Anurag Jain's Blog
Monday, October 03, 2005

Bad Clippy. Bad Baad Clippy.

I always had wondered about the privacy issuess with clipboard contents on public/shared computers when one user leaves and another occupies it without a logoff. The following information I recently got, confirmed the fears, only worse. Now I am having kafkaesque dreams imagining what all info I must have given out unknowingly to dubious sites.

"Many times, as a matter of convenience, you may copy information to your Windows clipboard to paste into a web form. Even something like a credit card number, to save having to type it out. With an exploitation of Java script, a hacker could grab the information from your clipboard and you would never know it.

To demonstrate this, copy anything to your clipboard, part of this message for instance. Then go to this link and you quite likely will see the contents of your clipboard right on the page. If you're running Firefox, you will not see the clipboard contents because of that browser's minimal java support. This site is harmless and is just a demonstration to illustrate that clipboard contents may not be 100% private and to use this Windows feature with caution, at least when using the Internet.

It is true, text you last copied for pasting (copy & paste) can be stolen when you visit web sites using a combination of JavaScript and ASP (or PHP, or CGI) to write your possible sensitive data to a database on another server. Hopefully you haven't copied a credit card number recently before surfing! This page will clear your clipboard."

More info here and here.

2 comments                                                                                              

Comments:
Thats deadly.

Technology is like numbers.For every positive number,there seems to be a negative number as well.As of now,its a balance.Who knows it will tilt to the other side 21 days from now?

:-D
 
This doesn't happen with Firefox or Netscape. Only with IE!

Move to Firefox today!:)
 
Post a Comment


Home