123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Security Professional Identifies New Cookiejacking Threat

Profile Picture
By Author: eccuni
Total Articles: 211
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

Recently, an Italian security researcher identified vulnerability in Internet Explorer (IE), which attackers may exploit to extract sensitive information related to Internet users. Rosario Valotta, identified a new cookiejacking technique, which he used to hijack cookies by bypassing the protection on IE. However, the attack requires user action to be successful. The researcher has termed the cookiejacking technique as an advanced clickjacking approach, which exploits zero day vulnerability. Attackers need to extract victim's username on Windows, identify the operating system in use. This helps attackers to determine the folders, which store the cookies. Attackers may then use clickjacking technique to place cookie text behind a picture. Again, fraudsters need to target cookie related to the website logged in by the user at the time of the attack. Attackers may exploit the vulnerability on all versions of IE including IE9 on any Windows operating system such as XP, Vista and even Windows 7. In this case, security researcher enticed Facebook users to play a game, which involves clicking, dragging and dropping. When users drag ...
... an object in the game to a picture, they inadvertently also send cookies to the fraudsters. Valotta was able to extract cookies of around 80 of his friends on Facebook within three days.

While the attack looks sophisticated, cybercriminals may extract the requisite information through browser exploits, javascript detection tools, and use social engineering techniques to make user perform a specific action. Web browsers use cookies to store site preferences and login credentials. Unwary Internet users often do not clear the cookies on the web browser. Some Internet users also check 'Remember my password' option or 'keep me logged in' option. Attackers may exploit the popularity of games on social networking sites to trick users into revealing sensitive information, without being aware of the malicious activity. Attackers may also attempt to steal confidential user information related to e-mail accounts, and online banking and shopping sites. Organizations must encourage employees to undertake e-learning and online degree programs on cyber security to avoid falling prey to social engineering attacks directed at stealing privileged business information. Cybercriminals may use the collected information to impersonate a legitimate user, conduct fraudulent transactions, and steal further personally identifiable information. Attackers may also leverage the victim's user name on Windows to gain remote access to a computer system.

Microsoft has reportedly described the latest security threat as not a high risk threat as successful attack requires high user interaction, visit to a malicious webpage, lured to drag and drop objects, and knowledge of the website, which the user is logged on to. However, security researchers at Trend Micro have argued that attackers may take advantage of negligence, and lack of security awareness among non-technical users to extract sensitive information through social engineering techniques. According to the Internet security firm, they block on an average around 13 million attempts by users to access malicious sites.

Developers must constantly identify the security flaws and initiate remediating measures to prevent their exploitation by attackers. The prevailing IT security scenario requires professionals to constantly enhance their skill sets and awareness through online university degree programs, and security conferences.

Internet users must refrain from clicking on links send by strangers, and be cautious while clicking links on websites. Deleting cookies, avoid clicking on 'remember my password' option, clearing browsing history may help protect Internet users from securing sensitive information. Internet users must avoid falling prey to playing enticing games and puzzles. Usually, professionals qualified in masters of security science and IT security certifications identify and warn users on latest security threats. Internet users must follow security blogs and advisories to abreast themselves of latest cyber threats.

Total Views: 332Word Count: 609See All articles From Author

Add Comment

Computers Articles

1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise Servers
Author: Server Tech Central

2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp

3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing

4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp

5. How To Start Your Website Redesign Project?
Author: brainbell10

6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam

7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp

8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp

9. How To Setup And Create Instagram Ads?
Author: brainbell10

10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap

11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10

12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10

13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp

14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10

15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: