Microsoft Investigating Mouse Tracking Flaw in Internet Explorer

Status
Not open for further replies.

chicofehr

Distinguished
Jan 29, 2012
538
0
18,990
2
I'm sure Microsoft is using this themselves which is why they don't seem bothered to fix it. Google probably wants this flaw to remain as well.
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
2
Internet Explorer versions 6, 7, 8, 9 and 10.
I wonder if MS is going to patch one of those two browsers IF they get around to the exploit, or at least IE7?...

Anyways, I already installed IE10, but I suppose I'll have wait for a while considering the fact that how easy it is to upload malware-loaded advertisements.
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
2
[citation][nom]Spartanmk2[/nom]When has internet explorer ever not had a vulnerability...[/citation]

When was there a software that was invulnerable except for ones completely inaccessible by humans (or not created by a human, because a jerk can set a critical embedded software to delete itself at 2012 Dec 21st before loading it to the devices).
 

alextheblue

Distinguished
Apr 3, 2001
3,078
106
20,970
2
[citation][nom]joytech22[/nom]Tracking cursor movement is about as useful as being blindfolded and trying to hit a pinata from 1000km away.[/citation]That's kind of what I was thinking. If it doesn't send information other than cursor location and ctrl, shift, alt key status, it's not much of a vulnerability.
 
G

Guest

Guest
As far as tracking the relative positions of a 10 key key pad that some banking websites use to defeat key loggers, I guess some banks can randomize the layout of the 10 key pad to defeat that vulnerability!
 

arson94

Distinguished
Apr 18, 2008
867
0
19,010
20
Well.... If I were to write messages to these "hackers" using my mouse cursor, like I moved my cursor around my desktop to write "Lick balls, bitch" would they receive my message? If not, then I guess I wouldn't call it much of a hack. They would probably think that my computer was infected with real malware that sporadically moved my mouse cursor around uncontrollably.
 

A Bad Day

Distinguished
Nov 25, 2011
2,256
0
19,790
2
[citation][nom]joytech22[/nom]Tracking cursor movement is about as useful as being blindfolded and trying to hit a pinata from 1000km away.[/citation]

If you can somehow get hold of what pages the person visited, and synced the cursor movements with the page histories...
 

PreferLinux

Distinguished
Dec 7, 2010
1,023
0
19,460
65
[citation][nom]A Bad Day[/nom]If you can somehow get hold of what pages the person visited, and synced the cursor movements with the page histories...[/citation]
Exactly. On its own, it isn't much. But put it with something else, and you could find it rather ... dreadful.
 

IzzyCraft

Distinguished
Nov 20, 2008
1,438
0
19,290
2
[citation][nom]SteelCity1981[/nom]how about more ie version updates instead of coming out with a new version every two years. IE should be at least v15 right now.[/citation]
Because MS IE team saves version numbers to real changes to the browser, it's people like you why FF changed their version numbering to increase their version number(rapid release plan) because idiots like you see larger numbers and think better. IE updates versions all the time with windows update, but they save updates mostly to bug fixes, security updates. Major performance and feature set are saved for full version numbers very similar to Firefox's older release plan. But ever since google shitted up things by having full version numbers for little reasons monzilla and opera both changed their update polices.
 

ojas

Distinguished
Feb 25, 2011
2,924
0
20,810
15
[citation][nom]A Bad Day[/nom]If you can somehow get hold of what pages the person visited, and synced the cursor movements with the page histories...[/citation]
Yeah, if you know the page layout then maybe you'd be on to something, but if i'm not wrong, virtual keyboards on banking sites are randomized independently of the page so i doubt it'll matter there.
 

jeffunit

Distinguished
May 19, 2008
117
0
18,680
0
it can get data from a virtual keyboard (like a number pad), which is often used for authentication while logging in to banking sites.
 

IzzyCraft

Distinguished
Nov 20, 2008
1,438
0
19,290
2
It would be hard, all you have is the mouse state data nothing else you can't tell what the user is doing easily. Also when using a touch keyboard the mouse doesn't move, meaning the only way this would work if for some reason the person uses a mouse to use the win8 touch keyboard instead of a touch screen plus you'd also need to know what website they are using at the time of recording. It's an incredibly difficult thing to exploit maliciously.

When you read more about the exploit you get a sense of how hard it would be to exploit it, also it's been around for a long time you can easily port this "exploit" over to firefox, opera and chrome, because it's a feature for ad servers dat click data.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS