ManhattanTechSupport.com Rebrands as Homefield IT; Providing Strategic Technology Services Across the Country.

Learn More

Hackers Discover How to Hijack Cookies in IE

July 11, 2011Homefield IT

While Microsoft’s Internet Explorer enjoys a wide following including many businesses, the downside is that it becomes a prime target for hackers to exploit and abuse. One such instance is the recent discovery of a new flaw that allows hackers to “cookiejack” or hijack information from cookies from any website.

Despite a few flaws, Internet Explorer remains one of the most commonly used browsers in businesses today, making it a ripe target for hackers looking for security flaws to exploit.

One such flaw has been discovered recently by a security researcher in Italy. Dubbed “cookiejacking”, the flaw allows hackers to hijack a cookie of any website, thereby allowing them to gain access to passwords, credit card information, and various other data stored in the cookie. The flaw is found in any version of Internet Explorer in any version of Windows.

However, users must first drag and drop an item before the exploit can be activated. It might sound like a bit of a stretch, but hackers are known for their creativity, so expect that a seemingly appropriate situation will be presented in which you will find it perfectly normal to do a drag-and-drop action.

Microsoft responded to the threat by labeling it as “low risk”, citing the level of user interaction required for cookiejacking to occur. It did, however, encourage users to be more vigilant and alert, as well as to refrain from clicking suspicious links and visiting dubious websites.

Regardless of what platform or OS you use, there is always the constant threat from cyberattacks all it takes is one attack to break through and put important business data at risk. It is essential to always educate users on how to avoid being victimized by scams and hacks, and to have the right security software to ensure that your company’s information is safe and secure.

If you are interested in user training for security and / or better security protocols, please give us a call and we’ll be happy to draw up a custom security blueprint that’s tailor-made to meet your needs.

Published with permission from TechAdvisory.org. Source.