6.19.2007

The Clipboard hack


Ever use Edit+Copy or Edit+Cut or [CTRL]+C (for pasting elsewhere)?

Beware: This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP.

Try this:


  1. Copy any text by Edit+Copy or Edit+Cut or [CTRL]+C or [CTRL]+X
  2. Click this Link
  3. You will see the text you copied on the screen which was accessed by that web page.


To avoid this shocking problem:

  1. Goto Internet Options, Security, Click on the Internet Icon
  2. Click Custom Level, and Change the settings under the active scripting options. (illustration below)


Full details here!

Comment: Wow! A Windows engineer at work sent this to me. Note to self - "don't cut a password, a CC #, or other sensitive data!"




Checked at home with Safari and Firefox. These browsers would not pass clipboard data to the hacking website.

No comments:

Post a Comment

Any anonymous comments with links will be rejected. Please do not comment off-topic