Peter Brawley
peter.brawley at earthlink.net
Thu Dec 13 10:29:15 CST 2012
On 2012-12-13 9:43 AM, Tina Norris Fields wrote: > Holy Toledo! Thanks, Hans-Christian, for posting this. > T > > Tina Norris Fields > tinanfields at torchlake.com > 231-322-2787 > > On 12/13/2012 4:18 AM, Hans-Christian Andersen wrote: >> http://spider.io/blog/2012/12/internet-explorer-data-leakage/ >> >> This is a pretty severe security issue. All it takes is a little bit >> of javascript on any site you visit and they are able to fully track >> where your mouse is on your screen (even when IE is minimized). All >> versions of IE are vulnerable to this starting from IE 6. It's >> already being exploited in the wild. >> >> There is a demo included as a link, if you want to test this out >> yourself. No thx, but why's anyone still using IE? PB ----- >> >> - Hans >> >> >> Excerpt from link: >> _______________ >> >> "On the 1st of October, 2012, we disclosed to Microsoft the following >> security vulnerability in Internet Explorer, versions 6–10, which >> allows your mouse cursor to be tracked anywhere on the screen—even if >> the Internet Explorer window is minimised. The vulnerability is >> particularly troubling because it compromises the security of virtual >> keyboards and virtual keypads. >> >> The motivation for using a virtual keyboard is typically that it >> reduces the chance of a keylogger recording one’s keypresses and >> thereby compromising one’s passwords or credit card details. (c.f. >> bit.ly/YnNBYE; bit.ly/VpapWf) >> >> Whilst the Microsoft Security Research Center has acknowledged the >> vulnerability in Internet Explorer, they have also stated that there >> are no immediate plans to patch this vulnerability in existing >> versions of the browser. It is important for users of Internet >> Explorer to be made aware of this vulnerability and its implications. >> >> The vulnerability is already being exploited by at least two display >> ad analytics companies across billions of page impressions per month." >> >> >> _______________________________________________ >> dba-Tech mailing list >> dba-Tech at databaseadvisors.com >> http://databaseadvisors.com/mailman/listinfo/dba-tech >> Website: http://www.databaseadvisors.com >> > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com >