“Cookiejacking” Puts 900Million Microsoft Internet Explorer Users At Risk
Well, this is something any loyal or infact any regular Microsoft Internet Explorer user would not want to hear. An independent Computer security researcher and expert - Rosario Valotta has devised an attack on Microsoft's Internet Explorer (MSIE) which can remotely hijack your browser cookies and potentially cause damage to you by stealing digital credentials of your various user accounts on sites like Facebook, Twitter and more.
Valotta demonstrated this proof of concept "Cookiejacking" at the Hack in the Box security conference in Amsterdam, which was held recently. For this purpose, Valotta created a Facebook application which is a simple puzzle game and in less than three days he received more than 80 cookies from his 150 odd friends. His method exploits a flaw which is currently present in all current versions of IE, including IE 9. This flaw allows the attacker to steal session cookies which websites like Facebook issues after an user is authenticated successfully.
Although his proof of concept code steals cookies issued by Facebook, Twitter and Google Mail but he says that the technique can be very well used on any website. However, Microsoft spokesperson Jerry Bryant says that a Cookiejacking scam is next to impossible in the real world and given the high amount of user interaction required for a Cookiejacking to succeed, Microsoft does not consider this as high risk.
What we did not understand is, if there is a security flaw in Internet Explorer then it definitely needs to be addressed as soon as possible. Since Internet Explorer ships as the default web browser in all Windows powered computers, more than 900 Million users who are currently using this browser are at risk. Lets hope Microsoft comes out with a patch for the bug and not jeopardize the internet security and privacy of so many users.
via TOI & THN; Image Courtesy: blog.4webby.com