Peaches Posted May 28, 2011 Report Share Posted May 28, 2011 May27 Contrary to Reports – Cookiejacking Presents a Major Risk In a recent Reuters article, Italian security researcher Rosario Valotta described a new 0-day attack on Microsoft’s IE browser, that he’s named “Cookiejacking”. The main idea of Cookiejacking has actually been around for several years now – better known names for this technique are “side-jacking” or session hijacking; however what Rosario has discovered is a new delivery for this attack that is based on social engineering users to help the attacker exploit a bug in IE. According to the report, the vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system and to exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked. The researcher cited an example where he used social engineering in the form of a puzzle, to entice users to “undress” a photo of an attractive woman. For those of you interested in reading the full details of the attack, you can find it here. http://sites.google.com/site/tentacoloviola/cookiejacking Story here: http://blog.trendmicro.com/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.