Just recently, we learned that an Italian IT professional by the name of Rosario Valotta discovered a vulnerability that affects every version of Microsoft’s Internet Explorer web browser.  The vulnerability allows a malicious user the ability to steal cookies from a user’s web browser. Once stolen, the sky’s the limit with what can be done using the cookie. As we know, cookies are used by web sites to track all sorts of things, including authentication. Used effectively, an attack like this would allow a malicious user to completely bypass the authentication process on sites in which a cookie is stored on the host’s PC.

Microsoft is not too concerned about the threat as it requires the attacker to engage the victim by having them drag and drop something on the website. Rosario was able to conduct his own test on this vulnerability by creating a game that he distributed via his Facebook page. Over a very short period of time, he was able to steal the cookies of hundreds of people that played the game.





Facebook links can look as common as the example above, including automatic “Likes” from friends who may be infected with Malware.

As always, you should be cautious with any suspicious links or emails as this threat requires user interaction to be successful. If it seems out of the ordinary, ask the person if they posted the link, or sent you the email before opening it.



Tags: , , ,