June 6, 1996 Greetings, Preliminary Comments When I wrote and submitted the first "Kill The Cookie" applet, I received a number of e-mails, many of them unflattering. Some questioned whether or not the MagicCookie file was an actual threat. Since the months have gone by other sources have questioned the security threat of the MagicCookie file so I hope that this resubmittion will not garner the same sceptical responses. I even noticed another program submitted to InfoMac that also deletes the MagicCookie file, so I guess word is getting around about the "possible" threat. For those of you that don't know about the MagicCookie file, it is a file that is deposited in your Netscape Preferences folder. It is created in response to a request by a www site that you visit. It stores information like passwords or anything else that the server requests. This is done to save time during future visits. However, many sources have questioned the file's security. I first heard of the MagicCookie file several months ago by reading an article in the San Jose Mecury news and responded by writing this little applet. With the addition of Java to web browsers, the possibility of a server getting information about your machine even increases. (Please don't flame me because you think I'm saying that Java itself is a risk. I'm not saying that.) But it seems reasonable that if a remote server can access your cpu to test your floating point performance (which is now done at one site) it could access the MagicCookie file and obtain the sensitive information there. At any rate, use this little applet if you wish. You can delete the same file by hand, but this applet just makes the process easier. If your not worried about getting rid of the MagicCookie file every session, why not place it in your "shutdown" items in your System folder so that it is deleted every time you shutdown? As disclaimers go, I won't be held responsible for your using this applet. Info on Version 1.1 This version of "Kill The Cookie" (1.1) now correctly reports whether or not the MagicCookie file has been deleted. Thanks to all of the folks who e-mailed me to let me know and thanks to the suggestions from many of you. I've tried to make this little applet as functional as possible so in addition to the regular "Kill The Cookie" applet I've included another version (1.1.1) that adds one little line of script that will "quit" your Netscape program. If you use this version, it will make sure the MagicCookie file is deleted every time you run Netscape. (See below for more specifics on 1.1.1.) Info on version 1.1.1 "Kill The Cookie" version 1.1.1 adds a little more convenience when deleting the MagicCookie file. This version adds a "quit" function for Netscape. After you have completed a Netscape session, just double-click the "Kill the Cookie" applet and it will quit Netscape and delete the MagicCookie file if it is present in your Preferences folder. Some users may find this version a little more convenient. One warning, with this version, double-clicking it when Netscape is not running will boot Netscape and then quit it, so only double-click it when Netscape is running. Also, you may need to "show" the applet where your Netscape application is located. If the applet cannot find Netscape, then it will ask you where it is. You will "show" the applet by naviagting through the various dialogs finding your version of Netscape. Make sure you "save" the changes to the applet when you've finished. More Info on 1.1.1 You may need to change the text below which reads "Netscape Navigator 2.02" to the name of your version of Netscape. It is very likely that your version of Netscape is located in a folder that you will need to "show" to the applet. The applet will display a dialog like "Where is Netscape?" and you will have to navigate to that folder. Be sure to save the changes in the applet or you'll have to do this again.