Should I worry? Security questions. Browsers & Cookies

[Procrustes Stretched]

Hello gang. This is a shout out for advice/comments from a hack that usually never (lol) asks for help, but asking I am.

Situation: I am on a computer at a biz I do web work for. There is a guy here who is always playing with the router here and with norton security shit amongst other shit.

I discovered that when I am on a server or site that requires a password that even with the browser open...when I delete cookies and stuff and then refresh the page I am still connected. The browser is being overridden??? Why? Is somebody snooping or stealing info? Should I worry about a security breach on servers I have connected to from here?

am I being clear?

 

[random3434]

Kitten Koder in 5...4....3....2....1.........



HI DEV!

 

[Procrustes Stretched]

Kitten Koder in 5...4....3....2....1.........



HI DEV!

Hi kiddo! So good to see your typed characters.

SO the browser (Internet explorer) has auto settings that keeps the settings overriding the tools in the browser?

 

[random3434]

Kitten Koder in 5...4....3....2....1.........



HI DEV!

Hi kiddo! So good to see your typed characters.

SO the browser (Internet explorer) has auto settings that keeps the settings overriding the tools in the browser?

If that question is for me, I read:

akja;fja;ja;tu aetu atjghgagioagata['gatjatgjakg jaiuty'ayu



I think Kitten or someone is an expert on the computer stuff.


Maybe del?

 

[KittenKoder]

LOL ... Thanks Echo ...

Anyhow, to the security issue, some sites will use "sessions", server side cookies (sort of, more complex but sort of) which will maintain the login info. To check to see if that's it while using Fore Fox, close all the tabs leaving the browser open still (should have a blank tab), delete the cookies, then close the browser and wait for it to finish, then reopen. Another is that perhaps the page is cached in the temporary files, which the same steps will fix as well just delete the temporary files as well. If it's the temporary files being stored then you'll just have to clear those each time, if it's a session script then the session will usually expire in a couple of minutes or when you close the browser or disconnect from the web.

 

[KittenKoder]

Kitten Koder in 5...4....3....2....1.........



HI DEV!

Hi kiddo! So good to see your typed characters.

SO the browser (Internet explorer) has auto settings that keeps the settings overriding the tools in the browser?

Eew ... IE ... there should still be a way to override such settings, unless they changed it recently. You should still be able to clear everything, just make sure you are on a blank page or some error page when you do and not any site you are logged into.

 

[Procrustes Stretched]

LOL ... Thanks Echo ...

Anyhow, to the security issue, some sites will use "sessions", server side cookies (sort of, more complex but sort of) which will maintain the login info. To check to see if that's it while using Fore Fox, close all the tabs leaving the browser open still (should have a blank tab), delete the cookies, then close the browser and wait for it to finish, then reopen. Another is that perhaps the page is cached in the temporary files, which the same steps will fix as well just delete the temporary files as well. If it's the temporary files being stored then you'll just have to clear those each time, if it's a session script then the session will usually expire in a couple of minutes or when you close the browser or disconnect from the web.

I understand all that. What spooked me was the fact that when using the tools- delete all files- that the tools section-content -has a 'auto complete' and a 'feeds' option that overrides the tools-general -delete all files options.

When the browser is closed of course all files are supposed to be deleted...right? If the browser is open and the 'tools' 'general' options are being overridden by the 'tools' 'connection' options ... I am left wondering why? Is the browser then a security threat?

 

[Procrustes Stretched]

When at a site that I am logged into and the page is open...I deleted all cookies, but never got locked out of the site. The other settings (connection/settings) overrode the delete files/general settings. Creepy. I ams ure there is a reason for the feature, but IT escapes me. A way to keep people from what?

 

[KittenKoder]

LOL ... Thanks Echo ...

Anyhow, to the security issue, some sites will use "sessions", server side cookies (sort of, more complex but sort of) which will maintain the login info. To check to see if that's it while using Fore Fox, close all the tabs leaving the browser open still (should have a blank tab), delete the cookies, then close the browser and wait for it to finish, then reopen. Another is that perhaps the page is cached in the temporary files, which the same steps will fix as well just delete the temporary files as well. If it's the temporary files being stored then you'll just have to clear those each time, if it's a session script then the session will usually expire in a couple of minutes or when you close the browser or disconnect from the web.

I understand all that. What spooked me was the fact that when using the tools- delete all files- that the tools section-content -has a 'auto complete' and a 'feeds' option that overrides the tools-general -delete all files options.

When the browser is closed of course all files are supposed to be deleted...right? If the browser is open and the 'tools' 'general' options are being overridden by the 'tools' 'connection' options ... I am left wondering why? Is the browser then a security threat?

The auto-complete shouldn't take anything over, and you may want to turn that off when you are using someone else computer then turn it back on for them (if you feel like being nice). If it won't let you change those settings then only enter passwords where "dots" appear in their place (auto complete doesn't record those). IE itself has a lot of loopholes, but if you turn off all the scripting (Javascript, Flash, etc) it's safe enough.

Temporary files are not always deleted unless the browser is set to do that. Most multiuser terminals have this set to automatic unless they want to track user activities and don't know how to do it right.

 

[KittenKoder]

Oh, and 'feeds' (I hate those and always turn them off) shouldn't have any ill effects unless IE is letting them be signed up automatically now.

 

[Procrustes Stretched]

thanks kitty. Upon further investigation I am starting to understand what spooked me. I don't trust people who play with routers and security settings. Creepy. Sort of reminds me of some jerk on cape cod I once met. A real douche.

I am extra cautious when using somebody else's computer...especially when they give me bad vibes. Talking IT out loud gives me a clear head. thanks again.

I must protect the servers and stuff I use from prying eyes as my rep is only as good as how safe I keep things.

 

[KittenKoder]

thanks kitty. Upon further investigation I am starting to understand what spooked me. I don't trust people who play with routers and security settings. Creepy. Sort of reminds me of some jerk on cape cod I once met. A real douche.

I am extra cautious when using somebody else's computer...especially when they give me bad vibes. Talking IT out loud gives me a clear head. thanks again.

I must protect the servers and stuff I use from prying eyes as my rep is only as good as how safe I keep things.

No problem, and that is one time when a little paranoia could save you bigger headaches. I knew someone who had their account on one website hi-jacked because they forgot to log out of a friends computer. Had to actually hack the server to get it back for him (no, I didn't do the hacking, another friend from another country did it actually).

 

[Procrustes Stretched]

thanks kitty. Upon further investigation I am starting to understand what spooked me. I don't trust people who play with routers and security settings. Creepy. Sort of reminds me of some jerk on cape cod I once met. A real douche.

I am extra cautious when using somebody else's computer...especially when they give me bad vibes. Talking IT out loud gives me a clear head. thanks again.

I must protect the servers and stuff I use from prying eyes as my rep is only as good as how safe I keep things.

No problem, and that is one time when a little paranoia could save you bigger headaches. I knew someone who had their account on one website hi-jacked because they forgot to log out of a friends computer. Had to actually hack the server to get it back for him (no, I didn't do the hacking, another friend from another country did it actually).

I am paranoid when dealing with network people like the guy here. I've seen a client's daughter's computer left open after the woman's company network guy did some work on her home computer over the company network.

I am always checking things when I log on to hosting servers. I've done banking online from all sorts of places. I am not afraid of things as much as I am a cautious bastard when dealing with others who smell creepy.

 

[xsited1]

AutoComplete can be evil. This data is usually stored on the local computer. Even deleting passwords using the browser may not get rid of all of them. Check out IE PassView:

IE PassView 1.09 - Free software downloads and reviews - CNET Download.com

If you have an antivirus program, it will probably identify this as a "Hacker Tool." It most certainly is a hacker tool, but it's safe to use. (If you feel brave enough to use it, you may have to disable your antivirus software.) I use this tool a lot to retrieve passwords for myself and others. People are usually amazed at what is saved on their local computer.

 

[KittenKoder]

thanks kitty. Upon further investigation I am starting to understand what spooked me. I don't trust people who play with routers and security settings. Creepy. Sort of reminds me of some jerk on cape cod I once met. A real douche.

I am extra cautious when using somebody else's computer...especially when they give me bad vibes. Talking IT out loud gives me a clear head. thanks again.

I must protect the servers and stuff I use from prying eyes as my rep is only as good as how safe I keep things.

No problem, and that is one time when a little paranoia could save you bigger headaches. I knew someone who had their account on one website hi-jacked because they forgot to log out of a friends computer. Had to actually hack the server to get it back for him (no, I didn't do the hacking, another friend from another country did it actually).

I am paranoid when dealing with network people like the guy here. I've seen a client's daughter's computer left open after the woman's company network guy did some work on her home computer over the company network.

I am always checking things when I log on to hosting servers. I've done banking online from all sorts of places. I am not afraid of things as much as I am a cautious bastard when dealing with others who smell creepy.

One scary thing is they have a new key logger, it's not software and you can't tell when they are using it unless you look at the computers USB ports. It looks like a simple USB storage drive so very few people even spot them. Every time I have to work on someones computer I use my laptop if I have to go in person so I don't have to worry about it. Luckily most of what I have to do I just do remotely through the terminal.

 

[Procrustes Stretched]

what the fuck is wrong with IE/microsoft? I keep telling people I know with pc's to dump IE and use Firefox, but dumb is as dumb does...or so my momma used to say. hey, want a chocolate?

 

[KittenKoder]

what the fuck is wrong with IE/microsoft? I keep telling people I know with pc's to dump IE and use Firefox, but dumb is as dumb does...or so my momma used to say. hey, want a chocolate?

LOL ... it's the fear of change ...

 

[xsited1]

what the fuck is wrong with IE/microsoft? I keep telling people I know with pc's to dump IE and use Firefox, but dumb is as dumb does...or so my momma used to say. hey, want a chocolate?

You can hack Firefox as well. If a password is stored on the local computer, it can usually be found, even if encrypted. I use Chrome, but even it is not immune.

 

[KittenKoder]

what the fuck is wrong with IE/microsoft? I keep telling people I know with pc's to dump IE and use Firefox, but dumb is as dumb does...or so my momma used to say. hey, want a chocolate?

You can hack Firefox as well. If a password is stored on the local computer, it can usually be found, even if encrypted. I use Chrome, but even it is not immune.

Nothing is immune, but some allow you to secure yourself a little better than others. Chrome is being modeled after Fire Fox, just more user "friendly". Fire Fox has more, and better, add ons than IE by far. It's more customizable as well. If you know how to program you can write your own add ons for just about anything.

However, it's really a personal preference, but since Fire Fox is becoming more widely used (Chrome uses the same engine) it's a good choice.

 

[Procrustes Stretched]

On the internet we are not really as anonymous or safe as we imagine or are promised. aaaaaaaeeeeeeeeeeeeeeeeiiiiiiiiiiii!