Varad, The .NET Guy!

Exploring the excitement of Microsoft .NET and much more..

Is your clipboard secured?

We copy various data by Ctrl+C for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a using JavaScript .

Just try this:

1) Copy any text by Ctrl+C

2) Click the Link: <http://www.friendlycanadian.com/applications/clipboard.htm>

3) You will see the text you copied on the Screen which was accessed by this web page.

Do not keep sensitive data (like passwords, credit card numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

The powerful JavaScript function behind this is [clipboardData.getData("Text");]

Solution To Avoid This:

To avoid this, do the following:

1. In the Internet Explorer browser, go to Tools -> Internet Options -> Security

2. Press Custom Level...

3. In the security settings, select Disable under Allow paste operations via script. Now the contents of your clipboard are safe.

 

Posted: Sep 07 2005, 03:53 PM by Varad | with 6 comment(s)
Filed under:

Comments

Chris Slatt said:

Using Firefox is a good solution too ;)
# September 8, 2005 12:12 AM

Wim Hollebrandse said:

If you use FireFox, you don't have to do anything! This is an Internet Explorer only security issue.
# September 8, 2005 4:50 AM

dylan said:

An easier way to avoid this is to use Firefox.
# September 8, 2005 10:10 AM

uber said:

Try this in Firefox. I think you'll be pleasantly surprised, unless you hate Firefox.
# September 8, 2005 10:18 AM

Varad said:

As being a die-hard Microsoft fan, I did not tried this on any other browsers (the site itself says this happens in Netscape too!). After seeing all the comments in favour of FireFox, I downloaded the same and tried it.

Surprisingly It worked, clipboard data is secured and that site was not able to trace the data copied on clipboard. Amazing :)

I would suggest the MS IE Team to make the "Allow paste operations via script" property to be disabled by default in their next version.

Thanks!
# September 8, 2005 7:21 PM

Caso Patologico said:

If you use firefox ... just kidding :)

I like Firefox, in fact, is my default browser, but i working on a custom right-click context menu and i want add "copy/paste" function .. it wors on IE but i can't do on firefox!!

Point to IE.

Mario
# September 11, 2005 4:58 AM