[dba-Tech] Internet Explorer Data Leakage (versions 6 to 10)

Peter Brawley peter.brawley at earthlink.net
Thu Dec 13 10:29:15 CST 2012


On 2012-12-13 9:43 AM, Tina Norris Fields wrote:
> Holy Toledo! Thanks, Hans-Christian, for posting this.
> T
>
> Tina Norris Fields
> tinanfields at torchlake.com
> 231-322-2787
>
> On 12/13/2012 4:18 AM, Hans-Christian Andersen wrote:
>> http://spider.io/blog/2012/12/internet-explorer-data-leakage/
>>
>> This is a pretty severe security issue. All it takes is a little bit 
>> of javascript on any site you visit and they are able to fully track 
>> where your mouse is on your screen (even when IE is minimized). All 
>> versions of IE are vulnerable to this starting from IE 6. It's 
>> already being exploited in the wild.
>>
>> There is a demo included as a link, if you want to test this out 
>> yourself.

No thx, but why's anyone still using IE?

PB

-----

>>
>> - Hans
>>
>>
>> Excerpt from link:
>> _______________
>>
>> "On the 1st of October, 2012, we disclosed to Microsoft the following 
>> security vulnerability in Internet Explorer, versions 6–10, which 
>> allows your mouse cursor to be tracked anywhere on the screen—even if 
>> the Internet Explorer window is minimised. The vulnerability is 
>> particularly troubling because it compromises the security of virtual 
>> keyboards and virtual keypads.
>>
>> The motivation for using a virtual keyboard is typically that it 
>> reduces the chance of a keylogger recording one’s keypresses and 
>> thereby compromising one’s passwords or credit card details. (c.f. 
>> bit.ly/YnNBYE; bit.ly/VpapWf)
>>
>> Whilst the Microsoft Security Research Center has acknowledged the 
>> vulnerability in Internet Explorer, they have also stated that there 
>> are no immediate plans to patch this vulnerability in existing 
>> versions of the browser. It is important for users of Internet 
>> Explorer to be made aware of this vulnerability and its implications.
>>
>> The vulnerability is already being exploited by at least two display 
>> ad analytics companies across billions of page impressions per month."
>>
>>
>> _______________________________________________
>> dba-Tech mailing list
>> dba-Tech at databaseadvisors.com
>> http://databaseadvisors.com/mailman/listinfo/dba-tech
>> Website: http://www.databaseadvisors.com
>>
>
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
>



More information about the dba-Tech mailing list