Read more.Microsoft IE6, IE7, IE8, IE9, and IE10 all have this security hole.
Read more.Microsoft IE6, IE7, IE8, IE9, and IE10 all have this security hole.
I'd love to watch them track mine, I dance it to the music and use it to guide my eyes when reading text. On top of that I just like to wave it round based on my mood!
Ditto, they'd go nuts watching mine constantly drawing boxes on the desktop and highlighting text randomly, drives my gf nuts
can't help but think this is just another 'IE=(GOOD|BAD)' makes pages impressions story.
throw new ArgumentException (String, String, Exception)
More worrying would be if this could be used to track touch enabled devices' finger movements, considering we'd mostly be talking about standard keyboard layouts there. Imagine this scenario where you browse various sites using a tab enabled browser and one of the tabs has this exploit running without you knowing. You then navigate to other tabs and complete purchases, enter your credit card details,... all by typing on a virtual keyboard that's easy enough to anticipate its location and layout. Now, that is indeed worrying. I didn't investigate the MS touch APIs in IE, but if they're using similar or even same APIs as for any other HID, this is hackers gold. It would actually be extremely easy for MS to solve this by simply tracking IE mouse movements (or any other HID events) when the caller window is active and limit that tracking to active window's system events, like in any other application. Funny enough, they aren't doing it yet. IE must be written off as some procedural garbage, simple as that.
Probably true. Then again I stopped using IE two or three bad-stories-about-it ago - even on Windows I use Chrome or Firefox, and if I could be bothered to disable IE I probably would.
But for the sake of the folks who do use IE, I hope Microsoft are taking this seriously and generating a patch...
AFIAK its mouse only, 'touch' uses a differen't API.
At the end of the day this is about one researchers opinion that this could be a potential flaw, he hasn't demonstrated it, which is important to remember. Meanwhile the independant security team at microsoft don't see it as a serious attack vector, and the IE team don't. MS apparently structures itself like that so one product team can't just say "we'd loose functionality" because the security team can overrule them. Neither team think its an issue, this guy hasn't demonstraited it to be.
I think this is much ado about nothing right now. Capturing mouse is a very useful programing feature. Hell I've just used it yesterday to make this drag n drop stuff slicker.
throw new ArgumentException (String, String, Exception)
And Microsoft have responded:
http://blogs.msdn.com/b/ie/archive/2...-behavior.aspx
Basically people know that putting "hurr Durrp IE is crap" as a headline, is SEO gold, almost as good as "Ipad - anything", but probably not as good.
So some analyitics firm went on with that. I'm kinda disapointed in hexus because there was no compitent analysis of it from a software POV. No comparison with APIs available in other browsers etc.
Instead its just a bandwagon thing.
throw new ArgumentException (String, String, Exception)
this has been going on for years microsoft has never fixed this wormhole and loads of others they have been warned by the big guys and yet still minor fixes,this will never get fixed as its a was for even MS to spy on you like they did on win Me and win XP its the real truth why people moving to other browsers and even linux
There are currently 1 users browsing this thread. (0 members and 1 guests)