New
#1
IE Flaw Could Allow Hackers Access to your social networking accounts
Read more ...networkworld said:
moreA computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites.
He calls the technique "cookiejacking."
"Any website. Any cookie. Limit is just your imagination," said Rosario Valotta, an independent Internet security researcher based in Italy.
Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email
Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique "cookiejacking."
The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.
To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked.
Read more ...networkworld said:
This doesn't apply to any other browser, does it? Hopefully Microsoft will release a security update addressing this.
When something like this comes along I do wonder how man people Microsoft has checking, verifying, and fixing the problem.
This method of hijacking confidential information, using clever 'attachments' as bait, just serves as another excellent reminder to be very cautious when using the internet. We already know that attachments (in any form) are highly suspect for carrying malware of all kinds -- we now are aware of yet another method/form of using them to steal our confidential information. As someone who has had funds stolen out of my bank account by a PayPal hijacker, I am especially appreciative of this warning!
I don't get this bit:
The guy who demonstrated it created a Facebook app, which you have to drag and drop to play... and surely the targeted cookie would be facebook in that case? Back when I used facebook, judging from the amount of crap that got posted to my wall, everyone was always playing whatever games, with hardly a care about security/malware. Seems to be this is a very valid attack.Microsoft is not too worried about this zero-day hole in all versions of IE. Microsoft spokesman Jerry Bryant said, "Given the level of required user interaction, this issue is not one we consider high risk. In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into."
I know i'll get jumped on... But this is a bad thing??? Nah...
I live for the day sites like facebook and Twitter are shut down...
<rant> My kids, like so many others, have lost the ability to communicate face to face, walk around like zombies and sleep with their iPods and iPhones in their hands.. They will check and update their facebook wall in preference to visiting the bathroom... When you're trying to watch TV the damn devices are making noises every 2 minutes as things re updated... <end rant>