Internet Explorer vulnerability lets hackers track your mouse movements

[Fiery]

A vulnerability found in Microsoft's Internet Explorer allows hackers to track the movements of your mouse cursor across the screen, which could in turn reveal data entered on virtual keyboards.

Virtual keyboards and keypads can be used to reduce the chance of a keylogger recording every keystroke and therefore being able to "read" your passwords. However Spider.io discovered that Internet Explorer versions 6 to 10 make it possible for your mouse cursor to be tracked anywhere on screen, even if the IE tab is minimized. You can see a video demonstration of the vulnerability embedded in this post, or you can try it yourself at this link (provided you are browsing with IE).

This particular vulnerability is of concern, because if you use Internet Explorer your mouse movements can be recorded even if you never install any software. A hacker simply needs to buy a display advertising placement on any webpage you visit. As long as the tab with the ad remains open, mouse movements can be tracked.

The analytics company disclosed the vulnerability to Microsoft back in October, but has now gone public. The Microsoft Security Research Centre recognizes that there is a vulnerability but has said that there are no immediate plans to patch it. Spider.io says that a number of Web analytics companies are already making use of this ability to track cursor movements.

Read more: http://arstechnica.com/security/2012/12/internet-explorer-vulnerability-lets-hackers-track-your-mouse-movements/

 

[Gnosis]

Always coming up with something..................
It is an infinite back and forth between security and malicious activity.

 

[Plexx]

It is inevitable. One needs to keep the balance of things.

Without exploits etc, there would be just a plain choice of software and no one would really make money or anything.

With exploits, holes, etc, there is competition. Where there is competition, there is innovation and improvements.

Can we imagine if we were still on the Netscape browser or Neoplanet (mind you I did like Neoplanet back then)?

The only improvement without such balance would be aesthetic to "fight" against its competition.

What troubles me is MS decision on no immediate patch. Not sure what exactly they are thinking. But nevertheless no one is perfect.

 

[Exterminator]

Wow Netscape,havent heard that in a long,long time Is this exploit new ? It wasnt addressed in yesterdays updates?

I guess its like anything,once you are good at something you grow bored with it and need to find something more challenging to get that rush.Im sure hackers are the same way.

 

[3link9]

Wow Netscape,havent heard that in a long,long time Is this exploit new ? It wasnt addressed in yesterdays updates?

I guess its like anything,once you are good at something you grow bored with it and need to find something more challenging to get that rush.Im sure hackers are the same way.

According to the article the company let microsoft know back in october but Microsoft said they know about it but have no immediate plans to patch it.
Shame, really.

 

[Jack]

Internet Explorer flaw allows attackers to track your mouse movements

Researchers have found a security hole in Internet Explorer, potentially giving hackers a way of tracking your mouse cursor movements, even if your window is inactive, minimised or unfocused.

The vulnerability is particularly worrisome given that it thwarts the use of virtual keyboards and virtal keypads, which are used as a defence against keyloggers.

The vulnerability was discovered by spider.io, vendor of a hosted platform that the company says allows users to distinguish between human website visitors and bots in real time.

Here's a brief video where the issue is demonstrated:

[video=youtube]http://www.youtube.com/watch?&v=qxUa2VWnE8A[/video]​

Read more: http://nakedsecurity.sophos.com/2012/12/14/internet-explorer-flaw-mouse-tracking/

 

[illumination]

I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.

 

[Tom172]

Still it's better for people to know the issue exists even is there's no fix.

 

[Exterminator]

I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.

It is nice to be aware of threats but when there seems to be no defense there is really no point.It's just giving someone with malicious intentions more ideas.Makes you wonder sometimes if it is all just part of the browser wars.

 

[Tom172]

I just love that they push this info out about vulnerability's but issue no fixes. In the way the info is pushed out, it is like a Criminal advertisement, like holding up a big sign "come and get it". As others have stated as well as myself at times in this forum, it is a very lucrative business.

It is nice to be aware of threats but when there seems to be no defense there is really no point.It's just giving someone with malicious intentions more ideas.Makes you wonder sometimes if it is all just part of the browser wars.

I think it's safe to say people who are involved in cyber crime and writing malicious code are aware of these vulnerabilities long before they're brought to people's attention by the media.

 

[illumination]

I think it's safe to say people who are involved in cyber crime and writing malicious code are aware of these vulnerabilities long before they're brought to people's attention by the media.

That may be the case, but at what percentage already know, and what does that percentage look like after it has been aired with still no fixes?
One would think there would be a better solution then this with today's technology.

 

[Tom172]

You've got a point there also. There might be some people with some know-how who might want to get up to nefarious activities after reading such news. The upside is that we can alert people who use IE and possibly prevent them from a lot of grief.