Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Newest IE flaw: "cookiejacking" (

mcgrew writes: "Rueters and The Register are reporting a newly discovered hole in IE. The Register says

The attack exploits a vulnerability in the IE security zones feature that allows users to segregate trustworthy websites from those they don't know or don't ever want to access. By embedding a special iframe tag in a malicious website, an attacker can circumvent this cross zone interaction and cause the browser to expose cookies stored on the victim's computer.

From Reuters:

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked. That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman. "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends." Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.


This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Newest IE flaw: "cookiejacking"

Comments Filter:

What this country needs is a good five cent ANYTHING!