Cookiejacking

Cookiejacking is a form of hacking wherein a hacker can gain access to session cookies of an Internet Explorer user. Discovered by Rosario Valotta, an Internet security researcher, the exploit allows a hacker to obtain a cookie from any site and thus a username and password by tricking a user into dragging an object across the screen. Although Microsoft deemed the flaw low-risk because of "the level of required user interaction", and the necessity of having a user already logged into the website whose cookie is stolen, Valotta was able to use a social engineering attack to obtain, in three days, the cookies of 80 Facebook users out of his 150 friends.