IE Flaw Lets Sites Track Your Mouse Cursor, Even When You Aren't Browsing

An anonymous reader writes "A new Internet Explorer vulnerability has been discovered that allows an attacker to track your mouse cursor anywhere on the screen, even if the browser isn't being actively used. 'Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser. It is important for users of Internet Explorer to be made aware of this vulnerability and its implications. The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month.' All supported versions of Microsoft's browser are reportedly affected: IE6, IE7, IE8, IE9, and IE10."

Article is a Troll

[Anonymous Coward]

This is a JavaScript flaw that occures in several browsers. Article - such that is is as not much more than a Slashvert for Page Views - is a TROLL.

Really? Why Doesn't the Demo Work in FF Then?

[eldavojohn]

Well, that's bizarre, when I go to the demonstration page in Firefox nothing happens [spider.io] yet when I go to it in IE, it magically works. What are they doing in their demonstration page that is different? Browser version shouldn't matter, right?

Conversely this just sounds like Microsoft being bit in the ass by giving their browser special privileges to native OS libs and dlls.

Re:Really? Why Doesn't the Demo Work in FF Then?

[mcl630]

Nothing happens in Chrome either. In IE it works. I did notice that is only tracks while the mouse cursor is on the same monitor as the IE window.

Re:Some of these IE bugs are things of beauty.

[JDG1980]

Seriously, I can't see why anybody else would care, mouse coordinates are not useful data for anything.

From the original article: "A security vulnerability in Internet Explorer, versions 6â"10, allows your mouse cursor to be tracked anywhere on the screen, even if the Internet Explorer window is inactive, unfocused or minimised. The vulnerability is notable because it compromises the security of virtual keyboards and virtual keypads."

Re:Some of these IE bugs are things of beauty.

[mythosaz]

IngDirect (now Capital One) uses a virtual pinpad as the standard means of accessing your account.

789
456
123

You click on each digit of your PIN after entering (or pulling down from the history on registered computers) your customer number. You can not type them. You must click them.

Re:Some of these IE bugs are things of beauty.

[Samantha Wright]

More plausibly, this can be used to determine how quickly someone reaches for the top-right corner to kill an advertisement, or if they start to and then suddenly stop because they got distracted by something in the pop-up.

...based on the content of which, you can then predict attitudes, political orientation, sexual orientation, and how many pets someone owns. The r squared of the correlation is nearly 0.05 making it extremely interesting to analytic companies. There is a database somewhere of literally years of mouse movement records that demonstrate changes in religion, politics, and mean income. We're talking about a new marketing paradigm for the 21st century advertiser.