Welcome to WebmasterWorld Guest from 50.16.112.199

Forum Moderators: open

IE tracks cursor even when minimised

MS "no immediate plans to patch this vulnerability"

   
3:47 am on Dec 13, 2012 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



An attacker can get access to your mouse movements simply by buying a display ad slot on any webpage you visit,” the company writes. “The vulnerability is already being exploited by at least two display ad analytics companies* across billions of webpage impressions each month.

[theregister.co.uk...]

original story here..
[spider.io...]

demo here..
[iedataleak.spider.io...]

*and possibly a search engine or two ;)
5:52 am on Dec 13, 2012 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Aside from people using virtual keyboards in specific instances I'm not sure I see how this would be a big priority to fix. There are all sorts of variables such as screen size, resolution, Window size, Window position, etc. that would need to be known in order for this to be exploited to any degree.
12:29 pm on Dec 14, 2012 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Microsoft is investigating the alleged issue. Here's the latest from Microsoft.

Over the last few days we’ve seen reports alleging abuse of a browser behavior regarding mouse position. Microsoft is working closely with other companies to address the concern of mouse position movement. From what we know now, the underlying issue has more to do with competition between analytics companies than consumer safety or privacy.

We are actively working to adjust this behavior in IE. There are similar capabilities available in other browsers. Analytics firms can expect to do viewpoint detection in IE similarly to how they do this in other browsers. Update to Alleged Information and Security Issue with Mouse Position Behavior [blogs.msdn.com]
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month