Pages Menu
Categories Menu

Posted by on Dec 12, 2012 in Software |

Vulnerability in Internet Explorer threaten virtual keyboards

12-13-2012 12-51-45 AM

When we talk about security of a system or an application you seldom arises that what we are really talking about risks and minimizing them, that is, the more secure we consider a lower the risk of being violated and, therefore, the greater the confidence we have in the system or application. Given that we can spend hours surfing the net, is a key issue in our browser since, as well as allowing access to our email, also opens the doors of our corporate applications or electronic banking. Many web applications to avoid keyloggers installed on the computers of users we have virtual keyboards on which we click, however, the company Spider.io seems to have found a in all versions of Internet Explorer that could allow an third [monitor mouse movements of a user] and could pose risks to users of virtual keyboards.

Put another way, this vulnerability (which apparently has been tested from 6 to 10) would allow a third party to obtain information from our mouse movements, even when the browser window is minimized. The vulnerability is linked to one of the functions performed by web analytics applications (business that is dedicated precisely Spider.io) as information capture user’s mouse movements to map heat the areas that are visited and thus pose a redesign or a reorganization of information and, in this case, could be exploited by inserting a “malicious ad” web somewhere to hide code that exploits this vulnerability.

And what affects the user? Perform this monitoring on a page that presents the user with a virtual keyboard (like those offered in some online banking services) may present a risk of capture data access but this scenario is something complicated since, as additional security, many banks move the layout of the keys of those virtual keyboards so that positions can not be recorded and, of course, the third that collects data to know what page we are visiting.

Although the risk is relative seems that Microsoft has not done much to minimize Spider.io pueto reported his finding that the month of October and the Redmond have not solved, so to pressure some have decided to make public the decision to idea of ​​forcing a reaction in the ranks of Microsoft.

Tags: , , ,

0 Comments

Trackbacks/Pingbacks

  1. Internet Explorer: discovered vulnerability that threatens the virtual keyboards | Tech Crash - [...] or malicious software vigil, which is commonly known as a “keylogger”. However, a new vulnerability discovered by a ...