Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Nevercookie Eats Evercookie With New Firefox Plugin

Update – The company has since released a beta version of the Nevercookie plug-in

Update – The company has since released a beta version of the Nevercookie plug-in

Anonymizer, Inc., a company that helps protect consumer’s privacy and offers anonymity solutions, announced today that it has developed Anonymizer Nevercookie, a free Firefox plugin that protects against the Evercookie, a javascript API built and made available by Samy Kamkar (same guy who brought you the Samy Worm and XSS Hacking to Determine Physical Location) who set out to prove that the more you store and the more places you store it, the harder it is for users to control a Web site’s ability to uniquely identify their computer.Nevercookie Plugin

The plugin extends Firefox’s private browsing mode by preventing Evercookies from identifying and tracking users.

“Recent developments in Web tracking technologies have rendered the privacy tools built into browsers almost completely ineffective,” said Lance Cottrell, founder and chief scientist for Anonymizer. “Anonymizer Nevercookie will close the gap between Firefox’s privacy features and actual privacy so that when you go into private browsing mode, you are truly protected.”

Evercookie is a new, more persistent cookie form that enables the storage of cookie data in a number of different locations, such as Flash cookies and various locations of HTML5 storage. This allows websites to track user behavior even when users have enabled private browsing. Because an Evercookie stores data in locations outside of where standard cookies are stored, an Evercookie can rebuild itself unless users go through a number of steps to completely clear and reset their local storage.

Anonymizer Nevercookie simplifies this process and eliminates the manual steps required to completely remove Evercookies. And it does so without also removing all of the necessary cookies that a user actually wants to keep, such as those for browsing history and remembered logins. When Anonymizer Nevercookie is engaged along with Firefox’s private browsing mode, it quarantines an Evercookie and removes it after the browsing session.Subscribe to SecurityWeek

Dr. Elie Burzstein, a noted Web security researcher at the Stanford University Research Lab, stated: “My testing and review found that when using Anonymizer Nevercookie along with Firefox’s private browsing mode, users are protected from all of the currently known tracking systems that use browser features to follow users across multiple sessions, such as Evercookie. Specifically, Nevercookie prevents abuse to both the Adobe Flash Local Storage Object (LSO) and Microsoft’s Silverlight Isolated Storage (MIS).”

The company says that Nevercookie will be available as a free download later this month.

Update: More technical details are available here:  http://www.anonymizer.com/learningcenter/#lc_labs

Have you tossed your cookies lately?

Advertisement. Scroll to continue reading.
Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.