General discussion

Locked

Internet Explorer Loophole Let The Cookie Jacking Monster In

For a Browser that is commonly known for it's bugs, Internet Explorer continues to enjoy a large user base. Explorer's broad user base and glitchy system make it the perfect target for hackers looking for a loophole to gain access to information. Explorer also dubbed "Exploder" by many web designers has recently gained a lot of attention for one of it's most recent flaws. This flaw, called "cookiejacking", allows hackers to gain access to your passwords, credit card information, and various other data stored in a cookie from any website.

This particular flaw is found in any version of Internet Explorer used in any version of Windows. Clever hackers have found a way to turn a seemingly harmless action into a gateway to your personal information. Hackers are currently able to gain access to users cookies from any website when the system user initiates the drag and drop action. Often times this action is instigated through some devious and fraudulent technique disquised as a legitimate advertisement or query targeted at gaining your personal information.

An Independent researcher, Rosario Valotta, demonstrated proof of ???cookiejacking??? at the recent Hack in the Box security conference in Amsterdam. Valotta specifically targeted cookies issued by Facebook, Twitter and Google Mail which are the most common targets of scams designed to gain personal information, in his demonstration. Valotta also said, "the technique can be used on virtually any website and affects all versions of Windows. You can steal any cookie,??? he told The Register.

Microsoft has stated that this type of hack is "low risk" and urges users to be more vigilant about the sites they visit and apparently turning on the "private browsing feature" prevents access to the cookie files saved on disk and in active session memory. Microsoft believes that people will not be easily duped into performing a task that allows entry. I think this is an underestimation on how clever hack schemes can be as well as the common users ability to identify a ploy. Moreover, I'm just plain tired of bugs, patches, fixes and flaws for a such a widely used web browser. With competition ranging from Google Chrome to Firefox, I'm surprised at how many people stay loyal to Internet Explorer. Any of these browsers allow hassle free searching presented in a clear manner and without all the problems or security risks.

With the large amount of business done online today companies and individuals can't afford to be nonchalant about their computer security no matter how "low risk" the threat is. As Microsoft says, If it's easy enough to avoid risky sites, then by applying the same logic, it's easy enough to avoid risky browsers such as Exploder. It only takes one successful attack to put your company and personal information at risk.

As a rule any Business should look into hiring certified computer network techs or an <a href="http://www.realtimeca.com" target="new">IT support company</a> for additional security support. If you have any concerns as to whether your system or network has been put at risk you should consult a computer repair or support specialist. As with any line of defense the best protection is prevention.

This conversation is currently closed to new comments.

0 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Back to Hardware Forum
0 total posts (Page 1 of 1)  

Related Discussions

Related Forums