Dangerous IE Exploit Tracks Your Mouse Movements [Updated]

By -

On the 1st of October, 2012, a vulnerability in Internet Explorer ( from 6 to 10 versions) was submitted by spider.io and it showed a internet-explorerexploit that could be used to track one’s pointer movements on the screen. This exploit could be used by those interested in gaining sensible information even when the target only used a virtual keyboard.

Although the issue was submitted to the Microsoft Security Research Center, it seems that they are not interested in fixing the problem, and it remains unresolved. This vulnerability is especially dangerous to those using virtual keyboards to enter credit card details or phone numbers.

How could this affect users of IE?

Even those who are using virtual keyboards for the purpose of bypassing any keyloggers are not safe, this is because the exploit tracks the movement and clicks of your mouse even when Internet Explorer is minimized. The researchers at spider.io have created a demo page that shows the exploit in action, and there is also a video that shows how easy it is to learn what someone is clicking on a dial pad.


The submitter of the exploit have stated that they have informed Microsoft of the issue, and from what we can see on their website, there was no action taken to address it:
Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browse
Furthermore, because the exploit can be implemented on IE 6-10, there are a lot of potential victims out there and they need to made aware of the problem. Luckily, where Microsoft refuses to take action, others do. Also on the page describing the problem, spider.io assures users that there are companies that are trying to come up with a solution.
The course Microsoft is taking in regard to this problem is unprofessional to say the least, but we think that they are only trying to keep Internet Explorer as the best browser to download other browsers with. If this is the case, then they are doing a terrific job! The bug report submitted by Nick Johnson of spider.io can is pretty extensive, and it describes in the vulnerability detail. Also, he has presented the code for the exploit itself:
internet-explorer-exploit
We hope that the importance of this problem is noticed by more people and more security companies and that a tool will be released soon to make IE safe for those who do not want to migrate towards a good browser.
Update: Following the furore surrounding the vulnerability, Microsoft has finally succumbed to the pressure and has now clarified that it is investigating the issue. They still insist that the underlying issue has more to do with competition between analytics companies than consumer safety or privacy, but spider.io’s report paints a different picture altogether.

Comments

Post a Comment

Popular posts from this blog

How to Send Fax From Your PC

By -
Image
T he fax machine has been around for a long time. And until the more easy electronic mediums for sharing information took over, it was a crucial piece of equipment that could not miss from any office. Nevertheless, these devices have not been completely forgotten, and nowadays, there are still many in use. Also, the implementation of fax machines in All-in-One printers have given them a new life. But in the way of progress, not even this iconic device can stand. And thanks to the developments brought on by the electronic age, the fax machine has moved from the physical world to the virtual one. Traditional fax machines can now receive information from computers also, making them much better suited to integrate in this new era. How to send fax from a computer?   If you think that sending fax from a computer is something complicated that can only be done by IT specialists, you are very wrong. The fact of the matter is that the process is not too
Read more

Mega List of Windows 8 Drivers

By -
Image
Windows 8 is out in the wild for quite a while now, but not all companies have been prompt with the release of optimized drivers for Windows 8 . I personally experienced this issue and I can tell you how frustrating it is. I think every company should prepare much better for such an important like the Windows 8 launch was. Everything should be ready to go when the OS sees the sunlight. However, things weren’t like that and users, in many cases, should search on their own for Windows 8 compatible drivers . That’s why we’ve decided to come up with a list that will surely help you out. We’ll try to put here as many drivers as we can find so you can find what you’re look for. Update your drivers from within Windows 8 Before jumping to the list below, you should know that there are a few ways to update your drivers to Windows 8. Microsoft has thought about this, as well, and they’ve included some very easy ways to update your drivers. Here are two basic, automatic driver upd
Read more

Best 13 Websites to Create and Download Facebook Covers

By -
Image
Since Facebook introduced their Timeline design, everyone started to customize their personal & professional pages with cover photos and profile images that said more about them. This feature has definitely made Facebook much more creative, as it gave each user the possibility to create their own page designs. Although users can use just about any picture they want as a cover photo, most of the time, they will search for something that suits their moods or something that just looks awesome. And we’ve seen some awesome Facebook covers from inspired users, but for those who want the easy way out, or who do not possess the skills to modify photos in a professional program, there is a solution, and today we’ll be talking about it. Facebook Cover Photo Makers Yes, that’s right, there are lot of such websites on the web, and most of them offer free cover photos for users to use on their profiles. There are also websites
Read more