| IE tracks cursor even when minimised
MS "no immediate plans to patch this vulnerability" |
Leosghost
msg:4527636 | 3:47 am on Dec 13, 2012 (gmt 0) |
An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit,” the company writes. “The vulnerability is already being exploited by at least two display ad analytics companies* across billions of webpage impressions each month.
|
|
[theregister.co.uk...]
original story here..
[spider.io...]
demo here..
[iedataleak.spider.io...]
*and possibly a search engine or two ;)
|
bill
msg:4527664 | 5:52 am on Dec 13, 2012 (gmt 0) |
Aside from people using virtual keyboards in specific instances I'm not sure I see how this would be a big priority to fix. There are all sorts of variables such as screen size, resolution, Window size, Window position, etc. that would need to be known in order for this to be exploited to any degree.
|
engine
msg:4528075 | 12:29 pm on Dec 14, 2012 (gmt 0) |
Microsoft is investigating the alleged issue. Here's the latest from Microsoft.
Over the last few days we’ve seen reports alleging abuse of a browser behavior regarding mouse position. Microsoft is working closely with other companies to address the concern of mouse position movement. From what we know now, the underlying issue has more to do with competition between analytics companies than consumer safety or privacy.
We are actively working to adjust this behavior in IE. There are similar capabilities available in other browsers. Analytics firms can expect to do viewpoint detection in IE similarly to how they do this in other browsers. Update to Alleged Information and Security Issue with Mouse Position Behavior [blogs.msdn.com] |
|
|
|
|
