|1.||jorisvdbogaert||12||24 minutes 53 seconds|
|2.||joe_042293||12||30 minutes 55 seconds|
|3.||SiavoshYaghoubi||12||49 minutes 13 seconds|
|4.||pkosinar||12||50 minutes 3 seconds|
|5.||tig3r_tig3r||12||1 hour 12 minutes|
|6.||pimbatm||12||1 hour 15 minutes|
|7.||thistlesandwich||12||1 hour 33 minutes|
|8.||Peterfine||12||1 hour 56 minutes|
|9.||ShayBliss||12||12 hours 38 minutes|
|10.||SeawolfRN||11||18 minutes 25 seconds|
We typed out twelve credit-card numbers, telephone numbers, usernames, passwords and email addresses using a virtual keyboard and mouse.
As a bit of fun, and also to show you how easy it is to do, we're challenging you to decipher the corresponding mouse traces and reconstruct what we typed as quickly as you can.
When you log in below with your Twitter account, the clock will start ticking.
We were able to make illicit recordings of our mouse cursor over the virtual keyboard, whilst the twelve inputs were being typed out, by exploiting an unnerving security vulnerability in Internet Explorer (versions 6–10). This vulnerability allows any Internet Explorer user's mouse cursor to be tracked anywhere on the screen, even if Internet Explorer is minimised.
A demonstration of the security vulnerability: iedataleak.spider.io/demo.
Full vulnerability details: spider.io/blog/2012/12/internet-explorer-data-leakage.