icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm

"Cookiejacking" threatens Microsoft’s Internet Explorer

"Cookiejacking" threatens Microsoft’s Internet Explorer
A computer security researcher has uncovered another security flaw in Microsoft’s Internet Explorer browser that would allow hackers to steal data that would grant them access to a users Facebook, Twitter or other social media sites.

"Any website. Any cookie. Limit is just your imagination," Rosario Valotta, an independent Internet security researcher based in Italy told Reuters.Valotta has dubbed this kind of hacking “Cookiejacking,” explaining that hackers can use the browser’s flaw to gain access to data files known as cookies that store login and password information for web based accounts. A hacker who gains access to a user’s cookies can access their online profiles, email or a number of other sites which sites a user might use that runs cookies. The flaw was found through the Windows operating system and in Internet Explorer, including the latest IE9 version. Valotta explained that a hacker would simply have to create a program that tricks a user into dragging a specific file across the screen. He was able to do so easily. By creating a puzzle game on Facebook that challenged users to "undress" a photo of a woman Valotta quickly duped users into granting him access to their cookies. "I published this game online on Facebook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends."Microsoft has acknowledged the flaw but scoffed at the possibility anyone would be able to utilize it. "Given the level of required user interaction, this issue is not one we consider high risk," Microsoft spokesman Jerry Bryant told Reuters. "In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into."Although Valotta was able to easily perform the task, Microsoft remains to think “cookiejacking” scams aren’t a real concern.

Dear readers and commenters,

We have implemented a new engine for our comment section. We hope the transition goes smoothly for all of you. Unfortunately, the comments made before the change have been lost due to a technical problem. We are working on restoring them, and hoping to see you fill up the comment section with new ones. You should still be able to log in to comment using your social-media profiles, but if you signed up under an RT profile before, you are invited to create a new profile with the new commenting system.

Sorry for the inconvenience, and looking forward to your future comments,

RT Team.