Sign up for a new account or log in here:
also @ TechSpot: Codemasters announces £125,000 special edition of GRID 2
Spider.io reported today that Microsoft has no "immediate plans" to fix the potential Internet Explorer vulnerability which allows any website operator (or advertiser, hacker etc...) to track a visitor's mouse cursor movements. Microsoft's security team has acknowledged the issue but it is unclear if it will ever be resolved.
It was a few months ago that Spider.io first uncovered the interesting Internet Explorer flaw (feature?). Most disturbingly though, the flaw isn't isolated to just the browser window: it extends beyond IE's viewport to anywhere on a user's screen -- it even continues to work while the browser window is minimized. This bug affects IE6, IE7, IE8, IE9 and yes -- you guessed it -- IE10.
Proponents of squashing this bug believe the flaw has obvious privacy implications, but also presents a security risk -- this is particularly for virtual keyboard and keypad users. Physically disabled and security-minded visitors who may use virtual keyboards as a way to preempt keyloggers should be the most concerned. For everyone else though, well... it's just creepy.
One thing that is not mentioned though -- and I'm very curious about this -- is whether or not the flaw extends to Windows touchscreen PCs and tablets. When a user touches an element within Internet Explorer on Windows 8 or RT, for example, can the location of those touches be recorded like the movements of a mouse? If so, this could be a huge security issue for Windows touchscreen users who rely upon an on-screen keyboard, potentially providing a way to expose their passwords and other sensitive information.
Here is Spider.io's demo which demonstrates the potential vulnerability for IE users. Any Surface (or Windows touchscreen) users out there care to give it a shot? Let us know what you find.
Related Products from Product Finder
Acer Aspire S7-391
The Acer Aspire S7-391 features a 13.3" 1920x1080 LED backlit multi-touch display with Intel HD Graphics 4000, it its powered by an Intel Core i7-3517U (1.9 - 3.0GHz) and 4GB of DDR3 RAM, it packs 256GB SSD and a SD/MMC card reader. Last but not least, the S7 includes 2 USB 3.0 ports and HDMI.
Microsoft Surface
The Microsoft Surface features a 10.6-inch Gorilla Glass display and a vapor-deposited magnesium chassis, the Surface runs a Core i5 Ivy Bridge processor and the latter packing an ARM-based Nvidia chip. The Touch Cover measures 3mm thick and has a multitouch keyboard as well as a trackpad, with a Touch Cover, the Surface measures just shy of half an inch.
Lenovo ThinkPad X1 Carbon
The Lenovo ThinkPad X1 Carbon sports an Intel Core i5 3427U processor and integrated HD 4000 graphics, 4GB of RAM, and a 128GB solid-state drive. You can upgrade that to a Core i7 3667U, 8GB of RAM, and up to a 256GB of flash-based storage for an extra ~$150. It also offers one mini DisplayPort, a couple of USB ports (one is 3.0), a 4-in-1 SD card reader, and Ethernet via a USB
Lenovo C325
Read expert reviews, pros & cons, and product information about Lenovo C325. There are 6 reviews available so far.
User Comments: 7
Got something to say? Post a comment-
Interesting. Curious, would the "hacker" know what's on your screen (outisde of IE)? Would they have to take screenshots of your computer to know what you're clicking? It seems this is more of a privacy issue if so. Regardless they need to fix this asap.
-
Thats why you dont use IE. I dont care how much "better" it is than before, there are better options and microsoft is continuing to neglect huge issues.
-
Trillionsin said:
I dont care if they know where my mouse is or clicking... what I do care about is when it's in relation to what's on my screen. I kinda skimmed the article, and maybe a missed a detail... but sounds like no big deal.
-
Thats why you dont use IE. I dont care how much "better" it is than before, there are better options and microsoft is continuing to neglect huge issues.
Yeah, right. Both Chrome and Firefox have dozens of vulnerabilities discovered every month in them (all of them which allow you also to monitor mouse coordinates, and much more), but you don't use IE, because a web page opened in it can query the coordinates of the mouse - which by itself has no privacy implications whatsoever. Makes sense.
-
Ha ha, silly they are. Even a big company like tinysoft can't escape the bug pandemic. Seem their updates are the work of little children or people that work for their daily 10 grains of rice.
Keep up the good work!
-
Does having an SSL connection to (for example) your bank mitigate this risk?
-
Yeah, right. Both Chrome and Firefox have dozens of vulnerabilities discovered every month in them (all of them which allow you also to monitor mouse coordinates, and much more), but you don't use IE, because a web page opened in it can query the coordinates of the mouse - which by itself has no privacy implications whatsoever. Makes sense.
cause firefox and chrome are the only "better" alternatives, right? kk.
I wasnt talking about this one in particular. I dont care how small the privacy threat is, make some sort of attempt fix it.
Most Popular
| Trending | Featured |
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.