What is Cookiejacking?

Cookies are not only delicious snacks, they are also small text files that store information such as user account credentials or site preferences used by web browsers or applications. Recently a security researcher discovered a flaw in the Microsoft Explorer browser that leaves users vulnerable to Cookiejacking.

Cookiejacking is not having someone steal your snacks – but they are stealing your computer cookies. Cookiejacking occurs when there is a flaw in security of the browser that lets a cyber criminal access and capture said cookies. While some of the information contained in cookies could be relatively harmless for others to see, others not so much. For instance, if someone is able to gather your login credentials from cookies for sites such as Facebook or Gmail, they then could steal your identity for these services or view private data.

Microsoft has downplayed the seriousness of the threat. In a statement on the issue, Microsoft spokesman Jerry Bryant said, “In order to possibly be impacted a user must visit a malicious Web site, be convinced to click and drag items around the page and the attacker would need to target a cookie from the Web site that the user was already logged into. We encourage all customers to protect themselves against potential issues by avoiding clicking on suspicious links and e-mails, as well as adjusting Internet settings to higher security levels.”

Microsoft is getting ready for a large security update in the next week, with patches included to address the cookiejacking issues. In the meantime, as usual, be careful what you click on.

–Angela Skinner Mullen