| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the tracking exploit in Microsoft's Internet Explorer browser has happened again within the same organization. The article mentions that Spider.io, a London-based analytics firm, discovered the flaw and notified one of the companies exploiting it on 27 September. However, they received no response. Additionally, Microsoft was informed about the flaw on 1 October, and although they acknowledged being able to reproduce the hack, they were still discussing the security implications [55163]. This indicates a lack of immediate action or response within the organization itself.
(b) The software failure incident has also occurred with multiple organizations. The article states that three large online analytics companies were exploiting the flaw in Internet Explorer to track users' mouse movements. This suggests that multiple organizations were involved in utilizing the vulnerability for tracking purposes [55163]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article can be attributed to the design phase. The flaw in multiple versions of Microsoft's Internet Explorer browser that allowed tracking of users' mouse movements was exploited by online analytics companies for advertising analytics purposes. This flaw was identified by spider.io, an analytics firm, which discovered the vulnerability in the system design of Internet Explorer. Despite being notified about the flaw, Microsoft did not consider it urgent enough to issue a security patch, indicating a design-related contributing factor to the failure [55163].
(b) Additionally, the software failure incident can also be linked to the operation phase. The exploit allowed for the tracking of users' mouse movements even when the browser window wasn't active, indicating a flaw in the operation of the system. This flaw could be triggered by display advertising on any website, making users vulnerable to having their movements tracked. The potential misuse of this vulnerability by malicious hackers to obtain sensitive information like credit card details also points to operational weaknesses in the system [55163]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article is primarily within the system. The flaw in multiple versions of Microsoft's Internet Explorer browser that allows tracking of the user's mouse cursor is a vulnerability originating from within the system itself. This flaw enables the tracking of user activities, including sensitive information like credit card details, within the browser environment [55163].
(b) outside_system: The article does not provide information indicating that the software failure incident was caused by contributing factors originating from outside the system. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case is primarily due to non-human actions, specifically a flaw in multiple versions of Microsoft's Internet Explorer browser that allows companies to track users' mouse movements without their knowledge or consent. This flaw is being exploited by online analytics companies to measure the viewability of display ads, and it can be triggered by display advertising on any website, making users vulnerable to having their mouse movements tracked even when the browser window isn't active [55163].
(b) On the other hand, human actions also play a role in this incident. Despite being notified about the flaw by spider.io and Microsoft, one of the companies using the exploit did not respond, and Microsoft, while acknowledging the issue, did not consider it urgent enough to release a security patch immediately. This delay in addressing the vulnerability by the companies involved and Microsoft's response time could be considered contributing factors introduced by human actions [55163]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in the article is not directly attributed to hardware issues. It primarily revolves around a flaw in multiple versions of Microsoft's Internet Explorer browser that allows companies to track users' mouse movements [55163].
(b) The software failure incident is attributed to a flaw in multiple versions of Microsoft's Internet Explorer browser that allows companies to track users' mouse movements. This flaw is exploited by online analytics companies for advertising analytics purposes. Microsoft has confirmed the vulnerability in every version of Internet Explorer from version 6 to 10 [55163]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the article is malicious in nature. The flaw in multiple versions of Microsoft's Internet Explorer browser was being exploited by online analytics companies to track users' mouse movements without their consent. This tracking was used to measure the viewability of display ads, indicating a deliberate attempt to gather user data for advertising purposes. Additionally, the article mentions the potential for malicious hackers to exploit the vulnerability to obtain sensitive information like credit card details and personal information [55163]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident:
- The incident involving the flaw in multiple versions of Microsoft's Internet Explorer browser that allowed tracking of users' mouse movements was not due to accidental decisions but rather poor decisions made by the companies exploiting the vulnerability for tracking user behavior for advertising analytics [55163].
- Microsoft's response to the vulnerability, where they did not consider it urgent enough to issue a security patch despite being informed about it, can also be seen as a poor decision that contributed to the software failure incident [55163]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the article can be attributed to development incompetence. The flaw in multiple versions of Microsoft's Internet Explorer browser that allowed tracking of users' mouse movements was exploited by online analytics companies for advertising analytics purposes. Despite the seriousness of the vulnerability, Microsoft did not consider it urgent enough to issue a security patch immediately. The delay in addressing the issue and the potential risks associated with the exploit indicate a lack of professional competence in handling the security implications of the software flaw [55163].
(b) The software failure incident can also be categorized as accidental. The exploit that allowed tracking of users' mouse movements was not intentionally designed by Microsoft but was a vulnerability present in multiple versions of Internet Explorer. The exploit was discovered by an analytics firm, spider.io, which brought it to the attention of Microsoft and the public to prompt action. The unintentional nature of the exploit and the potential for malicious hackers to exploit it for personal gain highlight the accidental introduction of the vulnerability [55163]. |
| Duration |
temporary |
(a) The software failure incident described in the article is more likely to be temporary rather than permanent. This is because the incident is related to a specific flaw in multiple versions of Microsoft's Internet Explorer browser that allows companies to track users' mouse movements. The flaw is being actively exploited by these companies for advertising analytics purposes. Microsoft has acknowledged the vulnerability but has not considered it urgent enough to issue an immediate security patch. The incident is ongoing and actively being discussed and investigated by the involved parties, indicating a temporary nature of the failure [55163]. |
| Behaviour |
other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The flaw in Internet Explorer allows for tracking the user's mouse cursor, indicating that the system is still functioning but with an unintended behavior [55163].
(b) omission: The incident does not involve a failure due to the system omitting to perform its intended functions at an instance(s). Instead, the flaw allows for additional tracking of user behavior beyond the intended functions of the browser [55163].
(c) timing: The failure is not related to the system performing its intended functions too late or too early. The flaw in Internet Explorer allows for real-time tracking of the user's mouse cursor, indicating that the system is responding promptly to the exploit [55163].
(d) value: The software failure incident is not characterized by the system performing its intended functions incorrectly. Instead, the flaw enables unauthorized tracking of user behavior, which is an unintended consequence of the system's design [55163].
(e) byzantine: The incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The flaw in Internet Explorer allows for consistent tracking of the user's mouse cursor, indicating a systematic exploit rather than erratic behavior [55163].
(f) other: The behavior of the software failure incident can be categorized as unauthorized tracking or surveillance of user behavior through the exploitation of a flaw in Internet Explorer. This behavior falls outside the defined options of crash, omission, timing, value, or byzantine behavior [55163]. |