Google! DONT BE EVIL!

Original Presentations: here found an upload by mistake
Read more: http://code.google.com/p/browsersec/wiki/Part2

Original article:

Q: What is Cookiejacking?
A: Cookiejacking is a UI redressing attack that allows an attacker to hijack his victim’s cookies without any XSS.
Any cookie.
Any website.
Ouch.

Q: How the hell is possible to steal cookies without a XSS? are you using Firesheep?
A: Cookiejacking leverages on two main issues:

a 0-day vulnerability affecting every IE version on every Windows OS box
an advanced Clickjacking approach

Q: Tell me about the 0-day…
A: IE defines Security zones; they are a proprietary mechanism that allow users to group websites according to their source’s trust. From a theorical point of view a site assigned to a less-privileged zone (e.g. Internet zone) could not interact with a site/content assigned to a more-privileged zone (e.g. local files on your pc). This is called “Cross zone interaction policy”.
Eg.
[cc lang=”html”]