Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS.

Clickjacking attacks have been widely adopted by attackers worldwide on popular websites (eg Facebook) in order to perform some drive to download attacks,click forging, message sending and so on.

In previous works on the same matter, new approaches on UI redressing attacks emerged, showing the possibility to steal victims webpage contents. In this presentation I will demonstrate a new kind of attack that can be used to exploit a 0-day vulnerability affecting all Internet Explorer versions over every Windows OS installation. The attack leverages on a UI redressing approach and allows an attacker to steal session cookies of from whatever site a victim is visiting. This new approach really moves UI redressing attacks a step further.

More info and demo: https://sites.google.com/site/tentacoloviola/cookiejacking

Explore More

Koobface; The Facebook virus. Latest in the list of social networking virus

Virus developers are still targeting social networking users to distribute the virus. The “friendly nature” of the social networking sites makes it easier to spread the worm quickly. Most users

Read More

FBI Fears Chinese Hackers and/or Government Agents Have Back Door Into US Government & Military Computer Networks

ome months ago, my contacts in the defense industry had alerted me to a startling development that has escalated to the point of near-panick in nearly all corners of Government

Read More

Press Conference briefing on the possibility of being shortest man in the world!!!

This is not hacking or security news, just about my some favorite news while I’m arriving at yangon, myanmar. I’ve been here around 3 months and waiting visa approval to

Read More