According to foreign media reports, an Italian independent Internet security researcher named Rosario Varotta (Rosario Valotta) found a new loophole in Microsoft Internet Explorer, which is said to have exploited the vulnerability to steal cookies that record user names and passwords used to access the site. He calls that hacking technology "cookiejacking".
Varota said: "Any Web site, any cookie can be stolen through the cookiejacking technology." Only you can not imagine, there is no it can not do. ”
Varota in an e-mail message that hackers can exploit this vulnerability to steal data files stored inside the browser called Cookies, which hold user names and passwords for users accessing each site.
Varota says hackers can access the same Web site after stealing access to users, a technology called "cookiejacking."
According to Varota said, all versions of the Windows operating system in all versions of IE have this vulnerability, IE 9 is no exception.
Exploiting this loophole, Varota says, hackers can hijack the IE-browser cookie in the PC by luring a user to drag an object onto the PC screen.
Although this may seem a bit difficult, Varota claims that he can do it fairly easily.
Microsoft says the chances of hackers being successful in real cookiejacking are extremely low.
"Given the cookiejacking need for user involvement, we think the risk is not high," said Jerry Bryant, a spokesman for Microsoft, Jereblent. Users must visit a malicious Web site, be tempted to click and drag objects on the Web page, hackers can steal to record the user login information cookies. ”
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.