Overclock.net › Forums › Industry News › Software News › [spider.io] Internet Explorer vulnerability allows any page to track your mouse movements, even while minimized.
New Posts  All Forums:Forum Nav:

[spider.io] Internet Explorer vulnerability allows any page to track your mouse movements, even while minimized. - Page 2

post #11 of 58
typer.gif
lolziesuxors.
typer.gif

They'll fix it just like any other vulnerability.
BlueRaven
(13 items)
 
Dead BIOS
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7 G74Sx NVIDIA GeForce GTX 560M  Samsung  
RAMRAMHard DriveHard Drive
Samsung  Samsung  Momentus 7200.4 Scorpio Blue 
Mouse
Logitech G700 
  hide details  
Reply
BlueRaven
(13 items)
 
Dead BIOS
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7 G74Sx NVIDIA GeForce GTX 560M  Samsung  
RAMRAMHard DriveHard Drive
Samsung  Samsung  Momentus 7200.4 Scorpio Blue 
Mouse
Logitech G700 
  hide details  
Reply
post #12 of 58
Works with Metro IE
Broken Laptop
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD Turion X2 RM-70 KTKAE ATI Radeon 3100 Graphics  Micron Technology  
RAMHard DriveOptical DriveCooling
Micron Technology  Western Digital Scorpio Black SATA III Toshiba Stock 
OSMonitorKeyboardCase
Windows 8 Pro x64 17in. Gateway 1280x1024 Generic Dell Toshiba Laptop 
MouseMouse PadAudio
ASUS ROG G800 Table Headset from Ebay 
  hide details  
Reply
Broken Laptop
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD Turion X2 RM-70 KTKAE ATI Radeon 3100 Graphics  Micron Technology  
RAMHard DriveOptical DriveCooling
Micron Technology  Western Digital Scorpio Black SATA III Toshiba Stock 
OSMonitorKeyboardCase
Windows 8 Pro x64 17in. Gateway 1280x1024 Generic Dell Toshiba Laptop 
MouseMouse PadAudio
ASUS ROG G800 Table Headset from Ebay 
  hide details  
Reply
post #13 of 58
Quote:
Originally Posted by That Guy View Post

typer.gif
lolziesuxors.
typer.gif

They'll fix it just like any other vulnerability.
Whats sad is
Quote:
Microsoft Security Research Center acknowledged the IE vulnerability, but told the researchers it had “no immediate plans” to patch it in existing versions of the browser.
So much for creating bash ads to promote the POS browser.
post #14 of 58
man i am really proud of microsoft! their antivirus cannot keep up with todays viruses, and their web browser has a major security problem
post #15 of 58
Quote:
Originally Posted by Core2uu View Post

Your post gets originality award of the year.
I think it is what everyone was thinking so I thought I would post it.
Dante's Inferno
(20 items)
 
Work Horse
(11 items)
 
Little Monster
(9 items)
 
CPUMotherboardGraphicsRAM
[Intel] i7 3930k @ 4.4 Ghz [Asus] Rampage IV Extreme [Saphire] HD 7970 Quadfire @ 1100/1600 [G.Skill] Ripjawz 16GB @1866Mhz 
Hard DriveHard DriveHard DriveHard Drive
[OCZ] Agility 3 360GB [OCZ] Vertex 4 120GB [Seagate] Barracuda 3 TB [Seagate] Barracuda 3 TB 
Optical DriveCoolingOSMonitor
[Asus] BD Drive [Corsair] H80 [Windows] 7 Ultimate [ASUS] VS24AH 
MonitorKeyboardPowerCase
[Samsung] 40 Inch LED TV [Corsair] K90 [Enermax] Maxrevo 1350 Watt [Corsair] C70 Arctic White 
MouseMouse PadAudioAudio
[Razer] Deathadder 2013 [SteelSeries] XL Mousemat [Astro] Mixamp Pro [Audio Technica] ATH-M30 
CPUMotherboardGraphicsGraphics
AMD 8120 Asus Sabertooth 990FX  Powercolor HD 7970 Powercolor HD 7970 
GraphicsRAMHard DriveCooling
Powercolor HD 7970 8 GB G.Skill Sniper 120 GB OCZ Vertex 4 AMD Stock Cooler 
OSPowerCase
Windows 7 Professional XFX 1250 Watt Antec Three Hundred 
CPUMotherboardGraphicsRAM
I7 3770K ASUS P8Z77-I Deluxe HD 7970 8GB Corsair Vengance 
Hard DriveHard DriveOptical DriveOS
120GB Kingston HyperX 3TB Seagate Barracuda  ASUS BD Drive Windows 7 
Case
Bitfenix Prodigy 
  hide details  
Reply
Dante's Inferno
(20 items)
 
Work Horse
(11 items)
 
Little Monster
(9 items)
 
CPUMotherboardGraphicsRAM
[Intel] i7 3930k @ 4.4 Ghz [Asus] Rampage IV Extreme [Saphire] HD 7970 Quadfire @ 1100/1600 [G.Skill] Ripjawz 16GB @1866Mhz 
Hard DriveHard DriveHard DriveHard Drive
[OCZ] Agility 3 360GB [OCZ] Vertex 4 120GB [Seagate] Barracuda 3 TB [Seagate] Barracuda 3 TB 
Optical DriveCoolingOSMonitor
[Asus] BD Drive [Corsair] H80 [Windows] 7 Ultimate [ASUS] VS24AH 
MonitorKeyboardPowerCase
[Samsung] 40 Inch LED TV [Corsair] K90 [Enermax] Maxrevo 1350 Watt [Corsair] C70 Arctic White 
MouseMouse PadAudioAudio
[Razer] Deathadder 2013 [SteelSeries] XL Mousemat [Astro] Mixamp Pro [Audio Technica] ATH-M30 
CPUMotherboardGraphicsGraphics
AMD 8120 Asus Sabertooth 990FX  Powercolor HD 7970 Powercolor HD 7970 
GraphicsRAMHard DriveCooling
Powercolor HD 7970 8 GB G.Skill Sniper 120 GB OCZ Vertex 4 AMD Stock Cooler 
OSPowerCase
Windows 7 Professional XFX 1250 Watt Antec Three Hundred 
CPUMotherboardGraphicsRAM
I7 3770K ASUS P8Z77-I Deluxe HD 7970 8GB Corsair Vengance 
Hard DriveHard DriveOptical DriveOS
120GB Kingston HyperX 3TB Seagate Barracuda  ASUS BD Drive Windows 7 
Case
Bitfenix Prodigy 
  hide details  
Reply
post #16 of 58
Thread Starter 
Quote:
Originally Posted by DaClownie View Post

I imagine now tha that this has hit the stream, they'll patch it, even in older versions of the browser that are "no longer supported"

Its been over 2 months and still no patch. I'm sure they'll get around to it by April or May.
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Core i5 4670k ASUS Maximus VI Gene Gigabyte GTX 460 1GB Kingston Hyper-X 
Hard DriveHard DriveHard DriveHard Drive
Samsung 830 OCZ Vertex 3 WD6401AALS WD5000AAKS 
CoolingOSMonitorMonitor
Noctua NH-D14 elementary OS Dell Ultrasharp U2312HM LG W2442PA-BF 
KeyboardPowerCaseMouse
Microsoft Sidewinder X4 Corsair HX750W Corsair Graphite 600T Logitech G700 
Audio
ASUS Xonar DG 
  hide details  
Reply
post #17 of 58
Quote:
Originally Posted by nathris View Post

Quote:
Originally Posted by DaClownie View Post

I imagine now tha that this has hit the stream, they'll patch it, even in older versions of the browser that are "no longer supported"

Its been over 2 months and still no patch. I'm sure they'll get around to it by April or May.

Considering they have a potentially bigger security problem with Windows 8 apps (given that with web browsers people have an alternative, but they don't have an alternative for their hopeful cash cow), I'd say they are probably wondering what they will fix first. According to what they said, they will probably fix the security problems with the apps first.

Nokia Engineer Shares How to Pirate Games From Windows 8 Store

Ironic that it was a Nokia engineer who came out with the details. Retaliation for Microsoft having made an ad where Steve Ballmer's Windows Phone 8 is an HTC and not a Lumia ?
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
 
Metro 2033 review
Metro 2033
CPUMotherboardGraphicsRAM
Core i7-3820 Asus Sabertooth X79 MSI GTX 750 Ti TF Gaming 16 GB Corsair DDR3 1866 Mhz Dominator 
Hard DriveOptical DriveCoolingOS
Samsung SSD 830 128GB + WD Caviar Black 1TB Sony Optiarc DVD-RW Corsair A70 + Noiseblocker M12-P Windows 7 Home Premium 64-bit 
MonitorKeyboardPowerCase
BenQ RL2455HM Cooler Master Octane Corsair AX750 Professional Modular 80 Plus Gold Cooler Master HAF 912 Plus 
Mouse
Cooler Master Octane 
  hide details  
Reply
post #18 of 58
Has anyone tried it on the Surface keyboard? I tried it on one of my laptop touchscreen using the MS onscreen keyboard and it did not track the movement as I selected keys. In fact my mouse did not even move to the MS on screen keyboard at all...

Also, with my IE settings this exploit would not run on a secured webpage without me selecting OK first.

If anyone is using the online keyboard via mouse, then all you have to do is move the keyboard out of the default position (Most people would have already move it) and this exploit becomes useless, unless the Surface keyboard could be tracked smile.gif

Why MS did not lock it in the browser window blows my mind! When you think about it, it could come in handy as a tutorial tool.

Sites with log ins are becoming more secured everyday, by using text message authentication codes. Examples: Are some Banks and PayPal, neither can be hack by gathering keystrokes. Even if someone had my user name and password, they still could not get in. Soon as they tried and failed the first time, I would get an authentication code text to me. Facebook and Google do similar.

You really need multiple e mails. Usually 3 e mails are good. banking, social networking, and the crap you do not care about or trust e mail temp address (OCN earn the crap I do not care about or trust e mail temp address). Preferably, it is better to use your own premium domains for the first two or an account that has good recovery options or authentication processes.

The fact is! No matter what someone does, they will never be truly secured! You can not use a PC at all and your personal info can still be stolen. You can use a PC with super security and your personal info can still be stolen. Someone that works for the company where your personal info is stored could just steal it or maybe they lose it smile.gif This is mostly fear mongering! It's alright to proceed with causing and properly setup security, but it is crazy to worry about every little thing. Anyone who is using IE should switch to another browser immediately and then when they discover that browser has some kind exploit, then they should switch to another browser and continue the process in an endless loop.

Also, if someone using the onscreen keyboard because they are worried about a key logger, then they have issues. What about the key logger? There is a poisonous snake roaming around my place, but I am not worried because I have anti venom smile.gif

To live in complete fear is to never live at all - some homeless guy living in an alleyway thumb.gif
Edited by nsseriouspanda - 12/12/12 at 7:39pm
post #19 of 58
Quote:
Originally Posted by nsseriouspanda View Post

Has anyone tried it on the Surface keyboard? I tried it on one of my laptop touchscreen using the MS onscreen keyboard and it did not track the movement as I selected keys. In fact my mouse did not even move to the MS on screen keyboard at all...
Also, with my IE settings this exploit would not run on a secured webpage without me selecting OK first.
If anyone is using the online keyboard via mouse, then all you have to do is move the keyboard out of the default position (Most people would have already move it) and this exploit becomes useless, unless the Surface keyboard could be tracked smile.gif
Why MS did not lock it in the browser window blows my mind! When you think about it, it could come in handy as a tutorial tool.
Sites with log ins are becoming more secured everyday, by using text message authentication codes. Examples: Are some Banks and PayPal, neither can be hack by gathering keystrokes. Even if someone had my user name and password, they still could not get in. Soon as they tried and failed the first time, I would get an authentication code text to me. Facebook and Google do similar.
You really need multiple e mails. Usually 3 e mails are good. banking, social networking, and the crap you do not care about or trust e mail temp address (OCN earn the crap I do not care about or trust e mail temp address). Preferably, it is better to use your own premium domains for the first two or an account that has good recovery options or authentication processes.
The fact is! No matter what someone does, they will never be truly secured! You can not use a PC at all and your personal info can still be stolen. You can use a PC with super security and your personal info can still be stolen. Someone that works for the company where your personal info is stored could just steal it or maybe they lose it smile.gif This is mostly fear mongering! It's alright to proceed with causing and properly setup security, but it is crazy to worry about every little thing. Anyone who is using IE should switch to another browser immediately and then when they discover that browser has some kind exploit, then they should switch to another browser and continue the process in an endless loop.
Also, if someone using the onscreen keyboard because they are worried about a key logger, then they have issues. What about the key logger? There is a poisonous snake roaming around my place, but I am not worried because I have anti venom smile.gif
To live in complete fear is to never live at all - some homeless guy living in an alleyway thumb.gif

teaching.gif
BitPhire
(16 items)
 
Little Pooh
(11 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 945 @3.5GHz Gigabyte GA-890GPA-UD3H GigaByte Radeon HD 5770 Corsair Vengeance LP 8GB 1600MHz 
Hard DriveHard DriveCoolingOS
Samsung 830 128GB SSD Seagate Barracuda 500GB CoolerMaster Hyper 212X Windows 7 Professional 64bit 
MonitorKeyboardPowerCase
BenQ G2222HDH Leopold FC500R (MX Brown) Corsair HX-650 Bitfenix Shinobi Window 
MouseMouse PadAudioOther
Razer DeathAdder V2 3500DPI Razer Goliathus Control Standard Edition NuForce uDAC-2SE Audio Technica ATH-TAD500 
CPUMotherboardRAMHard Drive
Intel Celeron G530 ASRock H77M Motherboard Kingston ValueRAM 4GB Western Digital Blue 1TB 
Optical DriveOSMonitorPower
ASUS DVD Burner Windows 7 64Bit SP1 Sharp Aquos 37" LCD TV Corsair CX-430 V2  
CaseMouseOther
CoolerMaster Elite 341 mATX Microsoft Basic Mouse Hauppauge MCE Remote 
  hide details  
Reply
BitPhire
(16 items)
 
Little Pooh
(11 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II X4 945 @3.5GHz Gigabyte GA-890GPA-UD3H GigaByte Radeon HD 5770 Corsair Vengeance LP 8GB 1600MHz 
Hard DriveHard DriveCoolingOS
Samsung 830 128GB SSD Seagate Barracuda 500GB CoolerMaster Hyper 212X Windows 7 Professional 64bit 
MonitorKeyboardPowerCase
BenQ G2222HDH Leopold FC500R (MX Brown) Corsair HX-650 Bitfenix Shinobi Window 
MouseMouse PadAudioOther
Razer DeathAdder V2 3500DPI Razer Goliathus Control Standard Edition NuForce uDAC-2SE Audio Technica ATH-TAD500 
CPUMotherboardRAMHard Drive
Intel Celeron G530 ASRock H77M Motherboard Kingston ValueRAM 4GB Western Digital Blue 1TB 
Optical DriveOSMonitorPower
ASUS DVD Burner Windows 7 64Bit SP1 Sharp Aquos 37" LCD TV Corsair CX-430 V2  
CaseMouseOther
CoolerMaster Elite 341 mATX Microsoft Basic Mouse Hauppauge MCE Remote 
  hide details  
Reply
post #20 of 58
Quote:
Originally Posted by NoiseTemper View Post

teaching.gif

graduated.gif
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [spider.io] Internet Explorer vulnerability allows any page to track your mouse movements, even while minimized.