Microsoft’s IE Threat: Cookie Jacking
A computer security firm has found a flaw in Microsoft’s Internet Explorer browser that allows hackers to steal credentials to access Facebook, Twitter, and other websites. The technique is called cookiejacking, an abbreviated form of cookie-hijacking. Once the hacker has the cookie, he or she can use it to gain access to the same website.
The vulnerability currently affects all versions of Internet Explorer on every version of Windows operating system. Hackers can exploit the flaw to access a data file, called a cookie, that holds the login name and password to a web account. To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PCs screen before the cookie can be hijacked.
Although this sounds initially difficult, one of the researchers designed a puzzle that allows users to “undress” a photo of an attractive woman. Within three days, half of his friend’s list performed the task. Microsoft commented and stated that there was little risk that users would be successfully duped. My belief is that Microsoft is greatly overestimating the computer knowledge of your average computer user and what seems like common sense to us computer geeks and computer companies, is not so obvious to everyday people.