Results 1 to 10 of 10

Thread: News - Internet Explorer vulnerability allows hackers to track mouse

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    News - Internet Explorer vulnerability allows hackers to track mouse

    Microsoft IE6, IE7, IE8, IE9, and IE10 all have this security hole.
    Read more.

  2. #2
    Formerly known as Andehh Andeh13's Avatar
    Join Date
    Oct 2005
    Location
    Northampton
    Posts
    3,354
    Thanks
    855
    Thanked
    258 times in 153 posts
    • Andeh13's system
      • Motherboard:
      • Gigabyte GA-P35
      • CPU:
      • Intel Q6600
      • Memory:
      • 4gb Corsair XMS2 800mhz
      • Storage:
      • 1 x 250gb Western Digital AAKS, 2 x 500gb Western Digital AAKS, 1TB WD Caviar Green
      • Graphics card(s):
      • BFG Geforce 8800GTS 512mb
      • PSU:
      • Corsair HX520
      • Case:
      • Antec 900
      • Operating System:
      • Windows 7 64bit
      • Monitor(s):
      • Samsung 24" & Sony 17"
      • Internet:
      • Virgin 10mb... hate them!
    I'd love to watch them track mine, I dance it to the music and use it to guide my eyes when reading text. On top of that I just like to wave it round based on my mood!

  3. #3
    Senior Member
    Join Date
    Jul 2008
    Posts
    343
    Thanks
    14
    Thanked
    9 times in 7 posts

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    Ditto, they'd go nuts watching mine constantly drawing boxes on the desktop and highlighting text randomly, drives my gf nuts

  4. #4
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    can't help but think this is just another 'IE=(GOOD|BAD)' makes pages impressions story.
    throw new ArgumentException (String, String, Exception)

  5. #5
    Member
    Join Date
    Jul 2012
    Posts
    167
    Thanks
    11
    Thanked
    13 times in 8 posts

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    More worrying would be if this could be used to track touch enabled devices' finger movements, considering we'd mostly be talking about standard keyboard layouts there. Imagine this scenario where you browse various sites using a tab enabled browser and one of the tabs has this exploit running without you knowing. You then navigate to other tabs and complete purchases, enter your credit card details,... all by typing on a virtual keyboard that's easy enough to anticipate its location and layout. Now, that is indeed worrying. I didn't investigate the MS touch APIs in IE, but if they're using similar or even same APIs as for any other HID, this is hackers gold. It would actually be extremely easy for MS to solve this by simply tracking IE mouse movements (or any other HID events) when the caller window is active and limit that tracking to active window's system events, like in any other application. Funny enough, they aren't doing it yet. IE must be written off as some procedural garbage, simple as that.

  6. #6
    Senior Member
    Join Date
    Jun 2004
    Location
    Kingdom of Fife (Scotland)
    Posts
    4,991
    Thanks
    393
    Thanked
    220 times in 190 posts
    • crossy's system
      • Motherboard:
      • ASUS Sabertooth X99
      • CPU:
      • Intel 5830k / Noctua NH-D15
      • Memory:
      • 32GB Crucial Ballistix DDR4
      • Storage:
      • 500GB Samsung 850Pro NVMe, 1TB Samsung 850EVO SSD, 1TB Seagate SSHD, 2TB WD Green, 8TB Seagate
      • Graphics card(s):
      • Asus Strix GTX970OC
      • PSU:
      • Corsair AX750 (modular)
      • Case:
      • Coolermaster HAF932 (with wheels)
      • Operating System:
      • Windows 10 Pro 64bit, Ubuntu 16.04LTS
      • Monitor(s):
      • LG Flattron W2361V
      • Internet:
      • VirginMedia 200Mb

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    Quote Originally Posted by TheAnimus View Post
    can't help but think this is just another 'IE=(GOOD|BAD)' makes pages impressions story.
    Probably true. Then again I stopped using IE two or three bad-stories-about-it ago - even on Windows I use Chrome or Firefox, and if I could be bothered to disable IE I probably would.

    But for the sake of the folks who do use IE, I hope Microsoft are taking this seriously and generating a patch...

    Career status: still enjoying my new career in DevOps, but it's keeping me busy...

  7. #7
    Sprouts are not food Attila the Bun's Avatar
    Join Date
    Jul 2010
    Location
    Not Bath anymore - but close
    Posts
    752
    Thanks
    74
    Thanked
    42 times in 37 posts
    • Attila the Bun's system
      • Motherboard:
      • ASUS Maximus VII Gene
      • CPU:
      • Intel i7 4790K with H100i cooler
      • Memory:
      • 16GB CORSAIR Vengence 1600
      • Storage:
      • 250 GB Samsung 850 EVO / 256GB Samsung 830 / 1 TB Hitachi Deskstar
      • Graphics card(s):
      • ASUS RADEON 7970 CU II TOP
      • PSU:
      • 650w EVGA Supernova G2
      • Case:
      • Lian Li V359
      • Operating System:
      • Win 7 Pro / Win 8(laptop)
      • Monitor(s):
      • Various
      • Internet:
      • 16mb down, 1mb up

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    Quote Originally Posted by crossy View Post
    But for the sake of the folks who do use IE, I hope Microsoft are taking this seriously and generating a patch...
    Some of us don't have a choice despite pointing out the obvious advantages of using more secure browsers.
    Of course I'm perfect you just need to lower your expectations.

  8. #8
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    Quote Originally Posted by howdee View Post
    More worrying would be if this could be used to track touch enabled devices' finger movements
    AFIAK its mouse only, 'touch' uses a differen't API.

    At the end of the day this is about one researchers opinion that this could be a potential flaw, he hasn't demonstrated it, which is important to remember. Meanwhile the independant security team at microsoft don't see it as a serious attack vector, and the IE team don't. MS apparently structures itself like that so one product team can't just say "we'd loose functionality" because the security team can overrule them. Neither team think its an issue, this guy hasn't demonstraited it to be.

    I think this is much ado about nothing right now. Capturing mouse is a very useful programing feature. Hell I've just used it yesterday to make this drag n drop stuff slicker.
    throw new ArgumentException (String, String, Exception)

  9. #9
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    And Microsoft have responded:
    http://blogs.msdn.com/b/ie/archive/2...-behavior.aspx

    Basically people know that putting "hurr Durrp IE is crap" as a headline, is SEO gold, almost as good as "Ipad - anything", but probably not as good.

    So some analyitics firm went on with that. I'm kinda disapointed in hexus because there was no compitent analysis of it from a software POV. No comparison with APIs available in other browsers etc.

    Instead its just a bandwagon thing.
    throw new ArgumentException (String, String, Exception)

  10. #10
    Registered+
    Join Date
    Aug 2012
    Posts
    75
    Thanks
    2
    Thanked
    0 times in 0 posts
    • whitetop's system
      • Motherboard:
      • MSI-Z77G43
      • CPU:
      • intel i5 2500
      • Memory:
      • XMS3 ? 8GB DUAL CHANNEL DDR3
      • Storage:
      • oc 256gb ssd
      • Graphics card(s):
      • MSI 670 2gb oc
      • PSU:
      • NOVATECH POWERSTATION 600W
      • Case:
      • antec solo ii
      • Operating System:
      • windows 7
      • Monitor(s):
      • 19" asus vw192s
      • Internet:
      • vm

    Re: News - Internet Explorer vulnerability allows hackers to track mouse

    this has been going on for years microsoft has never fixed this wormhole and loads of others they have been warned by the big guys and yet still minor fixes,this will never get fixed as its a was for even MS to spy on you like they did on win Me and win XP its the real truth why people moving to other browsers and even linux

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •