IE Flaw Could Allow Hackers Access to Your Facebook, Gmail, Twitter Accounts

2 years ago by Shaun Zhang

If you’re one of those who held off using the increasingly popular FireFox for your old love IE, it might be time to ditch that sentimentalism. An IE flaw exploiting stored cookies has been revealed to be capable of stealing a user’s login and password, allowing the hacker to access said victim’s personal account. The hack is known to affect all versions of IE.

Italian security professional and discoverer of this flaw, Rosario Valotta, called it “CookieJacking”. Cookiejacking, although a little technical in concept (involving a natural flaw in which IE is unable to keep cookies from migrating between “trusted” and “untrusted” security zones), is alarmingly simple in terms of execution. For cookiejacking to work, the hacker only requires his victim to drag and drop certain objects onto a designated area on any webpage. The designated area is an attacker-controlled html element and performing as described would allow the hacker access to that user’s session cookies.

The provided explanation might require imagination on the hacker’s part (he has to trick the user into performing specific actions after all) but a tried and tested demonstration by Valotta has perhaps provided these hackers some inspiration. In Valotta’s experiment, he managed to steal Facebook cookies through a puzzle app that involves players dragging and dropping objects from one area to another. In doing so, those users were unknowingly compromising their cookies security. "I published this game online on Facebook and in less than three days, more than 80 cookies were sent to my server," said Valotta. "And I've only got 150 friends."

Watch a CookieJacking demo here

Click in image above to play video

Microsoft responded by downplaying the risk level of such a threat. "Given the level of required user interaction, this issue is not one we consider high risk in the way a remote code execution would possibly be to users," said Microsoft spokesman Jerry Bryant. Bryant further encouraged users protect themselves by “avoiding clicking on suspicious links and e-mails, as well as adjusting Internet settings to higher security levels."

What do you think of this? "Like" us on Facebook and drop us your thoughts!

Komentar

To leave a comment, please log in withATAU

Silahkan Login or Daftar to comment.

Situs MMOLihat semua

Permainan SosialLihat semua

Permainan KasualLihat semua

EduPlay GamesLihat semua

Main Game di Ponselmu Lihat semua

IE Flaw Could Allow Hackers Access to Your Facebook, Gmail, Twitter Accounts

Watch a CookieJacking demo here

Artikel Terbanyak Dibaca

Koleksi Artikel

April - 2012

Maret - 2012

Februari - 2012

Januari - 2012

Desember - 2011

November - 2011

Oktober - 2011

September - 2011

Agustus - 2011

Juli - 2011

Juni - 2011

Mei - 2011

April - 2011

Maret - 2011

Februari - 2011

Januari - 2011

Desember - 2010

November - 2010

Oktober - 2010

September - 2010

Agustus - 2010

Juli - 2010

Game

Support

Komunitas

Tentang Kami

Legal

Ikuti Kami