Re: Security Flaw: Any website can read your clipboard text

From: Unruh (unruh-spam_at_physics.ubc.ca)
Date: 09/20/05


Date: 20 Sep 2005 19:09:23 GMT

Jim Watt <jimwatt@aol.no_way> writes:

>On Tue, 20 Sep 2005 08:35:47 -0700, Zilbandy
><zil@zilbandyREMOVETHIS.com> wrote:

>>Jim Watt <jimwatt@aol.no_way> wrote:
>>
>>>>> Web sites you visit can retrieve data from your clipboard depending on
>>>>> your security settings. Go to this page (www.clipboard.googlemyway.com)
>>>>> and see if anything shows up in the box. If you are using Firefox or
>>>>> Opera you probably won't see anything. However, if you are using
>>>>> Internet Explorer then chances are that whatever you last copied into
>>>>> your clipboard will be displayed.

This is very iffy. For example, the web site could just be sending a
message to your browser to display the clipboard. This does NOT mean that
the remote site knows anything about your clipboard, just that it has told
your own browser on your own machine to display the clipboard, a totally
secure thing to do.

Are you sure this is anything different than that, ie, that the remote site
can get the contents of your clipboard?

>>>>
>>>>I do not use Windows so I have not been able to verify it. However, if true,
>>>>has this been acknowledged by MS? Are they going to fix it?
>>>
>>>Its certainly true.
>>>
>>>One could regard it as a feature rather than a bug and there is the
>>>option to turn it off. Mine is now off because its a feature to live
>>>without.
>>
>>Where would that option to turn it off be located?

>tools>internet options>security>custom level

>navigate the tree to

>scripting
> allow paste operations by script

>and check the 'disable' radio button.
>--
>Jim Watt
>http://www.gibnet.com



Relevant Pages

  • Re: Security Flaw: Any website can read your clipboard text
    ... > message to your browser to display the clipboard. ... >> allow paste operations by script ...
    (alt.computer.security)
  • Re: Security Flaw: Any website can read your clipboard text
    ... >message to your browser to display the clipboard. ... >the remote site knows anything about your clipboard, ...
    (alt.computer.security)
  • RE: Exporting to Clipboard
    ... As for the copying webform datagrid content into Clipboard question you ... HTML/client scripts to the clientside and then at clentside, the browser ... the ability of copy/paste is limited to the brwoser's support and the ...
    (microsoft.public.dotnet.framework.aspnet.datagridcontrol)
  • Re: Copying hidden text, possible?
    ... You can define a Range in a macro to be anything you want, including hidden text, and do as you will with it - no need to change the display in the process at all. ... It's fascinating that Word can paste the text internally while hidden, ... Clipboard can paste the hidden text but does not display the text ...
    (microsoft.public.word.newusers)
  • Re: Tinyurl.com and my clip board
    ... The clipboard functionality is a "feature" of using that site with IE ... is an IE warning message only, ... The TinyUrl result page clearly states, ... If a user is stupid enuf to use IE as their browser, ...
    (misc.news.internet.discuss)