Languagesx
English Deutsch
Subscribe
Home Zero-Day “Cookiejacking” Hack Affects All IE Browsers, But Is It Serious?

Zero-Day “Cookiejacking” Hack Affects All IE Browsers, But Is It Serious?

A sophisticated new hack has emerged as a zero-day exploit for all versions of Internet Explorer. Dubbed “cookiejacking,” it is a way for hackers to take control of users browser identities and thus be able to impersonate them on Facebook, Twitter or any encrypted bank or retail site.

A play off the now familiar “clickjacking” term, cookiejacking happens when a hacker gets a user to drag and drop an item on a website enabled for the hack. It was discovered by Italian security researcher Rosario Valotta, who presented his findings it at two European security conferences earlier this year before publishing them on his blog. Given the nature of the attack and specificity of the attack, is this something that Internet Explorer users really need to worry about?

Essentially, cookiejacking is enabled when a malicious website gets a users to load a cookie from an Internet zone to a personal zone (one that has access to your cookies). See below for a demonstration.

Valotta told Reuters that he published the game he used to demonstrate cookiejacking on Facebook and was able to get 80 cookies on his server from his 150 Facebook friends.

Microsoft told ComputerWorld that it does not see the attack as serious, given the specific requirements of the hack. Yet, with things such as Facebook games and applications, (think, “put the ball in the hoop to win a prize”), cookiejacking could become a very real threat when implemented into the wild of the Web.

“In order to possibly be impacted, a user must visit a malicious Web site and be convinced to click and drag items around the page in order for the attacker to target a specific cookie from a Web site that the user was previously logged into,” Jerry Bryant, a group manager with the Microsoft Security Response Center, told ComputerWorld.

Facebook has recently improved its security to limit the affect of clickjacking on the site, but cookiejacking could be a whole different story because of how users interact with a Web page. Internet Explorer 8 was initially loaded with native clickjacking protection.

Time will tell if the cookiejacking exploit becomes a ubiquitous threat on the Internet or if Microsoft steps up and closes the loophole on Internet Explorer 7, 8 and 9 before it can become a problem.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

A stunning 3D render of a detailed map of Europe, characterized by intricate lines of connectivity crisscrossing the entire continent. The map is rendered in a muted color palette, with distinct shades of green, brown, and gray for landmasses, and a vibrant blue for bodies of water. The connectivity lines, shimmering with a subtle glow, highlight the interconnectedness of cities, countries, and regions, symbolizing the flow of people, ideas, and commerce.,
Small browser companies like DuckDuckGo and Ecosia see user surge in Europe
Sophie Atkinson
AI inspired image of Reddit IPO on Wall Street / Reddit shares rise 11% in just one day since options launch for IPO
Reddit striving for $6.4 billion valuation in upcoming IPO
Graeme Hanna
Microsoft updating
Microsoft Edge users report serious issues following recent update
Rachael Davies
Twitch confirms first ever subscription price increases
Twitch confirms first ever subscription cost increases, US set to follow
Graeme Hanna
Safer Internet Day
Safer Internet Day: Why it matters now more than ever
Charlotte Colombo

Most Popular Tech Stories

Latest News

AI-generated image of audio created to impersonate a school principal / Baltimore police arrest former high school sports director for framing principal using AI
AI

Baltimore school principal targeted in faked audio AI scam
Graeme Hanna11 hours

In Baltimore, Maryland a former high school sports director has been arrested for using artificial intelligence to impersonate a principal, making the public believe he had made racist and anti-semitic...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.