The Security box, podcast 242: Cookie Bite

The podcast is now on the RSS feed for your enjoyment.

Here are the show notes in full with trivia from last week and its answer, the question for this week, and other links that might be of value.

---

Hello folks, welcome to podcast 242 of the security box podcast. Do you want some cookies? Yes, I ate a whole box, but they were sma;ll cookies and I intended not to do that.

These cookies however are not to be eaten, and you’ll find out all about it.

We’ll have news, notes and the landscape as well as trivia.

We hope you enjoy the program as much as I have putting it together for you.

---

Trivia

Last week, we asked:

The following was pulled from the newsletter for Saturday, May 24th. The answers are in the “by the numbers” section.

Question

What is the percentage of email that comes out of the %g1 US %g that is considered spam? Also, out of that, what is the percentage that is malware or phishing?

• A: 25% Spam 10% phishing and malware
• B: 50% spam 75% phishing and malware
• C: 57% spam 67% phishing and malware
• D: 80% spam 100% phishing and malware
• E: Higher than 80% on both
• F: lower than 25% on both

Your answer:

c: 57% and 67% respectively

57% Of all spam emails in the world come from the U.S. We’ve got loads of data centers, which makes it difficult to enforce regulations properly. This isn’t just inbox clutter, either; 67% of those messages contain phishing or malware links. You could say we’re the outbreak monkey of the internet.

Those who guessed include:

• Terry: c: 57% spam 67% malware and phishing
• Preston: b: 50% spam 75% malware and phishing
• Nick: e: Higher than 80%
• Joseph: D: 80% spam 100% phishing and malware

Congrats to all who guessed! Only one winner, but the rest will learn for now. We hope that the knowledge helps you in your endeavors!

This week’s Question

This week, the question is:

According to the Kim Komando Newsletter in the Web Watercooler section, what is the percentage of Gen Zers who are OK of sharing their data for free?

• A: 25%
• B: 50%
• C: 80%
• D: 88%
• E: 95%
• F: 100%
• G: less than 25%

Call (888) 405-7524 or 818-527-4754 or find me on social media. You can also text/WhatsApp 804-442-6975 and leave your guess there too. Good luck!

---

You don’t want these cookies

You think of cookies as things that you eat. But there are cookies on your computer which tell sites that you’re logged in to an account you control and they contain your preferences. But what would happen if someone was able to steal them and get in to those sites bypassing even the 2-factor authentication we have been telling you to use? Yes, if my memory serves me, that is what Cookie Bite does.

I have a blog post titled Don’t bite now! Cookie-bite proof of concept extension steals session cookies which leads to the article Cookie-Bite attack PoC uses Chrome extension to steal session tokens which you should read in full.

As we said, this is not cookies you want eaten.

---

Supporting the podcast

If you’d like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can’t do this alone.