What is cookie-jacking?
Well, first to understand this, we must understand what cookies are...
- COOKIE:
a small text file used by a Web browser or application to store information like site preferences, or user account credentials for site authentication
- COOKIE-JACKING:
an attack that exploits a flaw that bypasses the Security Zone protection in Internet Explorer to enable the attacker to capture the contents of cookies that should not be exposed
Hit the jump for more info...
What exactly is the danger here?
Well, essentially, cookies store information about you on your computer so that when you visit certain websites, you don't have to go through certain steps every single time to prove that it's you logging in every time. They remember the information to authenticate your user account to places like Facebook, Twitter, or any email that you log into (like the "Remember my username/password" checkboxes). Part of the reason for this is convenience.
In the wrong hands, your cookies can allow an attacker to impersonate and masquerade as you, using all of your accounts and, ultimately, steal your identity.
How does this happen?
What are you asked to do?
- Visit a malicious website.
- Click and drag items across the new page.
- Be logged onto the site you were on before you were linked to this malicious one. The cookie part comes in if you had "Keep me logged in" checked when you signed in.
What can I do about this?
Well, for starters, don't play so many silly games on Facebook that require a lot of clicking, such as a famed game where you undress a woman by clicking to take off her clothes or other.
Also, you've already taken a step in informing yourself about the event at all.
As far as a software fix goes, Microsoft has not yet put out a patch for Internet Explorer, but they have assured that one is coming soon. However, there is something you can do now: STOP USING INTERNET EXPLORER!!!
No comments:
Post a Comment