Web cookies (also called HTTP cookies, browser cookies, or simply cookies) are small pieces of data that websites store on your device (computer, phone, etc.) through your web browser. They are used to remember information about you and your interactions with the site.
Purpose of Cookies:
Session Management:
Keeping you logged in
Remembering items in a shopping cart
Saving language or theme preferences
Personalization:
Tailoring content or ads based on your previous activity
Tracking & Analytics:
Monitoring browsing behavior for analytics or marketing purposes
Types of Cookies:
Session Cookies:
Temporary; deleted when you close your browser
Used for things like keeping you logged in during a single session
Persistent Cookies:
Stored on your device until they expire or are manually deleted
Used for remembering login credentials, settings, etc.
First-Party Cookies:
Set by the website you're visiting directly
Third-Party Cookies:
Set by other domains (usually advertisers) embedded in the website
Commonly used for tracking across multiple sites
Authentication cookies are a special type of web cookie used to identify and verify a user after they log in to a website or web application.
What They Do:
Once you log in to a site, the server creates an authentication cookie and sends it to your browser. This cookie:
Proves to the website that you're logged in
Prevents you from having to log in again on every page you visit
Can persist across sessions if you select "Remember me"
What's Inside an Authentication Cookie?
Typically, it contains:
A unique session ID (not your actual password)
Optional metadata (e.g., expiration time, security flags)
Analytics cookies are cookies used to collect data about how visitors interact with a website. Their primary purpose is to help website owners understand and improve user experience by analyzing things like:
How users navigate the site
Which pages are most/least visited
How long users stay on each page
What device, browser, or location the user is from
What They Track:
Some examples of data analytics cookies may collect:
Page views and time spent on pages
Click paths (how users move from page to page)
Bounce rate (users who leave without interacting)
User demographics (location, language, device)
Referring websites (how users arrived at the site)
Here’s how you can disable cookies in common browsers:
1. Google Chrome
Open Chrome and click the three vertical dots in the top-right corner.
Go to Settings > Privacy and security > Cookies and other site data.
Choose your preferred option:
Block all cookies (not recommended, can break most websites).
Block third-party cookies (can block ads and tracking cookies).
2. Mozilla Firefox
Open Firefox and click the three horizontal lines in the top-right corner.
Go to Settings > Privacy & Security.
Under the Enhanced Tracking Protection section, choose Strict to block most cookies or Custom to manually choose which cookies to block.
3. Safari
Open Safari and click Safari in the top-left corner of the screen.
Go to Preferences > Privacy.
Check Block all cookies to stop all cookies, or select options to block third-party cookies.
4. Microsoft Edge
Open Edge and click the three horizontal dots in the top-right corner.
Go to Settings > Privacy, search, and services > Cookies and site permissions.
Select your cookie settings from there, including blocking all cookies or blocking third-party cookies.
5. On Mobile (iOS/Android)
For Safari on iOS: Go to Settings > Safari > Privacy & Security > Block All Cookies.
For Chrome on Android: Open the app, tap the three dots, go to Settings > Privacy and security > Cookies.
Be Aware:
Disabling cookies can make your online experience more difficult. Some websites may not load properly, or you may be logged out frequently. Also, certain features may not work as expected.
The email you just acted on by following an hyperlink was a fake phishing email. As a potential participant to CyberSEED’15, you were included in this exercise to raise awareness about phishing threats and to help sidestep real attacks. This exercise is organized under the auspices of CyberSEED’15 organized by the Comcast Center of Excellence for Security Innovation (CSI). Please do not share your experience with colleagues, so they can learn too.
Our hope is that this exercise will help educate our attendees prior to the event date. Did you notice any of the odd clues to showing it was a fake phishing email? It could have been recognized by the oddly formed email address using a .early-checkin.com address instead of .org, the strange alternation of capital and lowercase lettering, and the irregularity in the sign-off compared to official CyberSEED emails. More information on phishing is presented below. You can look forward to hearing more about the results of this effort on CyberSEED 2015’s kick off on October 29th.
Stay Alert for Phishing Emails Scam emails put you and your employer at risk
This was a test – a real phishing email could have given hackers access to sensitive information, compromised your company’s network, or downloaded a virus
Beware of These Warning Signs
Unsolicited emails that urge you to act quickly
Emails that ask for private data, including account numbers and personal information (social security numbers, license numbers, etc.)
Random requests to reset or update passwords
Email Safety Tips
Never reply to an unsolicited email that requests sensitive information
Verify claims and offers via trusted websites or known phone numbers
Do not click or respond to suspicious emails
Ask your IT department for advice if you’re unsure