Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: IE flaw allows attackers, advertisers to track cursor movement

12 Dec 2012   #1
Brink
Microsoft MVP

64-bit Windows 10
 
 
IE flaw allows attackers, advertisers to track cursor movement

Quote:
A software engineer from online analytics company Spider.io is claiming that a security flaw in Internet Explorer 6-10 could allow attackers or advertisers to track user's mouse movements, potentially compromising data entered via virtual keyboards.

Nick Johnson, who previously worked for Google before joining Spider.io, posted details of the flaw on the Bugtraq mailing list this morning.

"Internet Explorer's event model populates the global Event object with some attributes relating to mouse events, even in situations where it should not. Combined with the ability to trigger events manually using the fireEvent() method, this allows JavaScript in any web page (or in any iframe within any web page) to poll for the position of the mouse cursor anywhere on the screen and at any time even when the tab containing the page is not active, or when the Internet Explorer window is unfocused or minimized."

Read more at source:
IE flaw allows attackers, advertisers to track cursor movement | ZDNet


My System SpecsSystem Spec
.

12 Dec 2012   #2
Bearcatrp

Win7 Pro 64
 
 

My System SpecsSystem Spec
12 Dec 2012   #3
Urthboundmisfit

7 Pro x64 SP1, XP SP3 VM
 
 

Live Demo (Must use Innernetz Ex-PLODE-r) Challenge - spider.io
My System SpecsSystem Spec
.


12 Dec 2012   #4
Pauly

Win7 Ultimate X64
 
 

Wow that demo is a bit scary, not just mouse but shortcut keys too!!!
My System SpecsSystem Spec
12 Dec 2012   #5
Alejandro85

Windows 7 Ultimate x64
 
 

Why a security flaw in IE is considered to be a "new"?

Really, this one goes beyond limits. One more reason (as if there were not enough) to NEVER, EVER use IE, for ANY reason. With any other browser you would not have to worry about this or any virus trying to sneak into your computer, and even a faster and more standard-compatible browsing experience.
My System SpecsSystem Spec
13 Dec 2012   #6
Brink
Microsoft MVP

64-bit Windows 10
 
 

My System SpecsSystem Spec
29 Dec 2012   #7
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Would an anti-key-logger like Zemana protect against this?

I have a commercial license version 1.9.3.251 that includes screen capture protection.

I have emailed Zemana, but haven't heard anything back yet, maybe its the holidays?
My System SpecsSystem Spec
30 Dec 2012   #8
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Anak View Post
Would an anti-key-logger like Zemana protect against this?

I have a commercial license version 1.9.3.251 that includes screen capture protection.

I have emailed Zemana, but haven't heard anything back yet, maybe its the holidays?
Just try it!
In the first link it shows a page that uses that vulnerability to show you how IE can track your mouse. With that software in place, try if the page can still track you down.

Anyway, antivirus or not, IE remains a big security threat to any computer, and maybe tomorrow a new flaw is discovered. The best bet is to use a real browser instead.
My System SpecsSystem Spec
30 Dec 2012   #9
bobafetthotmail

Win 7 Pro 64-bit 7601
 
 

theoretically, if the on-screen keyboard has its keys messed up randomly (it's no more a QWERTY) you can fool this device as it does know you click somewhere, but not what that button is.

But yes, this is a bit outrageous. If it goes on like this the only safe and light-ish browser left is Opera.
My System SpecsSystem Spec
30 Dec 2012   #10
bassfisher6522

Windows 7 Ultimate 64 bit
 
 

Well I'm glad I switched to firefox since my last clean install of both laptop and desktop about 3 days ago. It must be my 6th sense that told me to.
My System SpecsSystem Spec
Reply

 IE flaw allows attackers, advertisers to track cursor movement




Thread Tools





Similar help and support threads
Thread Forum
Fear not: Kindle flaw that opened your Amazon account to attackers...
Fear not: Kindle flaw that opened your Amazon account to attackers appears fixed Source A Guy
Security News
Attackers scanning for Symantec Endpoint Protection Manager flaw
Read more at: Attackers scanning for Symantec Endpoint Protection Manager flaw | ZDNet
Security News
Cursor movement while typing.
Hi, I have this problem with my laptop Sony VAIO VGN-NS11J. The problem is that while typing text the Cursor will either jump back into previously typed text or will sometimes initiate another page on it's own. This is very annoying as I cannot type well enough to watch the screen and type - and...
General Discussion
Attackers Hit New Adobe Reader, Acrobat Flaw
Attackers Hit New Adobe Reader, Acrobat Flaw — Krebs on Security
Security News
Sony Vaio Laptop Cursor Random Movement Workaround
I thought I'd post this as a solution rather than a problem as it appears to be a common problem. I recently bought a new Sony Vaio laptop and got on great with it until I noticed an aggravating problem. Whenever I was typing some text, the cursor had an annoying habit of jumping all over...
General Discussion
Firefox Do-Not-Track Feature Has a Fatal Flaw
Firefox Do-Not-Track Feature Has a Fatal Flaw - PCWorld Business Center
Browsers & Mail

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 18:51.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App