A computer security researcher from Italy, Rosario Valotta, found that the collection of cookies that are stored when you use IE, can be stolen hackers who could then be used to access the web that you have ever visited.
"A little website. A little cookie (which means access to many websites, a lot of cookies). The limit is only your imagination," said Rosario Valotta that an independent Internet security researcher told Reuters.
Hackers can exploit this weakness to access data files stored in the browser, known as "cookies", including in it could be a login name and password for web account.
Once hackers have the cookie, he can use it to access the same site, said Valotta.
This technique he called "cookiejacking".
This vulnerability is owned by all versions of Internet Explorer, including IE 9, in each version of the Windows operating system.
In the exploit "holes" of this security, the hackers have to persuade the victim to drag or close an object that appears on the PC screen before the hijack cookies.
Sounds like a tough job, but Valotta says that he can do very easily.He made a (game) puzzles are put up where users are challenged to photograph a woman stripped off interesting.
"I publish this online game on Facebook and in less than three days, more than 80 cookies were sent to the Server," he said. "And I have 150 friends (new)."
Microsoft says there is little likelihood of a successful hacker cookiejacking scam.
"Usually this level require user interaction, this issue is not one which we consider high risk," said Microsoft spokesman Jerry Bryant.
According to Bryant, to the possibility tersusupi users typically visiting malicious sites, were convinced to click and drag items in it and the attacker targeting cookies from the websites where users are logged into it. (republika.co.id)
0 komentar:
Post a Comment