Dangers of IE 'cookiejacking': What you need to know

A researcher has discovered a 'cookiejacking' technique that impacts all versions of Internet Explorer on Windows.

By Tony Bradley, PC World |  Security, Internet Explorer

While all of that is true, though, many users click the little checkbox that says "keep me logged in" so they don't have to enter user credentials every time they visit a site like Facebook, and it is actually fairly simple to lure users into clicking. Valotta created a Facebook game where users undress a naked woman by clicking on her clothing to remove it. Voila! A game like that would definitely get users clicking.

What Should You Do?So, the sky is not falling. Successfully executing a 'cookiejacking' attack to extract sensitive credentials does take a fair amount of user interaction, and hopefully informed users know enough not to chase that rabbit down the hole.

At the same time, Valotta is not crying wolf. The 'cookiejacking' technique does work with a little cooperation from the user, and with more than 500 million users on Facebook playing all sorts of silly games, it is not a stretch to think that a significant number of users could be socially engineered to fall for the attack.

Microsoft does not consider the 'cookiejacking' issue to be a big enough threat to warrant an urgent, out-of-band security update for Internet Explorer, but it is allegedly working on a fix that will be available over the next few months. In the meantime, exercise some caution with a little extra common sense, and don't go clicking on things just because someone asks you to.


Originally published on PC World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness