Cookiejacking

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Cookiejacking is a form of hacking wherein a hacker can gain access to session cookies of an Internet Explorer user.[1] Discovered by Rosario Valotta, an Internet security researcher, the exploit allows a hacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen.[1] Although Microsoft deemed the flaw low-risk because of "the level of required user interaction",[1] and the necessity of having a user already logged into the website whose cookie is stolen,[2] Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.[1]

References[edit]

  1. ^ a b c d Finkle, Jim (2011-05-25). "Microsoft latest security risk: 'Cookiejacking'". Reuters. Retrieved 26 May 2011. 
  2. ^ Whitney, Lance (2011-05-26). "Security researcher finds 'cookiejacking' risk in IE". CNET. Retrieved 26 May 2011.