• News
    • Archive
  • Celebrities
  • Finance
  • Crypto
  • Entertainment
  • Travel
  • Health
  • Others

Microsoft latest security risk: "Cookiejacking"


A computer security researcher discovered a bug in Microsoft Corp.'s commonly used Internet Explorer browser, which he claims might allow hackers to steal passwords to access websites such as Facebook, Twitter, and others.

He refers to the tactic as "cookiejacking."

“Any website will do. Any cookie will do. “Your creativity is the only limit,” Rosario Valotta, an independent Internet security researcher based in Italy, said.

Hackers may use the bug to gain access to a "cookie," a data file located within the browser that contains the user name and password for a web account, according to Valotta.

According to Valotta, who calls the method "cookiejacking," if a hacker has the cookie, he or she will use it to access the same platform.

COPYRIGHT_WI: Published on https://washingtonindependent.com/microsoft-latest-security-risk-cookiejacking/ by Landon Morton on 2011-05-26T10:54:00.000Z

The flaw affects all versions of Internet Explorer, including Internet Explorer 9, on any version of Windows.

Before the cookie can be hijacked, the hacker must convince the user to drag and drop an icon onto the PC's computer.

That may seem to be a daunting challenge, but Valotta claims he was able to complete it relatively quickly. He created a puzzle that he shared on Facebook, challenging users to "undress" a screenshot of a beautiful lady.

“I posted this game on Facebook, and more than 80 cookies were sent to my server in less than three days,” he said. “On top of that, I just have 150 friends.”

According to Microsoft, the chances of a hacker succeeding in a real-world cookiejacking scam are slim.

According to Microsoft spokesman Jerry Bryant, “given the amount of required user engagement, this problem is not something we consider high risk.”

“To be affected, a user must access a malicious website, be persuaded to click and drag things across the screen, and the intruder must target a cookie from the website the user was already logged into,” Bryant said.

Share: Twitter | Facebook | Linkedin

About The Authors

Landon Morton

Landon Morton - Landon is a professional character coach, motivational speaker, and consultant who values commitment, service, and excellence. Landon brings to your company valuable insights gained from his battlefield experience as a decorated combat veteran, enabling you to unleash the untapped potential of your employees. He illustrates how the invaluable talent that each individual brings to your company will positively affect your mission through real-world examples.

Recent Articles

No articles found.