We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What are Active Cookies?

By R. Kayne
Updated: May 17, 2024
Views: 9,293
Share

Active cookies, also known as soft tokens, might be able to help defend Internet users from pharming. Pharming is a more sophisticated form of phishing, an attack that tricks a user into thinking he or she is visiting a legitimate site of business and unwittingly giving over personal information to the thief.

In a phishing attack, the thief designs a website that duplicates a known site of business. The thief then sends spam, encouraging people to visit the site to update information or take advantage of a promotion. When users click on the link within the email, they are taken to the fake site to divulge critical information. Hence, savvy users enter website addresses manually or use bookmarks. Those who do click on email links might spot the website address as being spelled incorrectly, saving themselves from a scam. However, none of these precautions will help spot a pharming scam.

Pharming accomplishes the same thing as phishing, but with more stealth and without spam. In this case, the thief plants false code on the domain name server (DNS) itself, so that anyone who enters the correct website address will be directed by the DNS to the fake site. Surfers have no way of knowing they are not at the legitimate site, but active cookies might be able to alert them.

Active cookies are an outgrowth of standard computer cookies. A standard cookie is a bit of text code that your browser shares with a site upon visiting. The site and the browser pass the cookie back and forth transparently, while the cookie identifies your browser to the site. Depending on its purpose, a cookie holds certain information like registration, password, and in some cases, previous purchases, account information or other relevant data. The cookie makes it convenient for a user to revisit a site without having to re-enter personal information upon each visit.

Researchers at Indiana University, along with RavenWhite Inc., have developed new active cookies. Active cookies not only hold information about the user’s identification, but also an archived address of the legitimate site. When authentication takes place between the website and an active cookie, the cookie tells the browser not only to respond through the usual channel, but also to send a duplicate message directly to the archived address, bypassing any middleman. If the website server only receives one correct response from the active cookie, it triggers an alert to freeze access to the account.

Active cookies might also employ additional measures, such as providing instructions to display a unique graphic on the legitimate site. If the customer does not see his or her custom graphic, this will be an obvious tip-off that the site is pharmed. Active cookies will be initiated server-side by companies that believe they could be helpful to customers. Though active cookies can provide an extra layer of security, they aren’t perfect. Changing computers or browsers, or purging the cache where active cookies are stored, will eliminate the benefits.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
By luna49 — On Oct 12, 2009

Several sites I access regularly use the unique graphic method to ensure the site is legitimate. I never knew that deleting all my cookies would cause a problem with this -- I've never had a problem in the past.

Share
https://www.wisegeek.net/what-are-active-cookies.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.