2

Today I sat the 2017 Higher Computing exam paper. One of the questions was to name a security risk of tracking cookies. One mark.

I just rambled a little about targeted advertising and monitoring visited pages in an attempt to get the mark, but I wouldn't consider this a security risk.

Just to satisfy my own curiosity, can anyone actually think of a security risk from tracking cookies? I'll try to remember to update this with what the valid answers were, but they won't be publicly available for months.

spacer GIF
  • 121
  • 4
  • 2
    say the hacker could find out what the person was searching and could use this information to attack the user – bob May 17 '17 at 11:37
  • Tracking cookies can be login cookies, contents refresh cookies (some start usign etag), ads tracker. – mootmoot Jun 16 '17 at 12:10

3 Answers3

1

It's an information disclosure vulnerability. The main risk that I'm aware of is that it allows users to be identified. The NSA uses such information to target users for QUANTUM attacks. You touched on another one which is profiling previously visited sites. An attacker could use this information in a social engineering attempt. I agree with you, it is a very low security risk.

Dan Landberg
  • 3,312
  • 12
  • 17
0

The answer they were looking for was:

Unauthorised access to personal data (sent to third parties through the tracking cookie)

From the marking scheme

When tracking cookies can be seen by a malicious attacker, the cookies effectively become spyware.

The tracking cookies can then be used to track the user's activities on a site and target them in a social engineering attack or, depending on what is tracked, identity theft.

Joe
  • 2,734
  • 2
  • 12
  • 22
-2

Cookies are used to client-side persist session of logged user, 'Session hijacking' might be the closest answer.

elsadek
  • 1,782
  • 2
  • 17
  • 53