InfoAnda - Microsoft latest security risk: Cookiejacking |

Pakistanis angry over detentions in Times Sq. case
Monday, May 24, 2010
ISLAMABAD – Relatives of three men detained by Pakistan for alleged links to the suspect in the attempted Times Square bombing say the men are innocent.
They

Taiwan denies boycotting Australian film festival
Thursday, August 6, 2009

AFP - Thursday, August 6TAIPEI (AFP) - - Taiwan's Beijing-friendly government on Wednesday denied boycotting an Australian film festival amid a row over the e

Merkel's support dips, regional ally resigns International
Thursday, September 3, 2009

By Sarah Marsh and Noah Barkin

BERLIN (Reuters) - Chancellor Angela Merkel suffered a double blow on Thursday as a senior party ally in east German

Minister seeks closure of anti-Berlusconi websites
Wednesday, December 16, 2009
ROME (AFP) - – The Italian government moved Tuesday to close down Internet sites encouraging further violence against Prime Minister Silvio Berlusconi, who

Asian markets mixed after Wall Street rally
Wednesday, March 18, 2009

By ELAINE KURTENBACH,AP Business Writer AP - Wednesday, March 18SHANGHAI - Asia's stock market rally seemed to be running out of steam Wednesday, despite an

From Beatles to ballet, McCartney writes for dance | | 24 February 2011
U.S. heart disease prevalence down | 14 October 2011
Iraq vote may be delayed, election head warns | 5 November 2009

Anderson Silva knocks out Yushin Okami at UFC 134 | 28 August 2011

Forum Views () Forum Replies ()

Read more with google mobile : Microsoft latest security risk: Cookiejacking |

Edition: U.S. Article Comments (1) Follow Reuters Facebook Twitter RSS YouTube Read Deep-voiced Scotty McCreery wins "American Idol" 2:29am EDT Hedge fund star calls for Microsoft's Ballmer to go 25 May 2011 MSNBC suspends Schultz over Ingraham remark 25 May 2011 Casey Anthony "normal," "happy" after tot's death 1:37am EDT Hedge fund star calls for Microsoft CEO to go 1:51am EDT Discussed 327 Obama and Netanyahu face tense meeting on Mideast 127 As hours tick by, ”Judgment Day” looks a dud 105 Broadcaster silent as Judgment Day hours tick by Watched Ultra-realistic robots test our relationship with machines Wed, May 25 2011 Scientists revive ancient spider in stunning 3D detail Tue, May 24 2011 Deadly Missouri tornado captured on video Mon, May 23 2011 Microsoft latest security risk: "Cookiejacking" Tweet Share this By Jim Finkle BOSTON (Reuters) - A computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites. He calls the... Email Print Related News Microsoft revamps phone software, adds handset makers Tue, May 24 2011 LinkedIn site has security vulnerabilities-expert Mon, May 23 2011 Hackers hit Sony sites raising more security issues Fri, May 20 2011 UPDATE 2-Sony finds another security flaw, shutters site Wed, May 18 2011 Mobile hacking sets off security gold rush Wed, May 18 2011 Analysis & Opinion Tech wrap: Microsoft carts out Mango phone OS LinkedIn: The next security breach? Related Topics Technology » Media » Facebook » By Jim Finkle BOSTON | Wed May 25, 2011 6:16pm EDT BOSTON (Reuters) - A computer security researcher has found a flaw in Microsoft Corp's widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites. He calls the technique "cookiejacking." "Any website. Any cookie. Limit is just your imagination," said Rosario Valotta, an independent Internet security researcher based in Italy. Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique "cookiejacking." The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system. To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked. That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman. "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends." Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam. "Given the level of required user interaction, this issue is not one we consider high risk," said Microsoft spokesman Jerry Bryant. "In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into," Bryant said. (Editing by Steve Orlofsky) Technology Media Facebook Related Quotes and News Company Price Related News Tweet this Link this Share this Digg this Email Reprints We welcome comments that advance the story directly or with relevant tangential information. We try to block comments that use offensive language, all capital letters or appear to be spam, and we review comments frequently to ensure they meet our standards. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. Comments (1) VanGuy44 wrote: Actually this article is somewhat misleading. Knowing how to cookiejack, I can say that it really comes down to proper website design. Facebook and other websites have (hopefully) designed security in more ways than a simple cookie. But all you need to hijack a Facebook session is a simple wireless card in an insecure wireless hotspot. May 25, 2011 8:31pm EDT -- Report as abuse See All Comments » Add Your Comment Social Stream (What's this?) © Copyright 2011 Thomson Reuters Editorial Editions: Africa Arabic Argentina Brazil Canada China France Germany India Italy Japan Latin America Mexico Russia Spain United Kingdom United States Reuters Contact Us Advertise With Us Help Journalism Handbook Archive Site Index Video Index Reader Feedback Mobile Newsletters RSS Podcasts Widgets Your View Analyst Research Thomson Reuters Copyright Disclaimer Privacy Professional Products Professional Products Support Financial Products About Thomson Reuters Careers Online Products Acquisitions Monthly Buyouts Venture Capital Journal International Financing Review Project Finance International PEhub.com PE Week FindLaw Super Lawyers Attorney Rating Service Reuters on Facebook Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests. NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.

Other News on Thursday, 26 May 2011
Mexico nabs drug boss tied to murder of poet's son |
Gbagbo party to shun Ivory Coast government |
Car bomb destroys police station in Pakistan, 6 dead |
Egypt to open Gaza border crossing from May 28 |
Muslims rush to restore torched Egypt church |
Apple fights fake anti-virus software vendors |
Google, Facebook warn on Internet rules at e-G8 |
Twitter buys TweetDeck, terms undisclosed |
Twitter says to protect users' right to self-defense |
Yahoo says makes headway in Alibaba talks |
Zuckerberg says not opening Facebook to under-13s |
Analysis: iPad prospects spur Brazil high-tech drive |
Double take: Robot twin examines role of technology |
Old CEOs can learn a few new tricks from Lady Gaga |
Anna Kournikova joins Biggest Loser TV show |
Dozens likely killed in overnight Yemen clash: official |
New leak feared at stricken Japan nuclear plant |
Suspected bomb blast wounds at least 7 in Istanbul |
Japan main opposition party eyes non-confidence motion: report |
EU powers ask U.N. Security Council to condemn Syria |
Blasts near east China government buildings kill two: report |
Drug gang gunfight kills 28 in Mexican state |
Georgia says policeman dies after protest clashes |
LinkedIn eyes business opportunities in China |
Sony forecasts $975 million net profit for current year |
Hedge fund star calls for Microsoft CEO to go |
Microsoft latest security risk: Cookiejacking |
Pardus urges Clearwire to reconsider spectrum sale |
Deep-voiced Scotty McCreery wins American Idol |
Unsealed Jackie Kennedy interviews to air on TV |
Cheryl Cole reported out as U.S. X Factor judge |
Top war crimes suspect Mladic arrested in Serbia |
Bomber kills 24 in Pakistan; U.S. military mission trimmed |
Gaddafi forces bombard Libyan city of Misrata |
Georgian protest crushed as president blames Russia |
Roadside bomb kills seven NATO troops in Afghan south: coalition |
Kim Jong-il says China alliance to bridge generations |
Two dead in blasts near China government buildings |
No Abyei war, says south Sudan before independence |
Intel might make chips based on non-Intel cores |
Arab Web clampdown hurts own economies: Google's Schmidt |
Lenovo quarterly net profit more than triples |
Niger signs off on Libyan deal for state telecom firm |
Alipay gets licence to set up e-payment system |
James Bond back in novel penned by American bestseller |
Greece at new risk of being pushed off euro
Bodies of missing Tenn. mom, Jo Ann Bain, and daughter found
Female Breasts Are Bigger Than Ever
AMD Trinity Accelerated Processing Units Now in Volume Production
The Avengers (2012 film), made the second biggest opening- and single-day gross of all-time
AMD to Start Production of piledriver
Ivy Bridge Quad-Core, Four-Thread Desktop CPUs
Islamists Protest Lady Gaga's Concert in Indonesia
Japan Successfully Broadcasts an 8K Signal Over the Air
ECB boosts loans to 1 trillion Euro to stop credit crunch
Egypt : Mohammed Morsi won with 52 percent
What do you call 100,000 Frenchmen with their hands up
AMD Launches AMD Embedded R-Series APU Platform
Fed Should not Ignore Emerging Market Crisis
Fed casts shadow over India, emerging markets
Why are Chinese tourists so rude? A few insights

USD EUR - 1 year graph	VPN on MacOSX	BlogMeter 1.01