Moodle

You are not logged in. (Login)

Skip Course categoriesSkip Main Menu
  • Welcome to VACID Africa Institute’s eLearning Platform. This platform offers the one-stop center for learners to create knowledge in Entrepreneurship, Organizational Development, RAVAAK Centre Management, E-Mentorship, Agribusiness, Value Chain Management, Value Chain Finance, Community Development and Introduction to the Telecentre Academy Curriculum.

    With a global reach that the internet presents to all of us, we offer to individuals, organizations, communities and learning organizations a platform that will explore the gaps in the skill or knowledge set of each participant, delve into the challenges that each faces and through value chain integration address the needs arising through our collaborative modeling of the individual, community, public and private sector organizations.

    Our institute is based on the understanding that developmental challenge courts an exciting solution. We look forward to the challenges that your needs will present to our trainers, mentors and counselors. We can only assure you that though our learning and incubation models, we shall be there for you. Welcome and harness the power of knowledge for economic and social prosperity.We Promote Excellence Through Knowledge.

Site news

Picture of Paul Gatheru
Is Internet Explorer leaking sensitive information?
by Paul Gatheru - Friday, 14 December 2012, 10:34 AM
 

Do you use Internet Explorer? If you do, hopefully you’ve already applied the updates from Patch Tuesday earlier this week. But, even if you did it seems your browser might still be vulnerable to a potentially serious issue.

Spider.io, a company in the business of helping customers distinguish between actual human website visitors and automated bot activity, claims to have discovered a flaw that affects Internet Explorer the current flagship browser from Microsoft, versions 6 through 10. The vulnerability reportedly allows the mouse cursor position to be tracked wherever it is on the screen—even if IE is minimized.

Spider.io disclosed the vulnerability to Microsoft on October 1, 2012, but it was not addressed in the most recent security update for Internet Explorer. Spider.io asserts that the flaw is being actively exploited, and claims the Microsoft Security Research Center (MSRC) has acknowledged the vulnerability, but has no immediate plan to patch it.

A bug in IE may leak potentially sensitive information

I asked Microsoft for its position on the alleged vulnerability. A spokesperson sent me this official response: “We are currently investigating this issue, but to date there are no reports of active exploits or customers that have been adversely affected. We will provide additional information as it becomes available and will take the appropriate action to protect our customers.”

Jason Miller, manager of research and development for VMware questions whether the issue is a “bug” or a “feature”. “One could question whether this is a vulnerability or a feature introduced into the browser to help establish metrics of usage. Regardless, the researchers have proven that this “issue” could be used maliciously.”

I spoke with Qualys CTO Wolfgang Kandek. He expressed concerns over the implications such a vulnerability might have for online banking. Many banks have implemented on-screen virtual keyboards for entering account credentials as a means of avoiding traditional keylogger attacks.

Andrew Storms, director of security operations for nCircle, agrees. “This exploit renders that mitigation null and void -- it has the effect of a key logger on virtual keyboards. Attackers could potentially capture the clicks connected with banking credentials using this exploit and that isn’t good news for the 63 million Americans that bank online.”

Alex Horan, senior product manager at CORE Security, adds that supposedly “safe” websites may not be so safe. “It also reinforces that just because you are visiting YouTube or the New York Times doesn’t mean all the content on that site is owned or managed by them—serving up malicious ads on trusted mainstream sites is a great way to expose your attack to a large volume of user.”

Horan suggests abandoning IE until or unless the issue is patched by Microsoft.

Storms says, “If this vulnerability is confirmed, it has the potential to require an out-of-band patch and that’s something everyone would like to avoid this holiday season.”


VACID Africa Institute is an international knowledge institution that integrates ICT Learning with Entrepreneurship, Agribusiness and Cottage industry development Knowledge

Skip Upcoming Events

Upcoming Events

There are no upcoming events
Skip Calendar

Calendar

Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 Today Saturday, 19 August 19
20 21 22 23 24 25 26
27 28 29 30 31