Microsoft latest security risk: "Cookiejacking"
A computer security researcher discovered a bug in Microsoft Corp.'s commonly used Internet Explorer browser, which he claims might allow hackers to steal passwords to access websites such as Facebook, Twitter, and others.
Author:Gordon DickersonReviewer:Darren McphersonApr 07, 2023157.4K Shares3.8M Views
A computer security researcher discovered a bug in Microsoft Corp.'s commonly used Internet Explorer browser, which he claims might allow hackers to steal passwords to access websites such as Facebook, Twitter, and others.
He refers to the tactic as "cookiejacking."
“Any website will do. Any cookie will do. “Your creativity is the only limit,” Rosario Valotta, an independent Internet security researcher based in Italy, said.
Hackers may use the bug to gain access to a "cookie," a data file located within the browser that contains the user name and password for a web account, according to Valotta.
According to Valotta, who calls the method "cookiejacking," if a hacker has the cookie, he or she will use it to access the same platform.
The flaw affects all versions of Internet Explorer, including Internet Explorer 9, on any version of Windows.
Before the cookie can be hijacked, the hacker must convince the user to drag and drop an icon onto the PC's computer.
That may seem to be a daunting challenge, but Valotta claims he was able to complete it relatively quickly. He created a puzzle that he shared on Facebook, challenging users to "undress" a screenshot of a beautiful lady.
“I posted this game on Facebook, and more than 80 cookies were sent to my server in less than three days,” he said. “On top of that, I just have 150 friends.”
According to Microsoft, the chances of a hacker succeeding in a real-world cookiejacking scam are slim.
According to Microsoft spokesman Jerry Bryant, “given the amount of required user engagement, this problem is not something we consider high risk.”
“To be affected, a user must access a malicious website, be persuaded to click and drag things across the screen, and the intruder must target a cookie from the website the user was already logged into,” Bryant said.
Gordon Dickerson
Author
Gordon Dickerson, a visionary in Crypto, NFT, and Web3, brings over 10 years of expertise in blockchain technology.
With a Bachelor's in Computer Science from MIT and a Master's from Stanford, Gordon's strategic leadership has been instrumental in shaping global blockchain adoption. His commitment to inclusivity fosters a diverse ecosystem.
In his spare time, Gordon enjoys gourmet cooking, cycling, stargazing as an amateur astronomer, and exploring non-fiction literature.
His blend of expertise, credibility, and genuine passion for innovation makes him a trusted authority in decentralized technologies, driving impactful change with a personal touch.
Darren Mcpherson
Reviewer
Darren Mcpherson brings over 9 years of experience in politics, business, investing, and banking to his writing. He holds degrees in Economics from Harvard University and Political Science from Stanford University, with certifications in Financial Management.
Renowned for his insightful analyses and strategic awareness, Darren has contributed to reputable publications and served in advisory roles for influential entities.
Outside the boardroom, Darren enjoys playing chess, collecting rare books, attending technology conferences, and mentoring young professionals.
His dedication to excellence and understanding of global finance and governance make him a trusted and authoritative voice in his field.
Latest Articles
Popular Articles