On one of the e-mail lists that I follow that focuses on security, one of the threads caught my eye as I was working my way through the volumes of e-mail.
Apparently, Adobe Flash Player has a cookie tracking mechanism built into it.
“Oh really?” you might say. What does this mean for me?
Well, think about the last In-Private browsing session that was used while working on a client machine with IE8 installed. We use In-Private to browse our own business specific sites if there is a spontaneous need while at a client site and working on their system.
Apparently, the IE8 In-Private feature, or any other browser’s similar feature, does not coordinate with Flash Player!
This was brought to my attention by fellow MVP Derek Knight:
- Security and Privacy Blog: Sites pulling sneaky Flash cookie-snoop • The Register
There are a number of ways to deal with this situation.
One is to manage the cookies on Adobe’s Web site:
There is something that is just not comfortable about the above procedure.
From there, we can manage them locally:
- C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DataFolder
All of the cookies will be contained in some randomly named DataFolder under #SharedObjects.
Or, Derek mentions a tool on his blog post that will take them out in one fell swoop:
The nice thing about Steelworxs Steelworx Flush Flash is that it is both Windows and Mac (Leopard and up) friendly.
This little blindside was definitely a wakeup call to make sure to discover all of the tracking mechanisms that can be used on our systems.
The original study on the subject:
Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book
*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.
1 comment:
Yet another reason for using something like Portable Firefox with the NoScript plugin.
Or if you must use IE, then use IE7Pro to help block unwanted web content.
Post a Comment