By: Fahmida Y. Rashid, eWeek
An independent security consultant demonstrated a “cookiejacking” technique to show how attackers can steal Web cookies to access user accounts online. An unpatched vulnerability in Internet Explorer allows attackers to steal login credentials to various Websites via cookies, according to a security researcher. Attackers can exploit the Internet Explorer flaw to steal cookies from user computers and use the saved information to access user data. The researcher, Rosario Valotta, demonstrated the exploit at the Hack in the Box security conference in Amsterdam on May 20. Cookies are text files that Websites constantly save onto computers with information about user activity, such as login credentials, the contents of a shopping cart, or what sites the user has recently visited.
Share on Facebook