Thursday, June 2, 2011

Dangers of Cookie-jacking (IE Users Only)

If you use Microsoft Internet Explorer, first of all, shame on you. There are much better web browsers that you can use without hurting the Internet (so please consider an alternative). Secondly, you should know that there is yet another new attack going around called "cookie-jacking" that you are in dire peril of falling prey to.

What is cookie-jacking?

Well, first to understand this, we must understand what cookies are...
    a small text file used by a Web browser or application to store information like site preferences, or user account credentials for site authentication
Now that we know that...
    an attack that exploits a flaw that bypasses the Security Zone protection in Internet Explorer to enable the attacker to capture the contents of cookies that should not be exposed

Hit the jump for more info...

What exactly is the danger here?

Well, essentially, cookies store information about you on your computer so that when you visit certain websites, you don't have to go through certain steps every single time to prove that it's you logging in every time. They remember the information to authenticate your user account to places like Facebook, Twitter, or any email that you log into (like the "Remember my username/password" checkboxes). Part of the reason for this is convenience.

In the wrong hands, your cookies can allow an attacker to impersonate and masquerade as you, using all of your accounts and, ultimately, steal your identity.

How does this happen?
    Rest assured, it's not like an attacker can just hack into your machine and take your web browsing cookies without you ever knowing. It's a little more complex than that. Not to put you at ease, but the attack does require you to participate and do things while you're unaware. You're basically tricked into participating in your own attack.

    What are you asked to do?
    1. Visit a malicious website.
    2. Click and drag items across the new page.
    3. Be logged onto the site you were on before you were linked to this malicious one. The cookie part comes in if you had "Keep me logged in" checked when you signed in.

    What can I do about this?

    Well, for starters, don't play so many silly games on Facebook that require a lot of clicking, such as a famed game where you undress a woman by clicking to take off her clothes or other.

    Also, you've already taken a step in informing yourself about the event at all.

    As far as a software fix goes, Microsoft has not yet put out a patch for Internet Explorer, but they have assured that one is coming soon. However, there is something you can do now: STOP USING INTERNET EXPLORER!!!

    story via IT News

    No comments: