Security flaws are inevitable in operating systems and applications. Modern software is incredibly complex, and even the best developers in the world aren’t perfect. How the public responds to Security flaws largely depends on how the developer reacts to the exploit. If it responds quickly with a promise to patch the Flaw, and then delivers the fix in a timely manner, all is forgiven most of the time. Sadly, an exploit found in Internet Explorer that tracks mouse movement and certain key presses — even when IE is minimized, or the tab is in the background — isn’t getting patched by Microsoft.
A web analytics company alerted Microsoft to this quirk back in October. The security vulnerability affects all versions of Internet Explorer from version 6 through 10. While Microsoft has acknowledged the issue, it isn’t going to be patched in the near future. This is a problem, not only for the obvious privacy concerns, but also for security. Some people use software keyboards on their screen specifically to reduce the chance of their passwords being tracked by a keylogger. With this flaw, unscrupulous people could record the Mouse Movements used for entering a password just by having a web page loaded in the background. Microsoft even advocates the security benefits of using mice-based password systems with its picture password feature in Windows 8. Yikes.The methodology of exploiting this flaw to track cursor movements and modifier key presses is out in the wild, and any generic ad on any trustworthy website can use it to track what you’re doing. If you don’t want to be tracked, you do have options available. Firstly, you can switch to a different browser. Chrome or Firefox are fantastic options, and they aren’t affected by this flaw. Secondly, you could turn off JavaScript in IE. While this does hinder the usefulness of most modern websites, it will prevent IE from passing on your mouse movements. These aren’t optimal solutions, but Microsoft has given us little choice in the matter. Unless it steps up and patches this flaw, it just isn’t safe to use IE with JavaScript turned on.
This post first appeared on Technology | Technology News | Technology Updates, please read the originial post: here
