If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rating: | Display Modes |
#16
|
|||
|
|||
Deleting cookies from computer.
Johnny wrote:
On 7/28/2013 10:30 PM, Paul in Houston TX wrote: Paul wrote: Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul Yup. Few people know about Macromedia flash cookies. They are really insidious; tracking our streamed videos. I stopped using Flash because of the hidden persistent cookies, and because a lot of websites are using HTML5 Video, but now it looks like an even worse tracking cookie is available. The Forever Cookie. This is from an article I was reading that some people might find interesting: From Wikipedia: An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available: Standard HTTP cookies Local Shared Objects (Flash cookies) Silverlight Isolated Storage Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out Storing cookies in Web history Storing cookies in HTTP ETags Storing cookies in Web cache window.name caching Internet Explorer userData storage HTML5 Session Storage HTML5 Local Storage HTML5 Global Storage HTML5 Database Storage via SQLite Hold on – there’s mo The developer is looking to add the following features: Caching in HTTP Authentication Using Java to produce a unique key based on NIC information. We’re not quite finished. https://billmullins.wordpress.com/20...html5-cookies/ Good catch. What a nightmare. At the end of this Arstechnica article, they mention a "Nevercookie" addon. http://arstechnica.com/security/2010...nts=1&start=40 Further info on Nevercookie. I hope the only source isn't the Anonymizer site. I prefer Addons to be vetted at least a little bit. http://www.securityweek.com/nevercoo...firefox-plugin All I can find on the anonymizer.com site is advertising. So I guess it was just a bait and switch. ******* If I saw evidence of that kind of tracking, I would simply use Procmon, track all writefile operations, and identify all the directories attacked in a browsing session. That would be a start at "leak detection". The author of Evercookie, has cookie test capability on his personal web page. You can use this to test your eradication capabilities. It plants a cookie, then reads out all the storage methods that worked (for the browser you chose to test with). Different browsers may give different results, so you'll need to test all the browsers you use normally. For example, I clicked his button, stayed on the page, did a "clear cookies", and the cookie could still be detected. http://samy.pl/evercookie/ I sure hope there are some limits on where Javascript can write. This suggests the browser is bloody porous. Something I didn't know, would never have suspected. Waiting for my first .exe to get overwritten... Paul |
Ads |
#17
|
|||
|
|||
Deleting cookies from computer.
Paul wrote:
Johnny wrote: On 7/28/2013 10:30 PM, Paul in Houston TX wrote: Paul wrote: Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul Yup. Few people know about Macromedia flash cookies. They are really insidious; tracking our streamed videos. I stopped using Flash because of the hidden persistent cookies, and because a lot of websites are using HTML5 Video, but now it looks like an even worse tracking cookie is available. The Forever Cookie. This is from an article I was reading that some people might find interesting: From Wikipedia: An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available: Standard HTTP cookies Local Shared Objects (Flash cookies) Silverlight Isolated Storage Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out Storing cookies in Web history Storing cookies in HTTP ETags Storing cookies in Web cache window.name caching Internet Explorer userData storage HTML5 Session Storage HTML5 Local Storage HTML5 Global Storage HTML5 Database Storage via SQLite Hold on – there’s mo The developer is looking to add the following features: Caching in HTTP Authentication Using Java to produce a unique key based on NIC information. We’re not quite finished. https://billmullins.wordpress.com/20...html5-cookies/ Good catch. What a nightmare. At the end of this Arstechnica article, they mention a "Nevercookie" addon. http://arstechnica.com/security/2010...nts=1&start=40 Further info on Nevercookie. I hope the only source isn't the Anonymizer site. I prefer Addons to be vetted at least a little bit. http://www.securityweek.com/nevercoo...firefox-plugin All I can find on the anonymizer.com site is advertising. So I guess it was just a bait and switch. ******* If I saw evidence of that kind of tracking, I would simply use Procmon, track all writefile operations, and identify all the directories attacked in a browsing session. That would be a start at "leak detection". The author of Evercookie, has cookie test capability on his personal web page. You can use this to test your eradication capabilities. It plants a cookie, then reads out all the storage methods that worked (for the browser you chose to test with). Different browsers may give different results, so you'll need to test all the browsers you use normally. For example, I clicked his button, stayed on the page, did a "clear cookies", and the cookie could still be detected. http://samy.pl/evercookie/ I sure hope there are some limits on where Javascript can write. This suggests the browser is bloody porous. Something I didn't know, would never have suspected. Waiting for my first .exe to get overwritten... Paul There is a press release for Nevercookie here. Still no download. https://www.anonymizer.com/company/p...e/pr-20101110/ The download button at the top here, gives a "certificate problem". http://www.pcworld.com/article/23242...vercookie.html ( http://www.nevercookie.anonymizer.com/ --- didn't work for me ) The picture contains a hint as to the extent of its capabilities. http://zapp3.staticworld.net/downloa...ts/169130f.jpg Tick boxes: Enable LSO Quarantine for Private Browsing (Adobe Flash Player LSO storage is mentioned) Enable MIS Quarantine for Private Browsing (That one is for Silverlight) You wouldn't expect a plugin from 2011, to know much about HTML5. So I suppose you have to pay for their product, to get something decent. What a pain in the ass... Paul |
#18
|
|||
|
|||
Deleting cookies from computer.
On 7/29/2013 2:36 PM, Paul wrote:
Johnny wrote: On 7/28/2013 10:30 PM, Paul in Houston TX wrote: Paul wrote: Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul Yup. Few people know about Macromedia flash cookies. They are really insidious; tracking our streamed videos. I stopped using Flash because of the hidden persistent cookies, and because a lot of websites are using HTML5 Video, but now it looks like an even worse tracking cookie is available. The Forever Cookie. This is from an article I was reading that some people might find interesting: From Wikipedia: An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available: Standard HTTP cookies Local Shared Objects (Flash cookies) Silverlight Isolated Storage Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out Storing cookies in Web history Storing cookies in HTTP ETags Storing cookies in Web cache window.name caching Internet Explorer userData storage HTML5 Session Storage HTML5 Local Storage HTML5 Global Storage HTML5 Database Storage via SQLite Hold on – there’s mo The developer is looking to add the following features: Caching in HTTP Authentication Using Java to produce a unique key based on NIC information. We’re not quite finished. https://billmullins.wordpress.com/20...html5-cookies/ Good catch. What a nightmare. At the end of this Arstechnica article, they mention a "Nevercookie" addon. http://arstechnica.com/security/2010...nts=1&start=40 Further info on Nevercookie. I hope the only source isn't the Anonymizer site. I prefer Addons to be vetted at least a little bit. http://www.securityweek.com/nevercoo...firefox-plugin All I can find on the anonymizer.com site is advertising. So I guess it was just a bait and switch. ******* If I saw evidence of that kind of tracking, I would simply use Procmon, track all writefile operations, and identify all the directories attacked in a browsing session. That would be a start at "leak detection". The author of Evercookie, has cookie test capability on his personal web page. You can use this to test your eradication capabilities. It plants a cookie, then reads out all the storage methods that worked (for the browser you chose to test with). Different browsers may give different results, so you'll need to test all the browsers you use normally. For example, I clicked his button, stayed on the page, did a "clear cookies", and the cookie could still be detected. http://samy.pl/evercookie/ I sure hope there are some limits on where Javascript can write. This suggests the browser is bloody porous. Something I didn't know, would never have suspected. Waiting for my first .exe to get overwritten... Paul Hopefully Mozilla won't like their browser used this way and will provide protection from the cookies. I understand that these cookies can also be shared between browsers on the same computer. I don't consider this tracking, to me, it's hacking someone's computer. |
#19
|
|||
|
|||
Deleting cookies from computer.
Johnny wrote:
https://billmullins.wordpress.com/20...html5-cookies/ How interesting! Thanks for the head's up. |
#20
|
|||
|
|||
Deleting cookies from computer.
Paul in Houston TX wrote:
Johnny wrote: https://billmullins.wordpress.com/20...html5-cookies/ How interesting! Thanks for the head's up. Bleachbit uses XML files for control, with lines like this. It's multi-platform, so path names for more than one platform are present in the XML. There are 76 XML files in the Cleaners folder. action command="delete" search="walk.files" path="$localappdata\Mozilla\Profiles\default\Cache \"/ And for some reason, I don't see a firefox.xml, just a seamonkey.xml. Also, doing a text search on the source, I'm not seeing how they access sqlite to do a VACUUM. There is a claim they do a VACUUM to clean up unused space in .sglite files. So the source package is a bit weird looking. Not the evidence I was looking for. Why no Firefox.xml in there ? Where does the sqlite3 file come from ? Their builder script, also looks to pack (UPX) the Windows version. Which isn't that reassuring for guys like me. I don't have a good set of tools for UPX. I like to inspect things when I download them. I can always toss the thing into virustotal.com, but of course the people sourcing the package can also do that. When you click the "BleachBit portable (official)" link here... http://bleachbit.sourceforge.net/download/windows my downloader dialog says it comes from here. http://katana.oooninja.com/bleachbit...6-portable.zip So you should be aware it hasn't been scanned by sourceforge. It's an offsite link. Gets 3 hits out of 45. Could be related to packing, but who knows... https://www.virustotal.com/en/file/c...edbd/analysis/ The complexion of the package is quite different in the ZIP. It has an sqlite3.dll, so that answers the question how it can VACUUM an .sqlite file. Paul |
#21
|
|||
|
|||
Deleting cookies from computer.
Paul wrote:
Paul in Houston TX wrote: Johnny wrote: https://billmullins.wordpress.com/20...html5-cookies/ How interesting! Thanks for the head's up. Bleachbit uses XML files for control, with lines like this. It's multi-platform, so path names for more than one platform are present in the XML. There are 76 XML files in the Cleaners folder. action command="delete" search="walk.files" path="$localappdata\Mozilla\Profiles\default\Cache \"/ And for some reason, I don't see a firefox.xml, just a seamonkey.xml. Also, doing a text search on the source, I'm not seeing how they access sqlite to do a VACUUM. There is a claim they do a VACUUM to clean up unused space in .sglite files. So the source package is a bit weird looking. Not the evidence I was looking for. Why no Firefox.xml in there ? Where does the sqlite3 file come from ? Their builder script, also looks to pack (UPX) the Windows version. Which isn't that reassuring for guys like me. I don't have a good set of tools for UPX. I like to inspect things when I download them. I can always toss the thing into virustotal.com, but of course the people sourcing the package can also do that. When you click the "BleachBit portable (official)" link here... http://bleachbit.sourceforge.net/download/windows my downloader dialog says it comes from here. http://katana.oooninja.com/bleachbit...6-portable.zip So you should be aware it hasn't been scanned by sourceforge. It's an offsite link. Gets 3 hits out of 45. Could be related to packing, but who knows... https://www.virustotal.com/en/file/c...edbd/analysis/ The complexion of the package is quite different in the ZIP. It has an sqlite3.dll, so that answers the question how it can VACUUM an .sqlite file. Paul Thank you Paul. I got the evercookie from the link on your earlier post. It set some but they were all stored in flash cookies, no where else. Since I run a del bat file for those, they were all deleted and never came back. My bat del's the entire macromedia folder in xp and W7. I don't use HTLM5. SeaMonkey cache is set for RAM only, not hdd. |
#22
|
|||
|
|||
Deleting cookies from computer.
On Mon, 29 Jul 2013 15:36:58 -0400, Paul wrote:
Johnny wrote: On 7/28/2013 10:30 PM, Paul in Houston TX wrote: Paul wrote: Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul Yup. Few people know about Macromedia flash cookies. They are really insidious; tracking our streamed videos. I stopped using Flash because of the hidden persistent cookies, and because a lot of websites are using HTML5 Video, but now it looks like an even worse tracking cookie is available. The Forever Cookie. This is from an article I was reading that some people might find interesting: From Wikipedia: An Evercookie is not merely difficult to delete. It actively “resists” deletion by copying itself in different forms on the user’s machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available: Standard HTTP cookies Local Shared Objects (Flash cookies) Silverlight Isolated Storage Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out Storing cookies in Web history Storing cookies in HTTP ETags Storing cookies in Web cache window.name caching Internet Explorer userData storage HTML5 Session Storage HTML5 Local Storage HTML5 Global Storage HTML5 Database Storage via SQLite Hold on – there’s mo The developer is looking to add the following features: Caching in HTTP Authentication Using Java to produce a unique key based on NIC information. We’re not quite finished. https://billmullins.wordpress.com/20...html5-cookies/ Good catch. What a nightmare. At the end of this Arstechnica article, they mention a "Nevercookie" addon. http://arstechnica.com/security/2010...nts=1&start=40 Further info on Nevercookie. I hope the only source isn't the Anonymizer site. I prefer Addons to be vetted at least a little bit. http://www.securityweek.com/nevercoo...firefox-plugin All I can find on the anonymizer.com site is advertising. So I guess it was just a bait and switch. ******* If I saw evidence of that kind of tracking, I would simply use Procmon, track all writefile operations, and identify all the directories attacked in a browsing session. That would be a start at "leak detection". The author of Evercookie, has cookie test capability on his personal web page. You can use this to test your eradication capabilities. It plants a cookie, then reads out all the storage methods that worked (for the browser you chose to test with). Different browsers may give different results, so you'll need to test all the browsers you use normally. For example, I clicked his button, stayed on the page, did a "clear cookies", and the cookie could still be detected. http://samy.pl/evercookie/ I sure hope there are some limits on where Javascript can write. This suggests the browser is bloody porous. Something I didn't know, would never have suspected. Waiting for my first .exe to get overwritten... Have you tested it with NoScript? http://noscript.net/ -- Steve Hayes from Tshwane, South Africa Blog: http://khanya.wordpress.com E-mail - see web page, or parse: shayes at dunelm full stop org full stop uk |
#23
|
|||
|
|||
Deleting cookies from computer.
Paul in Houston TX wrote:
Paul wrote: Paul in Houston TX wrote: Johnny wrote: https://billmullins.wordpress.com/20...html5-cookies/ How interesting! Thanks for the head's up. Bleachbit uses XML files for control, with lines like this. It's multi-platform, so path names for more than one platform are present in the XML. There are 76 XML files in the Cleaners folder. action command="delete" search="walk.files" path="$localappdata\Mozilla\Profiles\default\Cache \"/ And for some reason, I don't see a firefox.xml, just a seamonkey.xml. Also, doing a text search on the source, I'm not seeing how they access sqlite to do a VACUUM. There is a claim they do a VACUUM to clean up unused space in .sglite files. So the source package is a bit weird looking. Not the evidence I was looking for. Why no Firefox.xml in there ? Where does the sqlite3 file come from ? Their builder script, also looks to pack (UPX) the Windows version. Which isn't that reassuring for guys like me. I don't have a good set of tools for UPX. I like to inspect things when I download them. I can always toss the thing into virustotal.com, but of course the people sourcing the package can also do that. When you click the "BleachBit portable (official)" link here... http://bleachbit.sourceforge.net/download/windows my downloader dialog says it comes from here. http://katana.oooninja.com/bleachbit...6-portable.zip So you should be aware it hasn't been scanned by sourceforge. It's an offsite link. Gets 3 hits out of 45. Could be related to packing, but who knows... https://www.virustotal.com/en/file/c...edbd/analysis/ The complexion of the package is quite different in the ZIP. It has an sqlite3.dll, so that answers the question how it can VACUUM an .sqlite file. Paul Thank you Paul. I got the evercookie from the link on your earlier post. It set some but they were all stored in flash cookies, no where else. Since I run a del bat file for those, they were all deleted and never came back. My bat del's the entire macromedia folder in xp and W7. I don't use HTLM5. SeaMonkey cache is set for RAM only, not hdd. I found another solution here. https://addons.mozilla.org/en-US/fir...es/?src=search That add-on works, as long as you delete things at shutdown. In one test, I selected the manual clearing the history function, and that seemed to help. For a second test run, I modified the options in Firefox, to keep my browsing history, but delete cookies at shutdown. For the test, I installed Flash plugin and Silverlight plugin, so there would be "lots of LSO" to work with. And no problem I could see there (unless I forgot to configure something). I tested in Windows 8, and I think I had Firefox 22. This test, I could eventually get this clear, on re-invoking Firefox. http://samy.pl/evercookie/ This test, was supposed to show something in the sidebar (which I haven't managed to see with the couple browsers tested so far. http://www.schneier.com/blog/archive...ercookies.html The only thing that add-on won't solve, is it doesn't include VACUUM. But if you were that worried about it, after Firefox exits, you could do the "sqlite cookies.sqlite VACUUM; " command, which should result in a 2048 byte cookie file. The session file (the one preserved on a Firefox crash), I don't really see a reason to fear that one. I haven't had a Firefox crash in some time - I do kill Firefox manually on purpose (from Task Manager), but that's so I can restore the previous session later (on the next invocation). The samy.pl site has another test you can run - the above plugin seems to take care of this as well, but I don't know why. This should still have worked, because I like to keep my browsing history, just not my cookies. And the CSS hack should have been able to abuse the history. http://samy.pl/csshack/ Paul |
#24
|
|||
|
|||
Deleting cookies from computer.
Paul wrote:
Paul in Houston TX wrote: Paul wrote: Paul in Houston TX wrote: Johnny wrote: https://billmullins.wordpress.com/20...html5-cookies/ How interesting! Thanks for the head's up. Bleachbit uses XML files for control, with lines like this. It's multi-platform, so path names for more than one platform are present in the XML. There are 76 XML files in the Cleaners folder. action command="delete" search="walk.files" path="$localappdata\Mozilla\Profiles\default\Cache \"/ And for some reason, I don't see a firefox.xml, just a seamonkey.xml. Also, doing a text search on the source, I'm not seeing how they access sqlite to do a VACUUM. There is a claim they do a VACUUM to clean up unused space in .sglite files. So the source package is a bit weird looking. Not the evidence I was looking for. Why no Firefox.xml in there ? Where does the sqlite3 file come from ? Their builder script, also looks to pack (UPX) the Windows version. Which isn't that reassuring for guys like me. I don't have a good set of tools for UPX. I like to inspect things when I download them. I can always toss the thing into virustotal.com, but of course the people sourcing the package can also do that. When you click the "BleachBit portable (official)" link here... http://bleachbit.sourceforge.net/download/windows my downloader dialog says it comes from here. http://katana.oooninja.com/bleachbit...6-portable.zip So you should be aware it hasn't been scanned by sourceforge. It's an offsite link. Gets 3 hits out of 45. Could be related to packing, but who knows... https://www.virustotal.com/en/file/c...edbd/analysis/ The complexion of the package is quite different in the ZIP. It has an sqlite3.dll, so that answers the question how it can VACUUM an .sqlite file. Paul Thank you Paul. I got the evercookie from the link on your earlier post. It set some but they were all stored in flash cookies, no where else. Since I run a del bat file for those, they were all deleted and never came back. My bat del's the entire macromedia folder in xp and W7. I don't use HTLM5. SeaMonkey cache is set for RAM only, not hdd. I found another solution here. https://addons.mozilla.org/en-US/fir...es/?src=search That add-on works, as long as you delete things at shutdown. And for anyone who thinks this is "the final solution", it just hasn't been tested against enough test cases yet. There will always be some smart-ass developer out there, with their own hack. Paul |
#25
|
|||
|
|||
Deleting cookies from computer.
On Sun, 28 Jul 2013 23:07:35 -0400, Paul
wrote: Peter Jason wrote: On Sun, 28 Jul 2013 19:54:50 -0500, Johnny wrote: On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. Thanks, I have downloaded them for a try. Peter Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul I keep getting these cookies revealed by CCleaner whenever FF starts up and closes........ THe Ccleaner deletes them, but they are regenerated whenever FF starts up. I have the SysInternals, and is there any way to catch the program involved by seeing which is active the moment FF starts up? Presumably the program must show some activity to regenerate the list. Removed Cookie: search.conduit.com 0 KB Removed Cookie: ru4.com 0 KB Removed Cookie: 247realmedia.com 0 KB Removed Cookie: realmedia.com 0 KB Removed Cookie: www.acxiom.com 0 KB Removed Cookie: adadvisor.net 0 KB Removed Cookie: adcentriconline.com 0 KB Removed Cookie: afy11.net 0 KB Removed Cookie: nspmotion.com 0 KB Removed Cookie: heias.com 0 KB Removed Cookie: abmr.net 0 KB Removed Cookie: imiclk.com 0 KB Removed Cookie: ask.com 0 KB Removed Cookie: atdmt.com 0 KB Removed Cookie: revsci.net 0 KB Removed Cookie: bizographics.com 0 KB Removed Cookie: bluekai.com 0 KB Removed Cookie: btrll.com 0 KB Removed Cookie: btbuckets.com 0 KB Removed Cookie: casalemedia.com 0 KB Removed Cookie: choicestream.com 0 KB Removed Cookie: collective-media.net 0 KB Removed Cookie: data.cmcore.com 0 KB Removed Cookie: data.coremetrics.com 0 KB Removed Cookie: exelator.com 0 KB Removed Cookie: load.exelator.com 0 KB Removed Cookie: serving-sys.com 0 KB Removed Cookie: adsfac.sg 0 KB Removed Cookie: adsfac.us 0 KB Removed Cookie: adsfac.net 0 KB Removed Cookie: adsfac.eu 0 KB Removed Cookie: fetchback.com 0 KB Removed Cookie: fwmrm.net 0 KB Removed Cookie: doubleclick.net 0 KB Removed Cookie: hitbox.com 0 KB Removed Cookie: interclick.com 0 KB Removed Cookie: crwdcntrl.net 0 KB Removed Cookie: media6degrees.com 0 KB Removed Cookie: mathtag.com 0 KB Removed Cookie: msn.com 0 KB Removed Cookie: live.com 0 KB Removed Cookie: bing.com 0 KB Removed Cookie: microsoft.com 0 KB Removed Cookie: mmismm.com 0 KB Removed Cookie: nexac.com 0 KB Removed Cookie: nuggad.net 0 KB Removed Cookie: openx.net 0 KB Removed Cookie: ad.us-ec.adtechus.com 0 KB Removed Cookie: adserverec.adtechus.com 0 KB Removed Cookie: adserverwc.adtechus.com 0 KB Removed Cookie: glb.adtechus.com 0 KB Removed Cookie: precisionclick.com 0 KB Removed Cookie: adsonar.com 0 KB Removed Cookie: questionmarket.com 0 KB Removed Cookie: smartadserver.com 0 KB Removed Cookie: meetic-partners.com 0 KB Removed Cookie: horyzon-media.com 0 KB Removed Cookie: specificmedia.com 0 KB Removed Cookie: specificclick.net 0 KB Removed Cookie: adviva.net 0 KB Removed Cookie: spotexchange.com 0 KB Removed Cookie: trafficmp.com 0 KB Removed Cookie: tribalfusion.com 0 KB Removed Cookie: adlegend.com 0 KB Removed Cookie: turn.com 0 KB Removed Cookie: mediaplex.com 0 KB Removed Cookie: yahoo.com 0 KB Removed Cookie: adrevolver.com 0 KB Removed Cookie: ads.undertone.com 0 KB Removed Cookie: 33across.com 0 KB Removed Cookie: quantserve.com 0 KB Removed Cookie: rfihub.com 0 KB Removed Cookie: amgdgt.com 0 KB Removed Cookie: ads.pointroll.com 0 KB Removed Cookie: atwola.com 0 KB Removed Cookie: advertising.com 0 KB Removed Cookie: chitika.net 0 KB Removed Cookie: kontera.com 0 KB Removed Cookie: www.burstnet.com 0 KB Removed Cookie: adbrite.com 0 KB Removed Cookie: pulse360.com 0 KB Removed Cookie: contextweb.com 0 KB Removed Cookie: yumenetworks.com 0 KB Removed Cookie: www.yumenetworks.com 0 KB Removed Cookie: navdmp.com 0 KB Removed Cookie: adap.tv 0 KB Removed Cookie: saymedia.com 0 KB Removed Cookie: displaymarketplace.com 0 KB Removed Cookie: www.tattomedia.com 0 KB Removed Cookie: adinterax.com 0 KB Removed Cookie: adotube.com 0 KB Removed Cookie: lucidmedia.com 0 KB Removed Cookie: eyewonder.com 0 KB Removed Cookie: adblade.com 0 KB Removed Cookie: adshuffle.com 0 KB Removed Cookie: dotomi.com 0 KB Removed Cookie: amazon.com 0 KB Removed Cookie: vizu.com 0 KB Removed Cookie: fimserve.com 0 KB Removed Cookie: opt.fimserve.com 0 KB Removed Cookie: rubiconproject.com 0 KB Removed Cookie: intellitxt.com 0 KB Removed Cookie: gigya.com 0 KB Removed Cookie: addthis.com 0 KB Removed Cookie: sharethis.com 0 KB Removed Cookie: ads.us.e-planning.net 0 KB Removed Cookie: www.flashtalking.com 0 KB Removed Cookie: weborama.fr 0 KB Removed Cookie: effectivemeasure.net 0 KB Removed Cookie: richrelevance.com 0 KB Removed Cookie: tumri.net 0 KB Removed Cookie: tradedoubler.com 0 KB Removed Cookie: demdex.net 0 KB Removed Cookie: pubmatic.com 0 KB Removed Cookie: aggregateknowledge.com 0 KB Removed Cookie: rotator.adjuggler.com 0 KB Removed Cookie: tremormedia.com 0 KB Removed Cookie: tag.admeld.com 0 KB Removed Cookie: brand.net 0 KB Removed Cookie: optmd.com 0 KB Removed Cookie: scanscout.com 0 KB Removed Cookie: outbrain.com 0 KB Removed Cookie: snap.com 0 KB Removed Cookie: channelintelligence.com 0 KB Removed Cookie: ytsa.net 0 KB Removed Cookie: smtad.net 0 KB Removed Cookie: xgraph.net 0 KB Removed Cookie: ads.bridgetrack.com 0 KB Removed Cookie: adroll.com 0 KB Removed Cookie: connextra.com 0 KB Removed Cookie: proximic.com 0 KB Removed Cookie: owneriq.net 0 KB Removed Cookie: criteo.com 0 KB Removed Cookie: pulsemgr.com 0 KB Removed Cookie: w55c.net 0 KB Removed Cookie: scorecardresearch.com 0 KB Removed Cookie: fastclick.net 0 KB Removed Cookie: struq.com 0 KB Removed Cookie: invitemedia.com 0 KB Removed Cookie: beencounter.com 0 KB Removed Cookie: vindicosuite.com 0 KB Removed Cookie: netmng.com 0 KB Removed Cookie: traveladvertising.com 0 KB Removed Cookie: amadesa.com 0 KB Removed Cookie: gbid.adbuyer.com 0 KB Removed Cookie: connect.wunderloop.net 0 KB Removed Cookie: everesttech.net 0 KB Removed Cookie: adchemy.com 0 KB Removed Cookie: delivery.ctasnet.com 0 KB Removed Cookie: tidaltv.com 0 KB Removed Cookie: raasnet.com 0 KB Removed Cookie: rlcdn.com 0 KB Removed Cookie: monster.com 0 KB Removed Cookie: eyereturn.com 0 KB Removed Cookie: netseer.com 0 KB Removed Cookie: www.halogenmediagroup.com 0 KB Removed Cookie: halogennetwork.com 0 KB Removed Cookie: adgear.com 0 KB Removed Cookie: mythings.com 0 KB Removed Cookie: hurra.com 0 KB Removed Cookie: yieldoptimizer.com 0 KB Removed Cookie: mxptint.net 0 KB Removed Cookie: esm1.net 0 KB Removed Cookie: tellapart.com 0 KB Removed Cookie: mixpo.com 0 KB Removed Cookie: adready.com 0 KB Removed Cookie: mookie1.com 0 KB Removed Cookie: domdex.com 0 KB Removed Cookie: legolas-media.com 0 KB Removed Cookie: spongecell.com 0 KB Removed Cookie: www.inadcoads.com 0 KB Removed Cookie: lijit.com 0 KB Removed Cookie: visiblemeasures.com 0 KB Removed Cookie: ds.reson8.com 0 KB Removed Cookie: ad.wsod.com 0 KB Removed Cookie: triggit.com 0 KB Removed Cookie: tracking.quisma.com 0 KB Removed Cookie: keewurd.com 0 KB Removed Cookie: vitamine.networldmedia.net 0 KB Removed Cookie: p.brilig.com 0 KB Removed Cookie: infra-ad.com 0 KB Removed Cookie: chango.com 0 KB Removed Cookie: newtention.net 0 KB Removed Cookie: tracking.reedge.com 0 KB Removed Cookie: optout.ib-ibi.com 0 KB Removed Cookie: adv.adsbwm.com 0 KB Removed Cookie: mybuys.com 0 KB Removed Cookie: veruta.com 0 KB Removed Cookie: mediaforge.com 0 KB Removed Cookie: wtp101.com 0 KB Removed Cookie: gwallet.com 0 KB Removed Cookie: korrelate.net 0 KB Removed Cookie: svc.pch.com 0 KB Removed Cookie: convertro.com 0 KB Removed Cookie: simpli.fi 0 KB Removed Cookie: www.bnmla.com 0 KB Removed Cookie: meebo.com 0 KB Removed Cookie: server.cpmstar.com 0 KB Removed Cookie: stage.traffiliate.com 0 KB Removed Cookie: ads.creative-serving.com 0 KB Removed Cookie: www.adsrvr.org 0 KB Removed Cookie: glam.com 0 KB Removed Cookie: liverail.com 0 KB Removed Cookie: cmadseu.com 0 KB Removed Cookie: cognitivematch.com 0 KB Removed Cookie: nxtck.com 0 KB Removed Cookie: crosspixel.net 0 KB Removed Cookie: p-td.com 0 KB Removed Cookie: tynt.com 0 KB Removed Cookie: forbes.com 0 KB Removed Cookie: a.intentmedia.net 0 KB Removed Cookie: keyade.com 0 KB Removed Cookie: rovion.com 0 KB Removed Cookie: admailtiser.com 0 KB Removed Cookie: adjug.com 0 KB Removed Cookie: delivery.switchadhub.com 0 KB Removed Cookie: audienceiq.com 0 KB Removed Cookie: medicxmedia.com 0 KB Removed Cookie: sageanalyst.net 0 KB Removed Cookie: viglink.com 0 KB Removed Cookie: tubemogul.com 0 KB Removed Cookie: steelhousemedia.com 0 KB Removed Cookie: oggifinogi.com 0 KB Removed Cookie: psa.sophus3.com 0 KB Removed Cookie: www.etracker.de 0 KB Removed Cookie: sensic.net 0 KB Removed Cookie: hit.gemius.pl 0 KB Removed Cookie: hit.stat.pl 0 KB Removed Cookie: hit.stat24.com 0 KB Removed Cookie: qoof.com 0 KB Removed Cookie: decideinteractive.com 0 KB Removed Cookie: decdna.net 0 KB Removed Cookie: zedo.com 0 KB Removed Cookie: apture.com 0 KB Removed Cookie: adform.net 0 KB Removed Cookie: pswec.com 0 KB Removed Cookie: martiniadnetwork.com 0 KB Removed Cookie: adriver.ru 0 KB Removed Cookie: c3tag.com 0 KB Removed Cookie: xiti.com 0 KB Removed Cookie: affinesystems.com 0 KB Removed Cookie: gmads.net 0 KB Removed Cookie: gravity.com 0 KB Removed Cookie: smowtion.com 0 KB Removed Cookie: webtrekk.net 0 KB Removed Cookie: vdopia.com 0 KB Removed Cookie: mydas.mobi 0 KB Removed Cookie: www.adpredictive.com 0 KB Removed Cookie: adfarm1.adition.com 0 KB Removed Cookie: analogdemographics.com 0 KB Removed Cookie: www.monoloop.com/product/privacy-policy 0 KB Removed Cookie: ad.yieldmanager.com 0 KB Removed Cookie: datvantage.com 0 KB Removed Cookie: tapad.com 0 KB Removed Cookie: webtraffic.se 0 KB Removed Cookie: simply.com 0 KB Removed Cookie: pro-market.net 0 KB Removed Cookie: rtbidder.net 0 KB Removed Cookie: goldspotmedia.com 0 KB Removed Cookie: vizury.com 0 KB Removed Cookie: jumptap.com 0 KB Removed Cookie: medialytics.com 0 KB Removed Cookie: adsymptotic.com 0 KB Removed Cookie: clover.com 0 KB Removed Cookie: adnxs.com 0 KB Removed Cookie: dmtry.com 0 KB Removed Cookie: medrx.sensis.com.au 0 KB Removed Cookie: advertserve.com 0 KB Removed Cookie: network.bazaarvoice.com 0 KB Removed Cookie: connexity.net 0 KB Removed Cookie: ads.audience2media.com 0 KB Removed Cookie: excitad.com 0 KB Removed Cookie: ads.adacado.com 0 KB Removed Cookie: adgenie.co.uk 0 KB Removed Cookie: adyard.de 0 KB Removed Cookie: groovinads.com 0 KB Removed Cookie: ipromote.com 0 KB Removed Cookie: 254a.com 0 KB Removed Cookie: amxdt.com 0 KB Removed Cookie: adspirit.de 0 KB Removed Cookie: acuityplatform.com 0 KB Removed Cookie: www.piximedia.com 0 KB Removed Cookie: pictela.net 0 KB Removed Cookie: jasperlabs.com 0 KB Removed Cookie: roia.biz/ts 0 KB Removed Cookie: roia.biz/im 0 KB Removed Cookie: adknife.com 0 KB Removed Cookie: go.affec.tv 0 KB Removed Cookie: relestar.com 0 KB Removed Cookie: appssavvy.net 0 KB Removed Cookie: merchenta.com 0 KB Removed Cookie: ez.n.btbuckets.com 0 KB Removed Cookie: widdit.com 0 KB Removed Cookie: skimlinks.com 0 KB Removed Cookie: skimresources.com 0 KB Removed Cookie: po.st 0 KB Removed Cookie: adtech.de 0 KB Removed Cookie: www.inskinad.com 0 KB Removed Cookie: adhaven.com 0 KB Removed Cookie: p.liadm.com 0 KB Removed Cookie: sitecompass.com 0 KB Removed Cookie: innity.com 0 KB Removed Cookie: adextent.com 0 KB Removed Cookie: impact-ad.jp 0 KB Removed Cookie: adserver.mobsmith.com 0 KB Removed Cookie: qwobl.net 0 KB Removed Cookie: send.microad.jp 0 KB Removed Cookie: gsimedia.net 0 KB Peter |
#26
|
|||
|
|||
Deleting cookies from computer.
Peter Jason wrote:
On Sun, 28 Jul 2013 23:07:35 -0400, Paul wrote: Peter Jason wrote: On Sun, 28 Jul 2013 19:54:50 -0500, Johnny wrote: On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. Thanks, I have downloaded them for a try. Peter Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul I keep getting these cookies revealed by CCleaner whenever FF starts up and closes........ THe Ccleaner deletes them, but they are regenerated whenever FF starts up. I have the SysInternals, and is there any way to catch the program involved by seeing which is active the moment FF starts up? Presumably the program must show some activity to regenerate the list. Removed Cookie: search.conduit.com 0 KB Removed Cookie: gsimedia.net 0 KB Peter I recommend the following (as I pointed out in a previous post). I found this Firefox add-on. This is a portion of battling the Evercookie Javascript exploit. https://addons.mozilla.org/en-US/fir...es/?src=search To test whether it is working, Samy's web page has some test buttons you can use. You can set an Evercookie (containing a random number between 1 and 1000), do your best to erase the Evercookie, then reenter the browser, go back to that web page, and see if the random number is still being displayed (i.e. cookie was recovered successfully by Evercookie). http://samy.pl/evercookie/ What I found, is the "Self-Destructing-Cookies" add-on, was not enough by itself. I had to go the Preferences panel in Firefox, and set it to empty things like cookies.sqlite at shutdown. That seemed to help. Once I did that, I could use the Samy.pl site, set a cookie, exit Firefox, start Firefox, go back to the Samy.pl page, and the random number between 1-1000 was no longer detectable. As a bonus, the combo above also stops this one, but it really shouldn't have. I don't delete my browsing history, and choose to keep it (as a poor man's bookmarks, in a sense). If I need to recover a URL for a page I visited in the last couple of days for some reason, I use my history for that. http://samy.pl/csshack/ What I suspect in your case, is you have an add-on which *puts back* cookies in the browser. Apparently there is a plugin which puts "bogus" cookies in the browser, to screw up these advertising sites. And that plugin, and "self-destructing-cookies" plugin, are not a good match for one another. You have to decide which philosophy you're going to use - either erasing cookies, or try and "jam" fake cookies into the browser, making the cookie contents useless. Note that, with the Evercookie method, faking cookies is no longer as effective as it used to be. To effectively fake a cookie, you would need to use Evercookie javascript code to load the fake cookie into the browser, so there are ten different copies of the fake, and no good copies to be seen. Try listing your add-ons, and see if one of them is responsible for the fake cookies. Since the "filesize" field is zero bytes, that tells me you've got fakes working for you. One of your add-ons is doing that. I also recommend you become familiar with sqlite.exe and the ..dump option. You look at all the .sqlite files in your profile, and that will give you some idea how many of them have "interesting" information. Your browsing history for example, can be a huge database, with as many as 20,000 URLs in it. Paul |
#27
|
|||
|
|||
Deleting cookies from computer.
On Tue, 30 Jul 2013 22:51:43 -0400, Paul
wrote: Peter Jason wrote: On Sun, 28 Jul 2013 23:07:35 -0400, Paul wrote: Peter Jason wrote: On Sun, 28 Jul 2013 19:54:50 -0500, Johnny wrote: On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. Thanks, I have downloaded them for a try. Peter Flash cookies are stored in a different place. The word "Macromedia" may be in the path. C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys And the Flash control panel, has a delete option. I just tested it (there were three entries in the folder with "#" character in their names), and all three were deleted by the Delete button in the Flash control panel. Paul I keep getting these cookies revealed by CCleaner whenever FF starts up and closes........ THe Ccleaner deletes them, but they are regenerated whenever FF starts up. I have the SysInternals, and is there any way to catch the program involved by seeing which is active the moment FF starts up? Presumably the program must show some activity to regenerate the list. Removed Cookie: search.conduit.com 0 KB Removed Cookie: gsimedia.net 0 KB Peter I recommend the following (as I pointed out in a previous post). I found this Firefox add-on. This is a portion of battling the Evercookie Javascript exploit. https://addons.mozilla.org/en-US/fir...es/?src=search To test whether it is working, Samy's web page has some test buttons you can use. You can set an Evercookie (containing a random number between 1 and 1000), do your best to erase the Evercookie, then reenter the browser, go back to that web page, and see if the random number is still being displayed (i.e. cookie was recovered successfully by Evercookie). http://samy.pl/evercookie/ What I found, is the "Self-Destructing-Cookies" add-on, was not enough by itself. I had to go the Preferences panel in Firefox, and set it to empty things like cookies.sqlite at shutdown. That seemed to help. Once I did that, I could use the Samy.pl site, set a cookie, exit Firefox, start Firefox, go back to the Samy.pl page, and the random number between 1-1000 was no longer detectable. As a bonus, the combo above also stops this one, but it really shouldn't have. I don't delete my browsing history, and choose to keep it (as a poor man's bookmarks, in a sense). If I need to recover a URL for a page I visited in the last couple of days for some reason, I use my history for that. http://samy.pl/csshack/ What I suspect in your case, is you have an add-on which *puts back* cookies in the browser. Apparently there is a plugin which puts "bogus" cookies in the browser, to screw up these advertising sites. And that plugin, and "self-destructing-cookies" plugin, are not a good match for one another. You have to decide which philosophy you're going to use - either erasing cookies, or try and "jam" fake cookies into the browser, making the cookie contents useless. Note that, with the Evercookie method, faking cookies is no longer as effective as it used to be. To effectively fake a cookie, you would need to use Evercookie javascript code to load the fake cookie into the browser, so there are ten different copies of the fake, and no good copies to be seen. Try listing your add-ons, and see if one of them is responsible for the fake cookies. Since the "filesize" field is zero bytes, that tells me you've got fakes working for you. One of your add-ons is doing that. I also recommend you become familiar with sqlite.exe and the .dump option. You look at all the .sqlite files in your profile, and that will give you some idea how many of them have "interesting" information. Your browsing history for example, can be a huge database, with as many as 20,000 URLs in it. Paul Thanks, and success! They've all disappeared though I'll wait a while and check again.. Peter |
#28
|
|||
|
|||
Deleting cookies from computer.
On 28/07/2013 5:54 PM, Johnny wrote:
On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. I deal with the problem by clearing current history (click on Firefox at the top left, mouse over History to get the option to click on) every time I exit Firefox. Very easy, very quick. |
#29
|
|||
|
|||
Deleting cookies from computer.
On 8/1/2013 2:57 PM, Anthony Buckland wrote:
On 28/07/2013 5:54 PM, Johnny wrote: On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. I deal with the problem by clearing current history (click on Firefox at the top left, mouse over History to get the option to click on) every time I exit Firefox. Very easy, very quick. If you don't want to be tracked, the cookies should not be allowed to be installed. The extension Ghostery takes care of the regular cookies, and Better Privacy takes care of the Flash cookies. Now there is a new type of cookie to deal with, it's the Evercookie that resists deletion, and is stored in many different places in the browser, and will regenerate the the cookies that are found and deleted. I thought is was wonderful that Adobe Flash would finally be replaced by HTML5 video, but it is going to be worse than Adobe Flash Player. |
#30
|
|||
|
|||
Deleting cookies from computer.
Anthony Buckland wrote:
On 28/07/2013 5:54 PM, Johnny wrote: On 7/28/2013 7:28 PM, Peter Jason wrote: Win7 SPi Firefox 22 I have turned off the cookies in Firefox, but when I run CCleaner the same set always appears on its result screen. Where are the cookies stored in Windows Explorer so that I check it out? The cookies always appear only when I start up Firefox. Peter Get these two extensions for Firefox: Better Privacy Foundstone HTML5 Local Storage Explorer Just click on Firefox in the upper left hand corner of the screen and then click on addons and search for them. You can then delete them or block them. You probably have Adobe Flash Player installed. That's where the cookies are coming from. I deal with the problem by clearing current history (click on Firefox at the top left, mouse over History to get the option to click on) every time I exit Firefox. Very easy, very quick. Test your methods, with this site. http://samy.pl/evercookie/ Plant a cookie by clicking the button. Exit the browser, do whatever you would normally do to remove the cookie. Now, start the browser again. Does the samy.pl Javascript recover the random number it planted ? If so, your methodology needs to be beefed up, and the hole found. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|