A good reason to stop using Internet Explorer …

Posted: January 22, 2013 by IntentionalPrivacy in Browser Vulnerabilities, Identity theft, Privacy, Uncategorized
Tags: , , , ,

A new vulnerability reported at bugtraq on December 11, 2012, has just come to my notice.  The compromise occurs if you visit a website displaying an ad containing the exploit, even so-called safe sites like YouTube or the New York Times. If you have any version of Internet Explorer open on a compromised website–even if the page is minimized or you’re not on the page–your mouse cursor movements can be tracked.

Microsoft’s position as stated in this article http://www.securityweek.com/microsoft-ie-mouse-tracking-exploit-poses-little-risk is that this vulnerability would be very difficult to exploit.

There is a demo of this issue in Internet Explorer at http://iedataleak.spider.io/demo. All I could see displayed was when the CTRL, SHIFT, or ALT keys were pressed; no other keys displayed. I could, however, tell when the browser window was dragged to my other screen. Note: Spider.io has a demo game set up. In order to play the game, they want you to log in with your Twitter account. I do not recommend signing into any site with credentials from Facebook, Twitter, LinkedIn, or any other social media site.

As stated in the article, the demo does not work if the URL is entered into a Firefox web browser.

My suggestion is to only use Internet Explorer if necessary, and to close any browser–IE, Firefox, Chrome, whatever–when you are done using it, especially if it has ads on it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s