Beware of cookiejacking, Internet Explorer users

(CBS) - According to Reuters, security researcher Rosario Valotta discovered hackers can steal victims' online credentials by taking the session cookies from sites the victim is visiting. She calls this "cookiejacking," and all versions of Internet Explorer on Windows operating systems are vulnerable.

Once the cookiejacker figures out the victim's Windows username and which version of Windows the victim is running, the cookiejacker has to get the victim to drag and drop the cookie. But, who would drag and drop a cookie on purpose?

"The tricky part is to convince people to click on and drag items across a page," Amit Klein, internet security company Trusteer's chief technology officer, told Tech News World. "I'm not sure whether this is as straightforward in real-life scenarios as it's portrayed. That includes, for example, the need to find the victim's Windows username."

Well, the cookiejacker merely tries to trick people into doing just that. For example, Valotta said the cookiejacker can create a jigsaw puzzle that would reveal a picture of a naked woman once it's solved. When tested on a Facebook page, they got 80 responses.

If the cookiejacker succeeds, he or she gains access to your Facebook, Twitter and more. Yikes!

So we guess the moral of story is to be cautious of what you click on and drag. Or, just use Firefox and Google Chrome.