John Bartow
john at winhaven.net
Thu Dec 13 15:53:22 CST 2012
Good grief. Well, no, bad grief. Sometimes you just have to wonder what the MS IE team is thinking. Does it affect any other browser? -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Hans-Christian Andersen Sent: Thursday, December 13, 2012 3:36 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] Internet Explorer Data Leakage (versions 6 to 10) According to the article, it affects IE 10 as well as all previous versions of IE starting from IE 6. - Hans On 2012-12-13, at 1:33 PM, "John Bartow" <john at winhaven.net> wrote: > Does this affect IE10? > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of > Hans-Christian Andersen > Sent: Thursday, December 13, 2012 3:18 AM > To: Discussion of Hardware and Software issues > Subject: [dba-Tech] Internet Explorer Data Leakage (versions 6 to 10) > > > http://spider.io/blog/2012/12/internet-explorer-data-leakage/ > > This is a pretty severe security issue. All it takes is a little bit > of javascript on any site you visit and they are able to fully track > where your mouse is on your screen (even when IE is minimized). All > versions of IE are vulnerable to this starting from IE 6. It's already > being exploited in the wild. > > There is a demo included as a link, if you want to test this out yourself. > > - Hans > > > Excerpt from link: > _______________ > > "On the 1st of October, 2012, we disclosed to Microsoft the following > security vulnerability in Internet Explorer, versions 6-10, which > allows your mouse cursor to be tracked anywhere on the screen-even if > the Internet Explorer window is minimised. The vulnerability is > particularly troubling because it compromises the security of virtual > keyboards and virtual keypads. > > The motivation for using a virtual keyboard is typically that it > reduces the chance of a keylogger recording one's keypresses and > thereby compromising one's passwords or credit card details. (c.f. > bit.ly/YnNBYE; bit.ly/VpapWf) > > Whilst the Microsoft Security Research Center has acknowledged the > vulnerability in Internet Explorer, they have also stated that there > are no immediate plans to patch this vulnerability in existing > versions of the browser. It is important for users of Internet > Explorer to be made aware of this vulnerability and its implications. > > The vulnerability is already being exploited by at least two display > ad analytics companies across billions of page impressions per month." > > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com