A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser. Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box …
I thaught the cookie spec
said that the cookie could only be sent back to a machine on the same domain that issued the cookie, or am I missing something here?
XSS with details. I'm going to have to call "meh" on it, though I acknowledge that these folks worked very hard to find this series of wrinkles.
To rephrase; is it likely that present-day security tools that cover XSS will also cover this? Also, if these websites set the secure cookie flag (SSL only, matching domain, if I recall correctly), does that eliminate this attack? I have never understood why these sites use SSL at the login, but never anytime after. A simple Ettercap bit of fun is all that is needed to grab the session cookie (unless it's SSL; then you have to terminate on the user side, and re-encrypt going out the other way).
A flaw in IE!!! Shock Horror!
Shituation Normal ...
... All Frakked Up.
All you really need to do is make the interaction look like some kind of browser game and you'll get a number of people doing it and falling foul of the attack. Remember that getting a user to do something with the promise of a reward isn't new in terms of attack vectors; I seem to recall a Kournikova attack in an encrypted zip file. Because the file was password protected, the mail relay virus scanners couldn't scan it but people would still jump through the hoops in the expectation of some nude pics.
Who's to blame?
You do have to wonder if these security researchers are driving many of the problems?
Why aren't these people working at Microsoft and such places preventing the flawed designs in the first place?
Who's to blame?
How many bugs do you thing that engineers discover and fix before it's even released, no matter the company?
No bit of software can stand a onslaught of several thousand people trying to find an exploit, no matter how hard it is to execute.
I always get this little happy feeling when another IE exploit is discovered. The more of these bugs are found, the more likely that big companies will allow the use of another, better browser.
The more big companies use better browsers, the more people will do so at work.
Because none of the other browsers have ever had problems?
If FF had a dominence, people would just target FF.
If Chrome had the majority of users, people would target Chrome...
(I like the new icon, btw)