back to article Unpatched IE bug exposes sensitive Facebook creds

A security researcher has devised an attack that remotely steals digital credentials used to access user accounts on Facebook and other websites by exploiting a flaw in Microsoft's Internet Explorer browser. Independent researcher Rosario Valotta demonstrated his “cookiejacking” proof of concept last week at the Hack in the Box …

COMMENTS

This topic is closed for new posts.
  1. John G Imrie

    I thaught the cookie spec

    said that the cookie could only be sent back to a machine on the same domain that issued the cookie, or am I missing something here?

    1. ~mico
      Boffin

      You forgot

      local file access. Yes, explorer (or rather, javascript running in it) can access local files and system's activex controls - when it's running in a certain "trust context". Somewhat like Firefox's plugins are allowed stuff forbidden for regular webpage script. Except in IE they did it... well... the usual.

  2. IMVHO

    Interesting...ish

    XSS with details. I'm going to have to call "meh" on it, though I acknowledge that these folks worked very hard to find this series of wrinkles.

    To rephrase; is it likely that present-day security tools that cover XSS will also cover this? Also, if these websites set the secure cookie flag (SSL only, matching domain, if I recall correctly), does that eliminate this attack? I have never understood why these sites use SSL at the login, but never anytime after. A simple Ettercap bit of fun is all that is needed to grab the session cookie (unless it's SSL; then you have to terminate on the user side, and re-encrypt going out the other way).

    Whatever...

  3. DJV Silver badge
    Alert

    A flaw in IE!!! Shock Horror!

    SNAFU

    1. Doug Glass
      Go

      Shituation Normal ...

      ... All Frakked Up.

  4. John Riddoch
    Thumb Down

    Interaction required...

    All you really need to do is make the interaction look like some kind of browser game and you'll get a number of people doing it and falling foul of the attack. Remember that getting a user to do something with the promise of a reward isn't new in terms of attack vectors; I seem to recall a Kournikova attack in an encrypted zip file. Because the file was password protected, the mail relay virus scanners couldn't scan it but people would still jump through the hoops in the expectation of some nude pics.

  5. Giles Jones Gold badge

    Who's to blame?

    You do have to wonder if these security researchers are driving many of the problems?

    Why aren't these people working at Microsoft and such places preventing the flawed designs in the first place?

    1. Anonymous Coward
      Stop

      Who's to blame?

      How many bugs do you thing that engineers discover and fix before it's even released, no matter the company?

      No bit of software can stand a onslaught of several thousand people trying to find an exploit, no matter how hard it is to execute.

  6. Anonymous Coward
    Thumb Up

    Happy feeling

    I always get this little happy feeling when another IE exploit is discovered. The more of these bugs are found, the more likely that big companies will allow the use of another, better browser.

    The more big companies use better browsers, the more people will do so at work.

    1. Anonymous Coward
      Anonymous Coward

      Queasy feeling

      Because none of the other browsers have ever had problems?

      If FF had a dominence, people would just target FF.

      If Chrome had the majority of users, people would target Chrome...

      (I like the new icon, btw)

This topic is closed for new posts.

Other stories you might like