The attack relies on duping MySpace users into clicking on a rigged link, perhaps in an online forum or bulletin board that routes them to a file that steals passwords and other information from their cookies.
The "hole" in defense is not limited to MySpace, Facebook and Google can be vulnerable to the attacks.
Hackers that don't want to trick users into clicking on booby-trapped links to raid cookies can do it remotely at "hot spots" where people wirelessly connect to the Internet
Websites could fix the problem by encrypting cookies
http://uk.news.yahoo...-5f79ecc_1.html