News Internet Explorer bug tracks your mouse cursor

[general22]

Quote:

Originally Posted by steveo_mcg

You sufer from a lack of imagination my friend. With a 6x6+1 on-screen keypad it would be fairly trivial to see a code Advertisers would love to see exactly where people are placing their mouse as then they can stick ads right under your nose. And those are just the two examples in the article the more imaginative will probably have even better ideas.

Besides all that if there is a security hole of any shape it should be patched soon after its discovered, it might be a "useless" thing to day but who knows how it will morph. Fit the lock before the horse even realises there is a door.

I am sure this would be useful for advertisers but you can already track a mouse position in JS. The only difference here is that it happens even outside of the IE window. It's a bug but I think its been overhyped.

Say for example you had a site open with this script loaded that tracked your mouse movements, how will it know what it is that you are moving your mouse over on the screen?

It should be patched but I think its not critical compared to exploits that allow executing malicious code and things like that

[SirFur]

Quote:

Originally Posted by ShinyAli

Maybe not,

UPDATE 2012-12-14
Microsoft's Dean Hachamovitch, corporate vice president in charge of Internet Explorer, has issued a statement on the matter. 'We are actively working to adjust this behavior in IE. There are similar capabilities available in other browsers. Analytics firms can expect to do viewpoint detection in IE similarly to how they do this in other browsers,' Hachamovitch claimed.

That's an interesting statement. Any idea which browsers?

[ShinyAli]

Quote:

Originally Posted by SirFur

That's an interesting statement. Any idea which browsers?

No other browsers are mentioned by name I wonder if he is just stirring things up or scaremongering? If Mozilla, Google etc, deny it he might have to prove it or eat his words!

[SirFur]

Quote:

Originally Posted by ShinyAli

No other browsers are mentioned by name I wonder if he is just stirring things up or scaremongering? If Mozilla, Google etc, deny it he might have to prove it or eat his words!

Yeh, sounds a little fishy....if it isn't true then could be an interesting time ahead, but it may as some folks have said quite difficult to know exactly where the cursor is hovering or what its clicking....so it may have been considered a minimal risk exploit and folks have not bothered to patch as a general rule.....I wonder if there is an browser add-on or app that actually utilises such a feature as part of the browser design?

[ShinyAli]

Approaching this issue from a slightly different angle there is a Firefox add-on called "Ghostery".

"Ghostery sees the "invisible" web, detecting trackers, web bugs, pixels, and beacons placed on web pages by Facebook, Google Analytics, and over 1,000 other ad networks, behavioral data providers, web publishers - all companies interested in your activity".

I'm going to give it a try, probably quite daunting when you find out just how intensely your surfing is monitored and what these companies do is apparently not illegal but the opportunities for exploitation are obvious, even if a site is https which protects against Man-in-the-middle attacks if some kind of cursor tracker/keylogger has been hidden in the page just how safe are you when entering personal/card details

[impar]

Greetings!

Quote:

Originally Posted by ShinyAli

Approaching this issue from a slightly different angle there is a Firefox add-on called "Ghostery".

There is this one too: Collusion
The web it creates its interesting to look at.

[Dude111]

This only works IF SCRIPTS ARE ENABLED!