Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Italian security researcher discover "Cookie" vulnerability in Internet Explorer  (Read 1899 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A security researcher has discovered a vulnerability in all versions of Internet Explorer, including IE9, on all versions of Windows. This vulnerability allows hackers to steal login information for any sites requiring passwords. The theft of one's credentials is achieved by taking advantage of a flaw in how Internet Explorer handles cookies. While it sounds alarming at first glance, this vulnerability does require a fair amount of interaction from a user for it to be successful - thus being another example of social engineering.

The Italian security researcher, Rosario Valotta, shared details of the attack in an interview with Reuters: http://www.reuters.com/article/2011/05/25/microsoft-security-idUSN2517397120110525
The execution of this attack is done by convincing users to drag and drop an object across the screen to successfully obtain the cookie. Valotta managed to build a successful proof of concept of this flaw by coding a Facebook game which challenges users to undress a woman. According to Valotta: "I published this game online on Facebook and in less than three days, more than 80 cookies were sent to my server. And I've only got 150 friends."

Besides tricking users with sneaky puzzles, the vulnerability has little real world applications to have a greater impact. In a statement, Microsoft spokesperson Jerry Bryant states users should not be too concerned over the findings:
Quote

Given the level of required user interaction, this issue is not one we consider high risk. In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into.


We recommend all users, not just those on Internet Explorer, to be wary of suspicious-looking applications and game requests sent by your Facebook friends.

(NW)

Samker's Computer Forum - SCforum.info





amko_sa

  • SCF VIP Member
  • *****
  • Posts: 89
  • KARMA: 15
  • Gender: Male
    • Newsapp IT support Portal
Tnx samker for this info.

My favorite browser is Opera  ;)

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising