Microsoft latest security risk: "Cookiejacking"
A computer security researcher discovered a bug in Microsoft Corp.'s commonly used Internet Explorer browser, which he claims might allow hackers to steal passwords to access websites such as Facebook, Twitter, and others.
He refers to the tactic as "cookiejacking."
“Any website will do. Any cookie will do. “Your creativity is the only limit,” Rosario Valotta, an independent Internet security researcher based in Italy, said.
Hackers may use the bug to gain access to a "cookie," a data file located within the browser that contains the user name and password for a web account, according to Valotta.
According to Valotta, who calls the method "cookiejacking," if a hacker has the cookie, he or she will use it to access the same platform.
COPYRIGHT_WI: Published on https://washingtonindependent.com/microsoft-latest-security-risk-cookiejacking/ by Tom Mohamed on 2011-05-26T10:54:00.000Z
The flaw affects all versions of Internet Explorer, including Internet Explorer 9, on any version of Windows.
Before the cookie can be hijacked, the hacker must convince the user to drag and drop an icon onto the PC's computer.
That may seem to be a daunting challenge, but Valotta claims he was able to complete it relatively quickly. He created a puzzle that he shared on Facebook, challenging users to "undress" a screenshot of a beautiful lady.
“I posted this game on Facebook, and more than 80 cookies were sent to my server in less than three days,” he said. “On top of that, I just have 150 friends.”
According to Microsoft, the chances of a hacker succeeding in a real-world cookiejacking scam are slim.
According to Microsoft spokesman Jerry Bryant, “given the amount of required user engagement, this problem is not something we consider high risk.”
“To be affected, a user must access a malicious website, be persuaded to click and drag things across the screen, and the intruder must target a cookie from the website the user was already logged into,” Bryant said.
About The Authors
Tom Mohamed - I understand and respect the confidence my clients put in me as a Colorado native and seasoned real estate professional, and I strive to meet their standards every day. For over 11 years, I have been a top producer. Prior to joining the real estate industry, I served in the US Army Infantry, including several tours in Iraq and Kuwait. These experiences taught me the discipline needed to create Colorado's most powerful real estate team.
