planted ?
If so, your methodology needs to be beefed up, and
the hole found.

Paul
 
H

Henry

Johnny said:
Now there is a new type of cookie to deal with, it's the Evercookie that
resists deletion, and is stored in many different places in the browser,
and will regenerate the the cookies that are found and deleted.

Running WinXP Pro SP3.

Will Evercookie show up when you do a search or is it hidden too well? I
just did and got nothing. I also use SuperAntiSpyware.

Henry
 
Ad

Advertisements

P

Paul

Henry said:
Running WinXP Pro SP3.

Will Evercookie show up when you do a search or is it hidden too well?
I just did and got nothing. I also use SuperAntiSpyware.

Henry
Use the Evercookie test page.

http://samy.pl/evercookie/

The test buttons are half way down the page.

The test button sets a cookie. Shut down the browser.
Do your best to remove all cookies, then start the browser,
revisit that web page, and see if the Evercookie can be detected.

If the cookie cannot be recovered, it means you've broken the
common exploit paths.

If anyone write better sneaky code than Samy, then
you might still be getting cookies of that type. The
Samy javascript, just covers the methods he discovered.
Which are still pretty impressive.

Paul
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top