Monthly Archives: January 2010

Flash Cookie Remover 0.91 Beta Released

I have released a new version, 0.91 Beta, of Flash Cookie Remover. This version adds an interesting new feature: Disabling the creation of Flash cookies. Basically, once you press the “Disable Cookies” button in the program and answer Yes to the confirmation question, all your Flash cookies will be deleted, and the creation of new Flash cookies will be blocked.

This should be useful for those who do not Flash cookies to be created at all. Also, as far as I know, no other program currently has this feature.

Download:

http://www.misec.net/products/FlashCookieRemover.exe

Advertisements

Flash Cookie Remover 0.9 Beta Released

After the previous post about Flash cookies I decided to do something about the problem instead of just describing it. I’m therefore happy to present Flash Cookie Remover – a program which does exactly what you’d think: removes Flash cookies. And unlike Adobe’s utility, it removes all information associated with the cookies – not just the data.

Currently the utility has been tested and works on XP, Vista and Windows 7. You can download it here: Flash Cookie Remover 0.9 Beta.

Please leave any feedback as a comment here or email magnus@misec.net

Flash Cookies and How to Get Rid of Them

So you’re using Firefox and have cleared out your browsing history and cookies. Now no one can see where you’ve been on the web, right? Wrong.

A little known fact is that Flash movies and applications can store their own “Flash cookies” which are entirely separate from normal cookies. There is no way to delete or even view these cookies in your web browser, and they can be used to see what sites you’ve visited even if you’ve deleted all your history and normal cookies.

Some sites even use Flash cookies as a “backup” for normal cookies. What this means is that these sites are able to restore your regular cookies even after you’ve deleted them. The site simply reads your Flash cookies, notices that your regular cookie has been deleted and then proceeds to reinstate the normal cookies using the data stored in the Flash cookies.

So how can you delete Flash cookies? They are normally stored in C:\Documents and Settings\[Username]\Application Data\Macromedia\Flash Player\#SharedObjects\[Random Name]. This directory will contain sub-directories, one for each site which uses a Flash cookie. The cookie data is stored in files with a .sol extension. You can manually delete the directories for the sites which you don’t want to keep Flash cookies for.

Another options is to go the the Flash Player Settings Page at Adobe. This will start a small Flash application that allows you to delete Flash cookies. There is however a big problem with this method, and that is that this only deletes the .sol file that contains the actual data – the directory which contains the name of the site you’ve visited is retained. This means that anyone can still see which sites you’ve visited even if the actual data is gone.

The best way to remove this data is thus to manually delete the directories as outlined above. Note that on Windows Vista and Windows 7 C:\Documents and Settings is just a pointer (junction) to C:\Users. Most of the time you will not have permission to access C:\Documents and Settings on these Windows versions (unless you want to modify the permissions manually). Therefore, try the path C:\Users\[Username]\Application Data\Macromedia\Flash Player\#SharedObjects\[Random Name] instead.

If you find that you cannot get access to C:\Users\[Username]\Application Data you can run the “Take Ownership” .reg file available from here and then right-click on the folder and select “Take Ownership”. This should allow you to get access to the folder and hence view and delete the Flash cookie directories.

New Project in the Works

Currently working on a new application that takes advantage of information “in the cloud” from a large number of users to identify malware. Can’t say too much at this point as the program is still in the development stage, but as soon as a testable version of it is ready I will post more information on this blog. Stay tuned for screenshots and more.