Institute of Technology,

Nirma University.
M.Tech CASAD Semester I
Cyber Security 2014-2015
Sem II
Assignment III
Tejas M. Patil
Roll no. 14MCLC22
M. Tech. 1st Year
Due date - 14th March 2015

Question 1.1
Why websites tracks the user activities? Give 3 examples.
Answer,- Websites track user activities to understand the pattern in their
web browsing, subsequently profiling their needs, interests and frequent visits.
Websites can make money off of this information by selling it to interested
buyers or using to increase the number of hits on their websites.
Examples
Google sponsored ads They are based on our google searches. Also they
are available on lots of google sponsored website.
Youtube Video suggestions on youtube are chiefly based on our previous
youtube history.
Others trackers such as Facebook connect, Google analytics, Taboola
which can be seen through Ghostery Add on in Firefox.

Question 1.2
Why websites uses the cookies? What are that? How they are used ? How
twitter and facebook are using cookies?
Answer,Cookies are used by website to temporarily store the personal settings on our
hard drive. Cookies are popular because they solve a big problem for Web sites.
Cookie allows a site to store state of our browsing information on our machine.
There are many reasons a given site would wish to use cookies. These range
from the ability to personalize information (like on My Yahoo or Excite), or to
help with on-line sales/services (like on Amazon Books or eBay), or simply for
the purposes of collecting demographic information (like DoubleClick). Cookies
also provide programmers with a quick and convenient means of keeping site
content fresh and relevant to the users interests.
According to twitter official website : They use cookies for1. Authentication and security
2. Preferences
3. Analytics and research
4. Personalized content
5. Advertising
According to Facebook official website : They use cookies for1. Authentication
2

2. Security and site integrity

3. Advertising, insights and measurement
4. Localization
5. Site features and services
6. Performance
7. Analytics and research

Question 1.3
How cookies represent treat in cyber world?
Answer,Cookie by itself is just a piece of information and not a program code. It
is not capable of harming users computer, and they cannot act as a virus or
worms. Cookies are created and used to allow server to store and retrieve state
information. However, this small text file is rich in information, which may include users IP address, user name, email address, password, preferred language,
shopping cart items and any strings that can be linked to users identity.
Theres a privacy issue if the cookie is stored in users computer without
his/her knowledge or consent and this also includes affiliates or third-party
cookies.
The cookie header and content are readable or in clear text format. Any sensitive
or identifiable information is vulnerable and exposed to threats whether it is a
malware, packet sniffers, cookie hijackers or another user of that pc.
Persistent cookies does not expire soon enough even after the user ended
the session. Thus, the website can build information or profile your browsing
activity and preferences over time.
Cookie poisoning simply means performing unauthorized modification of the
values stored inside the cookie. This can be easily done using tools and information available from the internet. Most websites stores persistent, non-secure
cookies while some are secured but still there are web site that employs poor
encryption that could be easily decoded.
Worms - Mass-mailing worms such as NetSky and Lohack is capable to search
and harvest email address to all .TXT files and this includes users cookies.
Trojan - Banking related trojans are usually capable of stealing users cookies.
Backdoor - There are backdoor that steals cookies associated to ebay, paypal
and banks.
Exploit - This is usually employed using cross site scripting exploit, where a
malicious user injects a code to a legitimate vulnerable website. So, all visitors
of that website will get redirected where a malicious cookie stealer script awaits.

Question 1.4
4. Give examples of web bug and web sniffers in cyber world. [List and give
3

their functionality]
Answer,A web bug is an object embedded in a web page or email, which unobtrusively
(usually invisibly) allows checking that a user has accessed the content. Common uses are email tracking and page tagging for web analytics. Alternative
names are web beacon, tracking bug, tag, or page tag. Common names for web
bugs implemented through an embedded image include tracking pixel, pixel tag,
11 gif, and clear gif. When implemented using JavaScript, they may be called
JavaScript tags.
A web sniffers monitor data flowing over computer network links. It can be
a self-contained software program or a hardware device with the appropriate
software or firmware programming. Sniffers examine network traffic, making a
copy of the data but without redirecting or altering it. Some sniffers work only
with TCP/IP packets, but the more sophisticated tools can work with many
other protocols and at lower levels including Ethernet frames.

Question 1.5
What is the difference between Cookies, Web bugs and Web Trackers? How do
you know their presence?
Answer,Cookies are used by website to temporarily store the personal settings on
our hard drive. They can be found in users hard disk (C drive).
A web bug is an object embedded in a web page or email, which unobtrusively
(usually invisibly) allows checking that a user has accessed the content. They
can be detected by using privacy softwares like McAfee privacy services, Bugnosis, AdMuncher etc.
Website trackers perform activity (and ability) of a website (using special software tools) to keep tabs on website visitors. They can be detected by using
Ghostery or Lightbeam add ons in Firefox.