spider.io

Leaderboard

  Name Traces Time Taken
1. jorisvdbogaert 12 24 minutes 53 seconds
2. joe_042293 12 30 minutes 55 seconds
3. SiavoshYaghoubi 12 49 minutes 13 seconds
4. pkosinar 12 50 minutes 3 seconds
5. tig3r_tig3r 12 1 hour 12 minutes
6. pimbatm 12 1 hour 15 minutes
7. thistlesandwich 12 1 hour 33 minutes
8. Peterfine 12 1 hour 56 minutes
9. ShayBliss 12 12 hours 38 minutes
10. SeawolfRN 11 18 minutes 25 seconds

view full leaderboard →

Steal from IE users

Challenge

We typed out twelve credit-card numbers, telephone numbers, usernames, passwords and email addresses using a virtual keyboard and mouse.

As a bit of fun, and also to show you how easy it is to do, we're challenging you to decipher the corresponding mouse traces and reconstruct what we typed as quickly as you can.

When you log in below with your Twitter account, the clock will start ticking.

Background

We were able to make illicit recordings of our mouse cursor over the virtual keyboard, whilst the twelve inputs were being typed out, by exploiting an unnerving security vulnerability in Internet Explorer (versions 6–10). This vulnerability allows any Internet Explorer user's mouse cursor to be tracked anywhere on the screen, even if Internet Explorer is minimised.

A demonstration of the security vulnerability: iedataleak.spider.io/demo.

Full vulnerability details: spider.io/blog/2012/12/internet-explorer-data-leakage.

Bonus Points

If you're of algorithmic bent, try write a program to decipher mouse traces automatically. Send your solution to challenge@spider.io, and come join us one evening.