- Cookiejacking
-
Cookiejacking is a form of hacking wherein a hacker can gain access to session cookies of an Internet Explorer user.[1] Discovered by Rosario Valotta, an Internet security researcher, the exploit allows a hacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen.[1] Although Microsoft deemed the flaw low-risk because of "the level of required user interaction",[1] and the necessity of having a user already logged in to the website whose cookie is stolen,[2] Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.[1]
References
- ^ a b c d Finkle, Jim (2011-05-25). "Microsoft latest security risk: 'Cookiejacking'". Reuters. http://www.reuters.com/article/2011/05/25/microsoft-security-idUSN2517397120110525. Retrieved 26 May 2011.
- ^ Whitney, Lance (2011-05-26). "Security researcher finds 'cookiejacking' risk in IE". CNET. http://news.cnet.com/8301-1009_3-20066419-83.html. Retrieved 26 May 2011.
Categories: Hacking (computer security)
Wikimedia Foundation. 2010.
