What are Active Cookies?

Active cookies, also known as soft tokens, might be able to help defend Internet users from pharming. Pharming is a more sophisticated form of phishing, an attack that tricks a user into thinking he or she is visiting a legitimate site of business and unwittingly giving over personal information to the thief.

In a phishing attack, the thief designs a website that duplicates a known site of business. The thief then sends spam, encouraging people to visit the site to update information or take advantage of a promotion. When users click on the link within the email, they are taken to the fake site to divulge critical information. Hence, savvy users enter website addresses manually or use bookmarks. Those who do click on email links might spot the website address as being spelled incorrectly, saving themselves from a scam. However, none of these precautions will help spot a pharming scam.

Pharming accomplishes the same thing as phishing, but with more stealth and without spam. In this case, the thief plants false code on the domain name server (DNS) itself, so that anyone who enters the correct website address will be directed by the DNS to the fake site. Surfers have no way of knowing they are not at the legitimate site, but active cookies might be able to alert them.

Active cookies are an outgrowth of standard computer cookies. A standard cookie is a bit of text code that your browser shares with a site upon visiting. The site and the browser pass the cookie back and forth transparently, while the cookie identifies your browser to the site. Depending on its purpose, a cookie holds certain information like registration, password, and in some cases, previous purchases, account information or other relevant data. The cookie makes it convenient for a user to revisit a site without having to re-enter personal information upon each visit.

Researchers at Indiana University, along with RavenWhite Inc., have developed new active cookies. Active cookies not only hold information about the user’s identification, but also an archived address of the legitimate site. When authentication takes place between the website and an active cookie, the cookie tells the browser not only to respond through the usual channel, but also to send a duplicate message directly to the archived address, bypassing any middleman. If the website server only receives one correct response from the active cookie, it triggers an alert to freeze access to the account.

Active cookies might also employ additional measures, such as providing instructions to display a unique graphic on the legitimate site. If the customer does not see his or her custom graphic, this will be an obvious tip-off that the site is pharmed. Active cookies will be initiated server-side by companies that believe they could be helpful to customers. Though active cookies can provide an extra layer of security, they aren’t perfect. Changing computers or browsers, or purging the cache where active cookies are stored, will eliminate the benefits.