- Joined
- Sep 1, 2010
- Messages
- 7,023 (1.41/day)
This December seems to be an annoying one. Vulnerability in flash made IE and Chrome vulnerable. We had Cumulative Security Update for Internet Explorer but now there's other unpatched vulnerability ... in IE ... gosh not again All these <specially crafted webpages> ...
Wow ...
Lolwut ...
Whateva ..
Ok people, be safe.
thxbai
Spider.io claims to have discovered a flaw that affects IE, versions 6 through 10. The vulnerability reportedly allows the mouse cursor position to be tracked wherever it is on the screen - even if IE is minimized.
Wow ...
The vulnerability was not addressed in the most recent security update for IE. Spider.io asserts that the flaw is being actively exploited, and claims the Microsoft Security Research Center (MSRC) <has acknowledged the vulnerability>, but has no immediate plan to patch it.
Lolwut ...
Qualys CTO Wolfgang Kandek expressed concerns over the implications such a vulnerability might have for online banking. Many banks have implemented on-screen virtual keyboards for entering account credentials as a means of avoiding traditional keylogger attacks.
Andrew Storms, director of security operations for nCircle, agrees. “This exploit renders that mitigation null and void - it has the effect of a key logger on virtual keyboards. Attackers could potentially capture the clicks connected with banking credentials using this exploit and that isn't good news for the 63 million Americans that bank online.”
Whateva ..
Ok people, be safe.
thxbai