Skip to main content

Be careful with Ctrl+C

We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by combination of Javascripts and ASP.

You don't trust me :) then just try the below steps:

1) Copy any text by Ctrl+c or Edit >> Copy or anyother method which you are comfortable with!

2) After that just visit this Link: http://www.friendlycanadian.com/applications/clipboard.htm

3) You will see the text you copied on the screen right there in that page.

Hope you would realise the seriousness now. The thumb rule is do not keep sensitive data (like passwords, creditcard numbers, etc.,) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Its always advisable to either copy useless piece of information onto the clipboard before leaving a shared computer OR logoff / restart the machine so that clipboard content would be erased.

Comments

Anonymous said…
Thats wonderful man. At the same time, it so dangerous.

Rosi
Santhi.M said…
Hi anna..Its amazing..Thanks for the information..I have to be careful as i always leave sensitive information in the clipboard..
Marimuthu said…
Hi all,
We can secure our clipboard data from web scriptings :
In the security, Custom level settings choose Disable in the Allow Paste operations via script & u'll not face such problems..

Regards,
Marimuthu
Vadivel said…
That work-around is for IE 5.0 users. What about users who work with other browsers or earlier versions of IE :)

That is, A work-around for users using IE 5.0, is to disable or set-to-prompt the option of "Allow paste operation via script", which is accessible through Tools >> Internet Options >> Security >> Internet >> security zone >> Custom Level >> Scripting >> Allow paste operations via script
Anil said…
Good news is that IE7 fixed this issue … and it gives a nice warning for all such sites which try to access the clipboard. But that doesn’t make us fully secure as there are lots of other moles as well which can access our clipboard with/without clipboard …. May be Vineet Gupta or others can throw some light on this…
Anonymous said…
Hey,

Thanks for the cool information. It will save me as an user and help has developer as well :)

Hemendra Singh Shaktawat

Mindfire Solutions
www.mindfiresolutions.com

Popular posts from this blog

Registry manipulation from SQL

Registry Manupulation from SQL Server is pretty easy. There are 4 extended stored procedure in SQL Server 2000 for the purpose of manupulating the server registry. They are: 1) xp_regwrite 2) xp_regread 3) xp_regdeletekey 4) xp_regdeletevalue Let us see each one of them in detail! About xp_regwrite This extended stored procedure helps us to create data item in the (server’s) registry and we could also create a new key. Usage: We must specify the root key with the @rootkey parameter and an individual key with the @key parameter. Please note that if the key doesn’t exist (without any warnnig) it would be created in the registry. The @value_name parameter designates the data item and the @type the type of the data item. Valid data item types include REG_SZ and REG_DWORD . The last parameter is the @value parameter, which assigns a value to the data item. Let us now see an example which would add a new key called " TestKey ", and a new data item under it called TestKeyValue :

Screen scraping using XmlHttp and Vbscript ...

I wrote a small program for screen scraping any sites using XmlHttp object and VBScript. I know I haven't done any rocket science :) still I thought of sharing the code with you all. XmlHttp -- E x tensible M arkup L anguage H ypertext T ransfer P rotocol An advantage is that - the XmlHttp object queries the server and retrieve the latest information without reloading the page. Source code: < html > < head > < script language ="vbscript"> Dim objXmlHttp Set objXmlHttp = CreateObject("Msxml2.XMLHttp") Function ScreenScrapping() URL == "UR site URL comes here" objXmlHttp.Open "POST", url, False objXmlHttp.onreadystatechange = getref("HandleStateChange") objXmlHttp.Send End Function Function HandleStateChange() If (ObjXmlHttp.readyState = 4) Then msgbox "Screenscrapping completed .." divShowContent.innerHtml = objXmlHttp.responseText End If End Function </ script > < head > < body > &l

Script table as - ALTER TO is greyed out - SQL SERVER

One of my office colleague recently asked me why we are not able to generate ALTER Table script from SSMS. If we right click on the table and choose "Script Table As"  ALTER To option would be disabled or Greyed out. Is it a bug? No it isn't a bug. ALTER To is there to be used for generating modified script of Stored Procedure, Functions, Views, Triggers etc., and NOT for Tables. For generating ALTER Table script there is an work around. Right click on the table, choose "Modify" and enter into the design mode. Make what ever changes you want to make and WITHOUT saving it right click anywhere on the top half of the window (above Column properties) and choose "Generate Change Script". Please be advised that SQL Server would drop actually create a new table with modifications, move the data from the old table into it and then drop the old table. Sounds simple but assume you have a very large table for which you want to do this! Then it woul