Jump to content


Photo
* * * * * 1 votes

Internet Explorer Cookie Hijacking Vulnerability Discovered


  • Please log in to reply
3 replies to this topic

#1 SurB86

SurB86

    Surendra

  • Member
  • 1,438 posts

Posted 31 May 2011 - 01:42 PM

Posted Image

An Italy based computer security researcher has found a flaw in Internet Explorer browser that could let hackers steal credentials to access FaceBook, Twitter and other websites. The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

He calls the technique "cookiejacking."

Any website, any cookie, limit is just your imagination. Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account.

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked. That sounds like a difficult task, but the security researcher Rosario Valotta was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman.

"I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends."

Source

#2 pataoengineer

pataoengineer

    @pataoengineer

  • Member
  • 1,155 posts

Posted 01 June 2011 - 02:24 AM

It's 2011. I don't think cookies hacking will get account password to hackers.

But hackers just be able to access the volatile login session

of a website. Hmm, it sounds so stupid if a website store an account in

the client-side cookie. It's totally unsafe.

#3 pcHuntqwerty

pcHuntqwerty

    QWERTY

  • Member
  • 1,999 posts

Posted 01 June 2011 - 04:29 AM

Wow, this is serious!

#4 Chrominator

Chrominator

    Active WinMatrixian

  • Member
  • 671 posts

Posted 01 June 2011 - 08:01 AM

LOL @ IE9 security!

Want to comment?

Register or Sign In to go completely ad-free!