Cookiejacking

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Cookiejacking is a form of hacking wherein an attacker can gain access to session cookies of an Internet Explorer user.[1] Discovered by Rosario Valotta, an Internet security researcher, the exploit allows an attacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen.[1] Although Microsoft deemed the flaw low-risk because of "the level of required user interaction",[1] and the necessity of having a user already logged into the website whose cookie is stolen,[2] Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.[1]

References[edit]

  1. ^ a b c d Finkle, Jim (2011-05-25). "Microsoft latest security risk: 'Cookiejacking'". Reuters. Retrieved 26 May 2011.
  2. ^ Whitney, Lance (2011-05-26). "Security researcher finds 'cookiejacking' risk in IE". CNET. Retrieved 26 May 2011.
  • Anonymous, 2011. Cookiejacking Attack Steals Website Access Credentials. Informationweek - Online, pp.Informationweek - Online, May 26, 2011.

External links[edit]