Jim Lawrence
accessd at shaw.ca
Thu Dec 13 21:46:20 CST 2012
Looking at the web site page header seems to suggest that this process only affects IE9 or less or any IE mobile products... but if you can test and post your observations that would be helpful. (I do not run IE.) <!--[if lt IE 9]> ... <!--<![endif]--> <!--[if IEMobile]>--> ... <!--<![endif]--> Jim -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of John Bartow Sent: Thursday, December 13, 2012 1:33 PM To: 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] Internet Explorer Data Leakage (versions 6 to 10) Does this affect IE10? -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Hans-Christian Andersen Sent: Thursday, December 13, 2012 3:18 AM To: Discussion of Hardware and Software issues Subject: [dba-Tech] Internet Explorer Data Leakage (versions 6 to 10) http://spider.io/blog/2012/12/internet-explorer-data-leakage/ This is a pretty severe security issue. All it takes is a little bit of javascript on any site you visit and they are able to fully track where your mouse is on your screen (even when IE is minimized). All versions of IE are vulnerable to this starting from IE 6. It's already being exploited in the wild. There is a demo included as a link, if you want to test this out yourself. - Hans Excerpt from link: _______________ "On the 1st of October, 2012, we disclosed to Microsoft the following security vulnerability in Internet Explorer, versions 6-10, which allows your mouse cursor to be tracked anywhere on the screen-even if the Internet Explorer window is minimised. The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads. The motivation for using a virtual keyboard is typically that it reduces the chance of a keylogger recording one's keypresses and thereby compromising one's passwords or credit card details. (c.f. bit.ly/YnNBYE; bit.ly/VpapWf) Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser. It is important for users of Internet Explorer to be made aware of this vulnerability and its implications. The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month." _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com