Hello, welcome to the Friday, June 11, 2021 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and the name am I'm recording from Jacksonville, Florida.

Quick diary today, just looking at some of these cookie warning banners.

You may have seen them in particular in Europe, where a website gives you the option to set cookies or not set cookies or even select what kind of cookies you are willing to accept.

Truth, however, is that these banners are often really more show than actual action, meaning that cookies are often being set before the banner

is even displayed.

And it's not just the websites that are to blame for this. Often these cookies come from

middle boxes, cond delivery networks, that add these cookies in order to, well, track users.

That's what cookies are typically used for

and to achieve some form of statefulness in requests being passed through the content

delivery network. I did a very quick and dirty test on the top 100 websites using curl

just to see how many of these websites are returning set cookie

headers to the first request they received and at least 30% of the websites did and a couple of

additional checks with the browser indicates that the real number is probably much higher. Well, is there

anything that you should do about this? Probably not just be aware of it. Yes, you are being

tracked and browser makers are actually sort of getting a little bit on top of this by restricting

what cookies can do and how they're being used.

Well, it's time to update your Citrix appliances again.

Citrix Application Delivery Controller, ADC, Citrix Gateway, as well as Citrix SD-WANWANOP,

need to be updated to fix two vulnerabilities that Citrix rated as high.

The first one I don't think is actually such a big deal.

It's denial of service vulnerability.

...