Cookiejacking Exploit Hits Internet Explorer, Targets Your Login Info
#1
I don't use Internet Explorer any more and haven't for a long time actually. I use Firefox. But I wanted to pass this along to those that might.

C is for cookiejacking, and it's a brand-new flaw that's been discovered in any and all versions of Internet Explorer, running on any variant of Microsoft's Windows operating systems.

But before you sound the alarm and switch over to Chrome or Firefox, know that cookiejacking—discovered and named by Rosario Valotta–first requires a bit of user tomfoolery in order to work. Be lured in by the cookiejack, however, and you might have just given up your login credentials for a site like Twitter or Facebook to a random third party.

The technique requires users to drag and drop the contents of a given cookie into what Valotta calls "an attacker-controlled HTML element." But before an attacker even gets to that step, he or she needs to pull a bit more information from the unsuspecting user. First off, the targeted cookie has to be for a site that the user is actively logged into in order for the exploit to have any meaning. The attacker also has to know the target's Windows username as well as the operating system the user's running in order to pull up the cookie itself.

According to Valotta, these are both details that can be pulled from various browser exploits or simple Javascript detection scripts. As for the drag-and-drop part of the exploit, that's the process by which a user is tricked into copying the text of the cookie file and sending it off to the attacker.

To accomplish that, Valotta hides the cookie text in a layer underneath a simple picture—like a basketball, for example. Clicking on this "basketball" actually selects the text underneath it, and dragging it over to a picture of a "hoop" sends the contents of the cookie off to the attacker. Voila—there go your login credentials.


READ MORE HERE






Reply
#2
Wow, that's pretty sneaky. Hopefully no drag and drop Mustang pictures on this site!
Reply
#3
They seem to get sneakier and smarter then we could ever hope to be. Guess we'd have to be evil in mind and spirit to understand or even be able to think like that. JTS 71 Mach1
Reply
#4
(05-30-2011, 12:28 AM)Rare Pony Wrote: Wow, that's pretty sneaky. Hopefully no drag and drop Mustang pictures on this site!

Security is very high on Mach1Club servers. I will never do anything to hurt members here. One of the main reasons you don't see advertising here is I don't trust what the advertisers could do with there banners.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Chinese hackers dig into new Internet Explorer bug Mach 1 Club 0 6,758 01-04-2011, 03:38 AM
Last Post: Mach 1 Club
  Honda Hit by Hackers – Customer Info Stolen Mach 1 Club 0 7,208 01-03-2011, 04:26 AM
Last Post: Mach 1 Club
  UN mulls internet regulation options Mach 1 Club 0 7,377 12-18-2010, 08:51 AM
Last Post: Mach 1 Club
  Does the Internet Make You Smarter? Dumber? Mach 1 Club 0 7,955 06-06-2010, 06:16 AM
Last Post: Mach 1 Club
  The FCC should NOT regulate the Internet Mach 1 Club 0 7,370 05-19-2010, 05:48 AM
Last Post: Mach 1 Club

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Latest Threads
What's One More Iron In The Fire!
Last Post: fram lee666
03-18-2024 06:21 PM
» Replies: 125
» Views: 238166
"Jacobra"
Last Post: JTS71 Mach1
06-30-2023 11:13 PM
» Replies: 86
» Views: 150942
My old Queensland Ambulance
Last Post: JTS71 Mach1
06-30-2023 11:08 PM
» Replies: 5
» Views: 1713
New member from San Jose, CA
Last Post: JTS71 Mach1
05-09-2023 08:39 AM
» Replies: 12
» Views: 3975
Saving Seatbelts
Last Post: Jim
02-19-2023 10:23 PM
» Replies: 2
» Views: 9116
Sourcing new wheels
Last Post: JTS71 Mach1
01-25-2023 02:34 PM
» Replies: 1
» Views: 2005
Shaker Air Filter
Last Post: JTS71 Mach1
01-08-2023 02:24 AM
» Replies: 3
» Views: 1469
1971 Mach 1 parting out interior parts -...
Last Post: ylwhrse
12-22-2022 01:38 PM
» Replies: 0
» Views: 642
Painting
Last Post: Rare Pony
12-14-2022 06:24 PM
» Replies: 2
» Views: 1972
WELCOME ALL NEW MEMBERS INTRODUCE YOURSE...
Last Post: JTS71 Mach1
08-31-2022 01:36 PM
» Replies: 82
» Views: 157103
1970 mach 1 matching numbers
Last Post: Kstweeter
08-31-2022 10:31 AM
» Replies: 1
» Views: 1088
Brake booster/servo hose length
Last Post: JTS71 Mach1
08-23-2022 09:40 AM
» Replies: 7
» Views: 3013
New Member
Last Post: JTS71 Mach1
08-20-2022 11:18 AM
» Replies: 2
» Views: 1503
smooth window operation on 70 Mach
Last Post: CUSTOMMISER
08-15-2022 12:10 PM
» Replies: 2
» Views: 1482
Blinkers on solid
Last Post: busted21
08-09-2022 03:58 AM
» Replies: 14
» Views: 8732
Blinkers on solid when lights on.
Last Post: JTS71 Mach1
08-08-2022 12:06 PM
» Replies: 1
» Views: 1723
351 cj running hot
Last Post: busted21
08-08-2022 12:13 AM
» Replies: 5
» Views: 3431
Major Winter projects
Last Post: JTS71 Mach1
07-09-2022 05:12 AM
» Replies: 49
» Views: 21309
Happy Fathers Day!!!
Last Post: JTS71 Mach1
06-20-2022 02:34 AM
» Replies: 0
» Views: 1686
1969 Raven Black 390 Looking For
Last Post: mason1958
06-11-2022 09:48 AM
» Replies: 10
» Views: 15093

>