An Italian security researcher has demonstrated an exploit in Microsoft’s web browser that could allow remote stealing of digital credentials, or cookies, The Register is reporting.
Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box security conference in Amsterdam. His hack exposes a flaw in all current versions of Internet Explorer (IE) to steal session cookies that Facebook and other websites issue once a user has entered a valid password and corresponding user name.
The cookie acts as a digital credential that allows the user to access a specific account. This code specifically targets cookies issued by Facebook, Twitter and Google Mail, but Valotta said the technique can be used on virtually any website and affects all versions of Windows. “You can steal any cookie. There is a huge customer base affected (any IE, any Win version).”
Hiç yorum yok:
Yorum Gönder