Leaking Keystrokes

Posted byericlawPosted inbrowsers, securityTags:

Windows 10’s IE11 continues to send your keystrokes over the internet in plaintext as you type in the address bar, a part of the “Search Suggestions” feature:

failing

“But I don’t search from the address bar,” you might say.

That may be, but if you fail to type or paste a URL (sans protocol) into the address bar, all of that text gets leaked too:

Danger

This problem doesn’t exist in Edge (which always gets search suggestions from Bing, regardless of your Search Provider, but it at least uses HTTPS). It also doesn’t occur in Firefox’s or Chrome’s provider for Bing Search, or if you use Google or Yahoo search providers in Internet Explorer.

Published by ericlaw

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ Microsoft 2001-2012, and 2018-2022, working on Office, IE, and Edge. Now a SWE on Microsoft Defender Web Protection. My words are my own, I do not speak for any other entity.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: