Has anyone tried it on the Surface keyboard? I tried it on one of my laptop touchscreen using the MS onscreen keyboard and it did not track the movement as I selected keys. In fact my mouse did not even move to the MS on screen keyboard at all...
Also, with my IE settings this exploit would not run on a secured webpage without me selecting OK first.
If anyone is using the online keyboard via mouse, then all you have to do is move the keyboard out of the default position (Most people would have already move it) and this exploit becomes useless, unless the Surface keyboard could be tracked
Why MS did not lock it in the browser window blows my mind! When you think about it, it could come in handy as a tutorial tool.
Sites with log ins are becoming more secured everyday, by using text message authentication codes. Examples: Are some Banks and PayPal, neither can be hack by gathering keystrokes. Even if someone had my user name and password, they still could not get in. Soon as they tried and failed the first time, I would get an authentication code text to me. Facebook and Google do similar.
You really need multiple e mails. Usually 3 e mails are good. banking, social networking, and the crap you do not care about or trust e mail temp address (OCN earn the crap I do not care about or trust e mail temp address). Preferably, it is better to use your own premium domains for the first two or an account that has good recovery options or authentication processes.
The fact is! No matter what someone does, they will never be truly secured! You can not use a PC at all and your personal info can still be stolen. You can use a PC with super security and your personal info can still be stolen. Someone that works for the company where your personal info is stored could just steal it or maybe they lose it
This is mostly fear mongering! It's alright to proceed with causing and properly setup security, but it is crazy to worry about every little thing. Anyone who is using IE should switch to another browser immediately and then when they discover that browser has some kind exploit, then they should switch to another browser and continue the process in an endless loop.
Also, if someone using the onscreen keyboard because they are worried about a key logger, then they have issues. What about the key logger? There is a poisonous snake roaming around my place, but I am not worried because I have anti venom To live in complete fear is to never live at all
- some homeless guy living in an alleyway Edited by nsseriouspanda - 12/12/12 at 7:39pm