Hans-Christian Andersen
hans.andersen at phulse.com
Thu Dec 13 15:36:28 CST 2012
According to the article, it affects IE 10 as well as all previous versions of IE starting from IE 6. - Hans On 2012-12-13, at 1:33 PM, "John Bartow" <john at winhaven.net> wrote: > Does this affect IE10? > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Hans-Christian > Andersen > Sent: Thursday, December 13, 2012 3:18 AM > To: Discussion of Hardware and Software issues > Subject: [dba-Tech] Internet Explorer Data Leakage (versions 6 to 10) > > > http://spider.io/blog/2012/12/internet-explorer-data-leakage/ > > This is a pretty severe security issue. All it takes is a little bit of > javascript on any site you visit and they are able to fully track where your > mouse is on your screen (even when IE is minimized). All versions of IE are > vulnerable to this starting from IE 6. It's already being exploited in the > wild. > > There is a demo included as a link, if you want to test this out yourself. > > - Hans > > > Excerpt from link: > _______________ > > "On the 1st of October, 2012, we disclosed to Microsoft the following > security vulnerability in Internet Explorer, versions 6-10, which allows > your mouse cursor to be tracked anywhere on the screen-even if the Internet > Explorer window is minimised. The vulnerability is particularly troubling > because it compromises the security of virtual keyboards and virtual > keypads. > > The motivation for using a virtual keyboard is typically that it reduces the > chance of a keylogger recording one's keypresses and thereby compromising > one's passwords or credit card details. (c.f. bit.ly/YnNBYE; bit.ly/VpapWf) > > Whilst the Microsoft Security Research Center has acknowledged the > vulnerability in Internet Explorer, they have also stated that there are no > immediate plans to patch this vulnerability in existing versions of the > browser. It is important for users of Internet Explorer to be made aware of > this vulnerability and its implications. > > The vulnerability is already being exploited by at least two display ad > analytics companies across billions of page impressions per month." > > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com