Monday, May 30, 2011

Contrary to Reports – Cookiejacking Presents a Major Risk

When I first saw the cookiejacking reports I also glossed over them - ho hum, another threat, and on Internet Explorer - who uses that? Of course millions use IE, and if you are one of them you probably want to pay a little more attention to this latest iteration of cookiejacking, according to our friends at Trend Micro. 


From Trend Micro:

According to the media report, Microsoft spokesman Jerry Bryant said:
“Given the level of required user interaction, this issue is not one we consider high risk”.
“In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into,” Bryant said.
Unfortunately, this statement is not entirely accurate.
  1. People visit malicious sites all the time.  The Trend Micro Smart Protection Network infrastructure blocks on average 13 million attempts by users, to access malicious sites every day.
  1. Social engineering a drag is easy, and scams like FakeAV and the various Facebook JavaScript copying attacks prove this works easily.  Social Engineering is arguably the number 1 tactic used by criminals, in their malicious attacks.
  1. There are always going to be cookies on the machines.  I do not believe the average user clears their cookies even weekly, let alone each day.
Their advice – that this issue is not to be taken seriously and does not pose high risk – is misguided.  Such comments could lead non-technical users to think that visiting malicious websites is unlikely, and could lead other users to think that they won’t be duped or compromised just by visiting a malicious website.

As usual when dealing with the Internet, be careful out there! 


Contrary to Reports – Cookiejacking Presents a Major Risk


Visit On-Site Technical Solutions for information on how you can move to Google Apps or other Cloud Computing applications. Call us for all of your network computing and business IT needs. We can also help with your data security and mobile computing. Follow us online below. Call or text me at 1-949-212-2168.

Follow us on Twitter
Find us on Facebook
View our profile on LinkedIn

 

Technorati Tags

malware

No comments:

Add to Technorati favorites

Add to Technorati Favorites