According to the media report, Microsoft spokesman Jerry Bryant said:
“Given the level of required user interaction, this issue is not one we consider high risk”.
“In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into,” Bryant said.
Unfortunately, this statement is not entirely accurate.
- People visit malicious sites all the time. The Trend Micro Smart Protection Network infrastructure blocks on average 13 million attempts by users, to access malicious sites every day.
- Social engineering a drag is easy, and scams like FakeAV and the various Facebook JavaScript copying attacks prove this works easily. Social Engineering is arguably the number 1 tactic used by criminals, in their malicious attacks.
Their advice – that this issue is not to be taken seriously and does not pose high risk – is misguided. Such comments could lead non-technical users to think that visiting malicious websites is unlikely, and could lead other users to think that they won’t be duped or compromised just by visiting a malicious website.
- There are always going to be cookies on the machines. I do not believe the average user clears their cookies even weekly, let alone each day.
As usual when dealing with the Internet, be careful out there!
Contrary to Reports – Cookiejacking Presents a Major Risk
Visit On-Site Technical Solutions for information on how you can move to Google Apps or other Cloud Computing applications. Call us for all of your network computing and business IT needs. We can also help with your data security and mobile computing. Follow us online below. Call or text me at 1-949-212-2168.
Technorati Tags
No comments:
Post a Comment