Wednesday, November 30, 2011

How you can protect against Cookies Stealing & Hi-jacking ?


Some days ago, a security researcher found a Microsoft’s latest security risk named cookies Hi-Jacking & Session Hi -Jacking which allows cookie stealing.

Microsoft is doing all it’s research to patch this vulnerability of internet explore. This bug is in all versions of internet explorer.

Cookies Hi – jacking and social engineering techniques are then used to trick users into dragging the contents of the rogue iframes to containers on the same page controlled by the attackers.
Microsoft’s Brandon LeBlanc say that the company is working on a patch. He also suggested to use  browser’s InPrivate Browsing feature.

The private browsing mode prevents access to cookie files already saved on the disk, but more importantly, it stores cookies for the active session in memory.

This means that a page crafted for cookies HI- jacking cannot access neither older cookies nor active ones, because there is no path to them.

No comments:

Post a Comment