If you've heard cybersecurity terms but you've been avoiding the topic, this microlearning course will help you get started. We're adding fast lessons, quizzes, and more to this course here: https://www.socratica.com/courses/cyb...

Today’s Cybersecurity Lesson: Toss your Cookies
Whenever you visit a website, you’ll be served up a fresh-from-the-oven plate of MAGIC COOKIES. These are small text files stored on your device, containing data such as your login info and user preferences. That’s generally a GOOD thing. Imagine if you had to re-login to a website every time you went to a different page on the site. Or maybe you enjoy using dark mode on Friendface. What if that reset every time you clicked on a new profile? That would be pretty frustrating. So cookies do make using the web more pleasant.
Cookies are sooo sweet. They ask for your permission to be installed. By Law. These alerts are supposed to help us preserve our privacy. But do you really have a choice, if you need to install a cookie in order for a website to work properly? Be honest, you just click OK, right? Same here.
Most of the time, first-party cookies are no big deal. They make the website work well, behaving as you wish, keeping you logged in, and keeping track of some useful analytics for the website owner.
Privacy concerns are usually more about THIRD-PARTY cookies. These come from other companies you didn’t actually visit on purpose. Usually this is from an ad running on the page. This means advertisers can keep an eye on you, without your express permission. Depending on how many times your data is shared or sold, cookies can be used to build a comprehensive profile of your online activities.
Still, nothing very sinister here, depending on your personal tolerance for user privacy and the ethics of data collection. Being served up personalized ads is a defining characteristic of the modern advertising landscape.

But even if we accept the tracking aspect, cookies do open the door for some more serious security breaches. These can include:
COOKIE THEFT. Hackers can use malware to steal cookies from your device. Then they can use them to gain unauthorized access to the websites you’ve visited.
SESSION HIJACKING. If a cookie contains authentication tokens, and an attacker intercepts the cookie, they could impersonate you and, again, gain u nauthorized access to your account.
CROSS-SITE SCRIPTING ATTACKS. In an XSS attack, malicious code is inserted into a vulnerable website, including its cookies. If you visit a compromised site, the malicious code could execute on your device, potentially leading to data theft or—here it comes again—unauthorized access.

So what’s the solution here? You can manage your browser preferences and limit the data you share when you accept cookies. There are also browser extensions that help you block cookies. But what’s the easiest thing you can do? Clear your cookies—regularly. It’s just that simple.

For more servings of delicious cybersecurity knowledge, subscribe to Socratica.
http://bit.ly/SocraticaSubscribe

Support Socratica on Patreon:
  / socratica  

This video series was made possible by the generous support of our Patrons on Patreon. We'd like to recognize our VIP Patrons and send them our sincere thanks!
José Juan Francisco Castillo Rivera, KW, M Andrews, Robert Fulbright, Marcos Silveira, Christopher Kemsley, Massimiliano Pala, Eric Eccleston, Jeremy Shimanek, Michael Shebanow, Alvin Khaled, Kevin B, John Krawiec, Umar Khan, MdeG, and Tracy Karin Prell!

Written and Produced by Kimberly Hatch Harrison
Edited by Megi Shuke

#Socratica #Cybersecurity #Cookies