Stefan Goßner

Senior Escalation Engineer for SharePoint (WSS, SPS, MOSS, SP2010) and MCMS

Blogs

Be careful with Ctrl-C

  • Comments 1
  • Likes

[From a mail thread]

Data stored in clipboard can be accessed by a malicious website through a combination of Javascripts and server side code (like ASP, ASP.NET, PHP, CGI, ...).

Just try this:

  1. Copy any text by ctrl+c
  2. Click the Link: http://www.friendlycanadian.com/applications/clipboard.htm
  3. You will see the text you copied on the Screen which was accessed by this web page.

A malicious websites can easily steal sensitive data (like passwords, creditcard numbers, PIN etc.) stored in your clipboard while surfing the web. To prevent this you should change the security setting Allow paste operations via script for at least the Internet Zone in Internet Explorer to Prompt. Per default this setting is set to Enabled.

Comments
  • This is an IE only exploit...

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment