Welcome to HostingForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Security Flaw: Any website can read your clipboard text

  
   Web Hosting Problem Solving Community! (Home) -> Webmaster RSS
Next:  AWW  
Author Message
sudarmuthu

External


Since: Sep 18, 2005
Posts: 1



(Msg. 1) Posted: Sun Sep 18, 2005 8:15 am
Post subject: Security Flaw: Any website can read your clipboard text
Archived from groups: alt>www>webmaster (more info?)
Web sites you visit can retrieve data from your clipboard depending on
your security settings. Go to this page (www.clipboard.googlemyway.com)
and see if anything shows up in the box. If you are using Firefox or
Opera you probably won't see anything. However, if you are using
Internet Explorer then chances are that whatever you last copied into
your clipboard will be displayed.

 >> Stay informed about: Security Flaw: Any website can read your clipboard text 
Back to top
Login to vote
af380

External


Since: Sep 17, 2004
Posts: 284



(Msg. 2) Posted: Sun Sep 18, 2005 9:25 pm
Post subject: Re: Security Flaw: Any website can read your clipboard text [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Sun, 18 Sep 2005, Daniel R. Tobias wrote:

> sudarmuthu RemoveThis @gmail.com wrote:
> > Web sites you visit can retrieve data from your clipboard depending on
> > your security settings. Go to this page (www.clipboard.googlemyway.com)
> > and see if anything shows up in the box. If you are using Firefox or
> > Opera you probably won't see anything. However, if you are using
> > Internet Explorer then chances are that whatever you last copied into
> > your clipboard will be displayed.
>
> Nothing in the box for me, in the Mozilla Suite.
>
> So it looks like users of decent browsers are unaffected by this
> security bug.

Lynx and DOS Users: "Clipboard? We don't need no steenking clipboard!"

Another question comes to mind. Can the website force transmission of the
data to the website? While the clipboard may be displayable in the user's
browser, that is not necessarily evidence that it can be fetched by the
website with the allegedly malicious code or that any security is
compromised.

A plain hyperlink,
<a href="file://localhost/C:/">we have stolen your files</a>
may display a user's home directory on some systems with some browsers[1]
when he/she clicks on the link but that doesn't mean that a directory
listing is sent to the site with the hyperlink.

[1] It works with IE on my Windows 98 machine.
--
``Why don't you find a more appropiate newsgroup to post this tripe into?
This is a meeting place for a totally differnt kind of "vision impairment".
Catch my drift?'' -- "jim" in alt.disability.blind.social regarding an
off-topic religious/political post, March 28, 2005

 >> Stay informed about: Security Flaw: Any website can read your clipboard text 
Back to top
Login to vote
SpaceGirl

External


Since: Aug 04, 2005
Posts: 246



(Msg. 3) Posted: Mon Sep 19, 2005 2:19 am
Post subject: Re: Security Flaw: Any website can read your clipboard text [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
sudarmuthu.TakeThisOut@gmail.com wrote:
> Web sites you visit can retrieve data from your clipboard depending on
> your security settings. Go to this page (www.clipboard.googlemyway.com)
> and see if anything shows up in the box. If you are using Firefox or
> Opera you probably won't see anything. However, if you are using
> Internet Explorer then chances are that whatever you last copied into
> your clipboard will be displayed.

Nope. Doesn't work here either. One of these things that only gets you
if you are dumb enough to still be using Internet Explorer. Really...
do you NEED any more reasons to switch browsers????
 >> Stay informed about: Security Flaw: Any website can read your clipboard text 
Back to top
Login to vote
dan

External


Since: Sep 19, 2005
Posts: 1



(Msg. 4) Posted: Mon Sep 19, 2005 9:02 pm
Post subject: Re: Security Flaw: Any website can read your clipboard text [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
nospam RemoveThis @geniegate.com wrote:
> A high percentage of people actually paste URL's directly into search boxes
> because they don't understand the concept of a "url".

I get some traffic from time to time from people who do this, typing in
the address of some site about whose URL I happen to have commentary on
one of my pages, so their search engine brings them to my site instead
of the one they were really trying to go to. I think once when I was
getting a particularly big burst of such mis-accesses, I actually put a
notice on that page saying something like "You moron, this is *not* the
XYZ web site... why don't you try typing XYZ.COM in the *address bar*
where it belongs?"

And then there's the fact that the drooling idiots (AOLers especially)
are unable to type e-mail addresses (their own, or anybody else's)
correctly, and one of their most common errors is to prefix "www." to
them, like they don't understand the distinction between Web and e-mail
addresses. Back in the old days, I often had wildcard addresses set up
on domains (both on my personal sites and at work) and would receive
such misaddressed mail, but due to spam, such wildcards are rare these
days and most mail like that gets bounced.

--
Dan
 >> Stay informed about: Security Flaw: Any website can read your clipboard text 
Back to top
Login to vote
Display posts from previous:   
   Web Hosting Problem Solving Community! (Home) -> Webmaster All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]