Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
What to do?
  • When you’re uploading files for public use, make absolutely certain which files you’ve included in your bundle. Windows famously suppresses file extensions by default, making it hard to be sure which types of file you’ve selected. As shown above, Linux and Unix famously suppress “hidden” files that start with a dot.
  • Where possible, get someone else to review your upload before you click [OK]. If you’re uploading your own code, for example, you’re probably feeling relieved and euphoric that your next release is out, or happy that the bugs you’ve been working on are now finally fixed. Reviewing your own uploads is like proofreading your own articles: you know what they are supposed to look like, so mistakes that stick out obviously to other people will often evade your notice entirely.
  • Get in the habit of clearing your browser cookies regularly. The longer you leave it, the more personalised data about your browsing your cookie file will contain. Ideally, set up your browser to clear cookies and web data automatically on exit. That way you don’t have to remember to keep doing it by hand. It’s a small inconvenience for big peace of mind.
  • Log out from sites as soon as you’ve finished using them. Yes, this is inconvenient, because you have to log back in, and enter your 2FA code, frequently. But when you formally tell a site like GitHub, or YouTube, or Facebook, that you’ve logged out, your current browser authentication tokens are automatically invalidated and therefore become useless to anyone who stumbles across them later on.
  • Download your own uploads as soon as they’re public. If you regularly upload files to public repositories where others can fetch them, make a habit of downloading your own uploads (use a different browser, a different username or even a different computer if you can), as if you were an inquisitive member of the public. Review the contents of what you just downloaded, using a tool that you know shows you everything in the download, whatever its extension or filename. If you don’t check for rogue files, crooks are liekly to do it for for you.
Be aware before you share!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top