Demonstrating Data Leakage from Internet Explorer

On this page we've included a live demonstration of a security vulnerability in Internet Explorer (versions 6–10), which is described here: spider.io/blog/2012/12/internet-explorer-data-leakage/. The live demonstration is only accessible if you're using Internet Explorer to view this page. We have also included on this page a recorded screencast demonstrating the vulnerability.

We have also created a game to illustrate how easily this security vulnerability in Internet Explorer may be exploited to compromise the security of virtual keyboards and virtual keypads. The game may be found at iedataleak.spider.io.

Live Demonstration

If you’re using IE to view this page, your mouse cursor’s current position is being tracked everywhere it goes across the screen. This is shown in the box below.

If you hit any of the control, shift or alt keys, this will be shown.

If you drag your browser window, this will also be shown.

NB If you're not currently using Internet Explorer, then we suggest you view this page again with Internet Explorer.


Recorded Demonstration

Below is a screencast showing how the security vulnerability in Internet Explorer may be used to track the mouse cursor over the Skype keypad despite the Internet Explorer window not being the active window and despite the mouse cursor not actually being over the Internet Explorer window.