The document summarizes a presentation on cookiejacking, a new type of UI redressing attack that exploits a zero-day vulnerability in Internet Explorer to steal users' session cookies. It works by using iframes to load cookie files from the local file system without triggering same-origin policy protections. The attack was disclosed to Microsoft in January 2011 and involves techniques like guessing the username and operating system of the victim to optimize cookie theft. A proof-of-concept is demonstrated that can steal authentication cookies for any website a user is logged into using only the vulnerable browser behavior.