View Blog

Aug 2011

Supercookies.. the ugly snack you can kill using Group Policy

Here’s the deal: You know what cookies are. They’re little text files which save little bits of data about you. Say, the username of your favorite website, when you click "Remember me."

When you clear our your Internet Browser’s cache and cookies (say, in IE, Firefox, Chrome, etc) you wipe these files out.

Poof. Easy.

But what if a website decided to do a handful of "evil things." First, let’s say they read these cookies on your computer. Next, they used these cookies to build a "profile" about you, then store that profile in a secret area that cannot be quickly cleared out.  So, here’s the one-two-three punch:

() Punch #1 — the "profile" part is built so they can target you with ads on things they know you’re searching for. Say, Diapers, Diamonds, or Disinfectants.
() Punch #2 — the normal cookies part isn’t stored in your web browser’s normal cookies location. It’s often stored in the special cache within something you likely have on every desktop: Flash Player.
() Punch #3 (theoretical): Sell your personal / company data to the REAL bad guys.

Ow ow ow ow ow.

So, yes, indeed. Flash Player has a cache that can be used to store data — any kind of data, like personal data.

Hence the term — Supercookies. Because when you "clear cache and cookies" you don’t clear this out.

Great ! Just what we need .. another computer threat !

Okay, so how do you prevent the threat? There are two kinds of people I want to give the answer to: NON-IT folks and IT folks.


NON-IT Folks:

This advice will help if you have a handful of computers, because you’ll need to run around to each machine.

Option 1: Control Panel

Go to your Windows Control Panel, type in the word Flash as seen here then click on the Flash icon that appears.



Then, on each computer change the setting to "Block all sites from storing information on this computer" as seen here.


Boom. No more supercookies.

Option 2 (Still for Non-IT folks, but untested.):

There’s a special web page you can go to which should perform the same thing — only it’s a web page, and not your real control panel.  I’ve read that this MIGHT work for some versions, and not for other versions, so I wouldn’t rely on it if you really needed to… but I’m adding it here for completeness. Here’s the page anyway (use at your own risk.)


IT-Folks (Protecting your enterprise)

So, I’m sure you know where I’m going with this if you’ve got a lot of computers to manage: Use Group Policy!

Problem time though… Flash has no ADM / ADMX template to manage. It turns out Flash stores it’s files in a weird place, in a weird format, and as a system file.

So, you can’t use "out of the box" Group Policy to configure it.

Not to get all "commercial", but I created a video for you to see how lots of companies are handling this latest security threat.

Here’s the link:

TIP: If you’re truly impatient, fast forward to the 3.00 minute mark.

TIP 2: Sign up for one of my webinars and see how you can mitigate other security threats lurking in Acrobat, Java and other key components of your systems!

Here’s the link:


Talk soon!

Jeremy Moskowitz, Enterprise Mobility MVP

Comments (0)

No Comments!