User Tag List

Thanks useful information Thanks useful information:  3
Results 1 to 17 of 17

Thread: Errrr... IE is dangerous - cookie jacking

  1. #1
    It's all about the Light!
    Tech Admin
    Kym's Avatar
    Join Date
    15 Jun 2008
    Location
    Modbury, Adelaide
    Posts
    9,633
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)

    Errrr... IE is dangerous - cookie jacking

    http://www.ecommerce-journal.com/new...-cookiejacking

    Internet Explorer was found to have a flaw that allows hackers to steal cookies to access their accounts on some websites. The bug was found by a security researcher Rosario Valotta who said it could let hackers steal credentials to access FaceBook, Twitter and other websites.

    "Any website. Any cookie. Limit is just your imagination," said Valotta, an independent Internet security researcher based in Italy.

    Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email

    As a perpetrator access the cookie they can use it to access the same site concludes Valotta who dubs the technique as "cookiejacking."

    The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

    To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC's screen before the cookie can be hijacked.

    While it may sound like a difficult task, Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to "undress" a photo of an attractive woman.

    "I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server," he said. "And I've only got 150 friends."
    To paraphrase Yul Brunner... Don't use IE !!
    regards, Kym Gallery Honest & Direct Constructive Critique Appreciated! ©
    Digital & film, Bits of glass covering 10mm to 500mm, and other stuff



  2. #2
    Member
    Join Date
    19 Sep 2007
    Location
    Brisbane
    Posts
    144
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i havent used ie in about 9 years..i only use it at work cause we have nothing else
    Ben

    Camera: 7d
    Lenses: Canon 17 - 55 f2.8, Canon 85mm f1.8, Sigma 30mm f1.4
    Flash: 430 exii

  3. #3
    It's all about the Light!
    Tech Admin
    Threadstarter
    Kym's Avatar
    Join Date
    15 Jun 2008
    Location
    Modbury, Adelaide
    Posts
    9,633
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)

  4. #4
    Old Dog learning new Tricks nixworries's Avatar
    Join Date
    10 Sep 2010
    Location
    Collingwood Park
    Posts
    798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    internet explorer, hackers love it - i would rather firefox anyday
    canon 5D mark III tamron 24-70 2.8 vc, 50mm 1.8, tamrom 70-200 2.8 vc, remote tripod
    perseverance

    Rob


  5. #5
    can't remember
    Join Date
    16 Apr 2007
    Location
    Ballarat
    Posts
    2,010
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I recommend Internet Explorer to you all ... but only provided that (a) you live somewhere nearby, and (b) can afford the $80 I'll charge you to remove all the viruses from your infected system and teach you how not to get reinfected. Business is a little slow at the moment and I've got my eye on a new lens, so go right ahead: Internet explorer all the way!

    (Also, be sure NOT to update your Flash player, your PDF reader, or Java. Very important, those three. If everyone kept those three up to date I'd probably have to get a real job.)

  6. #6
    It's all about the Light!
    Tech Admin
    Threadstarter
    Kym's Avatar
    Join Date
    15 Jun 2008
    Location
    Modbury, Adelaide
    Posts
    9,633
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    @Tony... You might need to pay Rick an Advertising fee


  7. #7
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    14,781
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    I have a simple BAT file on the Desktop that clears cookies from their folder in WinXP. I run it soon after starting an internet session, when I remember 2.
    Will post with illustration later.
    Am.
    CC, Image editing OK.

  8. #8
    Amor fati! ving's Avatar
    Join Date
    28 Jun 2007
    Location
    St Helens Park
    Posts
    7,275
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    ...or just use Opera.

  9. #9
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    14,781
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Well, I use FireFox, and however good that may be I still delete cookies at least at the end of each session.
    And now an apology for previous misinformation...
    Deleting Cookies in Win XP
    That BAT file was not what I meant.
    It's just a dedicated Win Explorer session I use for the Cookies. (The Bat file is for clearing recent docs. I usually run both after internet sessions.)
    In Win XP, to get straight to the Cookies "folder" (which only looks like a folder), make up another Windows Explorer icon and change the properties so that it goes straight to where the Cookies are hidden.

    To save another 1000 words, here's a pic of it all, which you can expand.
    Am.(Again)


  10. #10
    Formerly : Apollo62 ApolloLXII's Avatar
    Join Date
    07 Aug 2010
    Location
    Montmorency
    Posts
    477
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've made my feelings about IE in another thread ("Help us kill IE...." or something like that) known. I don't like it and this business of it being able to be hacked so it will steal cookies just reinforces my utter dislike for it.

    I've never tried Opera Ving. Well built ladies screeching in Italian just isn't my thing .

  11. #11
    Member
    Join Date
    13 Nov 2008
    Location
    Brisbane (Northside)
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the info Kym.

    Quote Originally Posted by ameerat42 View Post
    ...
    To save another 1000 words, here's a pic of it all, which you can expand.
    Am.(Again)

    Or you could use ccleaner. (freeware)
    Matt.

  12. #12
    can't remember
    Join Date
    16 Apr 2007
    Location
    Ballarat
    Posts
    2,010
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Cookies are harmless.

    Oh yes, they are used to attack Internet Explorer, but name me something that isn't used to attack Internet Explorer.

    Seriously people, how many times do the experts have to explain before you get the point? Don't stuff about with pointless cookie tricks that achieve nothing, repeat nothing. Get a better browser!

  13. #13
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    14,781
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Tannin View Post
    Cookies are harmless.

    Oh yes, they are used to attack Internet Explorer, but name me something that isn't used to attack Internet Explorer.

    Seriously people, how many times do the experts have to explain before you get the point? Don't stuff about with pointless cookie tricks that achieve nothing, repeat nothing. Get a better browser!
    I'll defer to your greater aptitude and count this as the 1st time, Tannin. (Can't speak for the others, though.)
    Interesting though, how cookies can be both harmless and yet still attack (even if it's still only poor old) IE.
    You'll excuse me if I choose to STAFF about deleting cookies, even though I use Firefox set to delete them anyway. It's just that I end up with a lot of cookies when I start Skype and MSN Messenger.
    As a POINT, I tend to delete these and any History before logging off, just as a bit of housekeeping, and just on the off-chance they STAFF anything up.

    Well, so far almost nothing has happened, and that's a pretty good trick.


    Thanks, Matt. I do, just not every time.
    Last edited by ameerat42; 04-06-2011 at 2:26pm.

  14. #14
    can't remember
    Join Date
    16 Apr 2007
    Location
    Ballarat
    Posts
    2,010
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ameerat42 View Post
    Interesting though, how cookies can be both harmless and yet still attack (even if it's still only poor old) IE.
    Repeat: cookies are harmless. Cookies are not the problem, never have been a problem, and never will be a problem. To quote Wikipedia (because you don't seem to trust my professional expertise) "Cookies are not software. They can't be programmed, can't carry viruses, and can't unleash malware". That was a pretty fair comment.

    The problem is Internet Explorer. Explorer has had so many vulnerabilities exposed over the years that a colleague of mine one said "patching Internet Explorer is like trying to mend the holes in a net".

    Expending time and ill-informed energy on essentially harmless things like cookies isn't just useless, it is actively counter-productive and harmful, because it distracts attention and care away from the things that actually matter. No-one can devote endless time and energy to computer security, as a matter of simple practicality it is necessary to prioritise between tasks: to elevate the more-or-less useless task of deleting cookies to a routine practice is to demote some other, more important, task.

    Test question: what is a LSO or flash cookie?
    Tony

    Edit and critique at will. Tokina 10-17 fish, Canon 10-22, 24-105, 100-400, TS-E 24, 35/1.4, 60 macro, 100L macro, 500/4, Wimberley, MT-24EX, 580EX-II, 1D IV, 7D, 5D II, 50D.

  15. #15
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    14,781
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Let's keep it cool, Tannin. Your professional expertise? How am I to know anything about this? Have I missed something important in your 1st reply? Please elucidate if I have, but don't lecture me.
    This,
    The problem is Internet Explorer. Explorer has had so many vulnerabilities exposed over the years that a colleague of mine one said "patching Internet Explorer is like trying to mend the holes in a net".
    has only the weight of an anecdote. And this,
    Expending time and ill-informed energy on essentially harmless things like cookies isn't just useless, it is actively counter-productive and harmful, because it distracts attention and care away from the things that actually matter. No-one can devote endless time and energy to computer security, as a matter of simple practicality it is necessary to prioritise between tasks: to elevate the more-or-less useless task of deleting cookies to a routine practice is to demote some other, more important, task.
    is just a begged question.

    And,
    Test question: what is a LSO or flash cookie?
    Why just ask me? (I disabled them in the browser on 1st install.)
    Am.
    Last edited by ameerat42; 04-06-2011 at 5:33pm.

  16. #16
    It's all about the Light!
    Tech Admin
    Threadstarter
    Kym's Avatar
    Join Date
    15 Jun 2008
    Location
    Modbury, Adelaide
    Posts
    9,633
    Mentioned
    10 Post(s)
    Tagged
    0 Thread(s)
    @am - Tony runs a PC sales/support business and spends too much time fixing PC problems that in effect were self inflicted by bad user bahavior.
    He is probably a bit jaded

    Tony is correct in as much as cookies in and of themselves are harmless, with this caveat,
    if the cookie contains sensitive information and I can hi-jack the cookie I can get that information.
    So a badly implemented system that stores login info or other account information in a cookie allows the hi-jacker to get that information.

  17. #17
    Arch-Σigmoid Ausphotography Regular ameerat42's Avatar
    Join Date
    18 Sep 2009
    Location
    Nthn Sydney
    Posts
    14,781
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    Tannin, thanks for the info you provided anyway. Am.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •