Cookie hijacking vulnerability discovered in Internet Explorer

A security researcher has discovered a vulnerability in all versions of Internet Explorer, including IE9, on all versions of Windows. This vulnerability allows hackers to steal login information for any sites requiring passwords. The theft of one's credentials is achieved by taking advantage of a flaw in how Internet Explorer handles cookies. While it sounds alarming at first glance, this vulnerability does require a fair amount of interaction from a user for it to be successful - thus being another example of social engineering.

The Italian security researcher, Rosario Valotta, shared details of the attack in an interview with Reuters. The execution of this attack is done by convincing users to drag and drop an object across the screen to successfully obtain the cookie. Valotta managed to build a successful proof of concept of this flaw by coding a Facebook game which challenges users to undress a woman. According to Valotta: "I published this game online on Facebook and in less than three days, more than 80 cookies were sent to my server. And I've only got 150 friends."

Besides tricking users with sneaky puzzles, the vulnerability has little real world applications to have a greater impact. In a statement, Microsoft spokesperson Jerry Bryant states users should not be too concerned over the findings:

Given the level of required user interaction, this issue is not one we consider high risk. In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into.

We recommend all users, not just those on Internet Explorer, to be wary of suspicious-looking applications and game requests sent by your Facebook friends.

Report a problem with article
Previous Story

The Witcher 2 1.1 patch eliminates DRM for all copies of the PC game

Next Story

Flickr now keeps your content for 90 days after account deletion

31 Comments

Commenting is disabled on this article.

Common, This can be done very easily and to all web browsers. Its called Sidejacking. (Hamster and Ferret any1?)
Except if im missing anything new?

In a world where the leading cause of infection is through trickery and deception, I would think Microsoft would consider this very high risk. If someone can't distinguish the difference between an ad and a real application, then then getting people to drag and drop on a web page will be a piece of cake.

"The execution of this attack is done by convincing users to drag and drop an object across the screen to successfully obtain the cookie."

1) Too lazy to do that in the first place anyway.
2) Already block damn 3rd party cookies.
3) Can't be convinced to do anything let alone be socially engineered.
(LOL)

@GP007: "I don't understand how any computer-literate person would choose to use it."
Fastest on my system. Just works best. Safer than ever now too. Wait..No need to justify anything to haters. heh

GP007 said,
I block all 3rd party cookies in IE and Opera as they're often just tracking you etc.
If you check not all third-party cookies being blocked. I don't know why.

Even in Firefox happens. Maybe that's why Chrome in "Flags" has a secondary option to block all of them. Take a look of Chrome's option in "about:flags"

"Block all third-party cookies
When the option to block third-party cookies from being set is enabled, also block third-party cookies from being read."

Haven't investigate about further.


hotdog963al said,
I don't understand how any computer-literate person would choose to use it.

Any computer-literate person wouldn't have a problem with malware and viruses regardless. IE security has been getting better and better with each update.

GP007 said,

Any computer-literate person wouldn't have a problem with malware and viruses regardless. IE security has been getting better and better with each update.


its better then FF or Chrome's. even spyware installed outside of IE and into windows, will be blocked inside IE, unless you offcourse allow the addon to run. But its disabled by default.

Shadowzz said,

its better then FF or Chrome's
IE9 is extremely impressive, but I am not sure that its security sandbox is quantifiably better than Chrome's. Of course, I am not sure it's necessarily any worse either.

Especially considering that Chrome forces Flash onto all of its users, which just allowed a vulnerability in Chrome a few weeks ago. Still, IE9 has also been shown to not be absolutely bullet proof either, but for different reasons that they control and can patch.

Firefox on the other hand has no process sandbox and therefore is definitely worse than both IE9 and Chrome.

hotdog963al said,
I don't understand how any computer-literate person would choose to use it.

I used it because it works just fine for me an its not been a security challenge because I don't visit suspect sites or download any old app thats offered to me.

hotdog963al said,
I don't understand how any computer-literate person would choose to use it.

You're probably not "computer-literate" enough to know what you're speaking about.

IE9 is the fastest and the most secure web browser on the market. Since IE7/vista, every plugin (except java) are sandboxed.
Firefox has not sandbox at all. And chrome only sandbox itself + partially sandboxes flash player.
(risky plugins like vlc, quicktime, real, and any other plugin that may install automatically are NOT sandboxed on chrome).

I think it's crazy that people continue to use firefox even though it's the most insecure browser (4x more security flaws than IE, and still no sandbox!)

yowan said,
Stay away from IE
Even though IE9 is infinitely better than any previous version of IE, I still wouldn't use it as my primary browser because, as their track record has shown, I simply don't trust MS to stay serious about it in the future. IE losing market share was the best thing to ever happen to IE.

MS Lose32 said,
Even though IE9 is infinitely better than any previous version of IE, I still wouldn't use it as my primary browser because, as their track record has shown, I simply don't trust MS to stay serious about it in the future. IE losing market share was the best thing to ever happen to IE.

Serious about what? Security? If that was what you were talking about... Microsoft is one of the most serious companies when it comes to security.

RealFduch said,

Why are these trolls allowed on Neowin?
If you've ever had to develop for IE6/7, you'd be denouncing IE too! I'm not saying IE9 is bad cuz it isn't, in fact, it's pretty good. But us web developers are still wary of it, and will continue to be so for a while, because of all the bad previous experiences we've had from it.

KavazovAngel said,

Serious about what? Security? If that was what you were talking about... Microsoft is one of the most serious companies when it comes to security.

Web standards. Sorry, I forgot to clarify on that.

MS Lose32 said,
If you've ever had to develop for IE6/7, you'd be denouncing IE too! I'm not saying IE9 is bad cuz it isn't, in fact, it's pretty good. But us web developers are still wary of it, and will continue to be so for a while, because of all the bad previous experiences we've had from it.

And you blame Microsoft? When IE6 was released, it was cutting edge stuff. Besides, Microsoft wants IE6 gone as much as everybody else

day2die said,

And you blame Microsoft? When IE6 was released, it was cutting edge stuff. Besides, Microsoft wants IE6 gone as much as everybody else
Is it Microsoft's fault that much of the corporate world still needs IE6? No. Is it Microsoft's fault that they sat on their asses for 6 years between IE6 and IE7? Um, yeah. And beside, why couldn't MS make a corporate-only version of IE that fully supports the IE 6 and 7 layout engines, and a consumer version that supports the latest standards? Was that too hard for the world's largest software company? Or did they think it would "confuse" the world too much?

GP007 said,
Any computer-literate person wouldn't have a problem with malware and viruses

And there is the answer in itself.

pickypg said,

Firefox on the other hand has no process sandbox and therefore is definitely worse than both IE9 and Chrome.

Not True, Opera doesn't have it either. both Firefox and opera are fine without it for now, i give IE 9 and chrome a slight edge. just because Firefox and opera doesn't have chrome sandbox doesn't make them worse.

brent3000 said,
Thats why i stay far away form apps and pages on FB

Events and walls is all i use FB for these days


I'm sure Biowares game is out to get me and wants all my account info.
As with everything else on the net, keep your sites and apps reputable and there's no problem, though I expect MS will fix it.