Tuesday, August 23, 2005

Be careful with Ctrl+C

We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by combination of Javascripts and ASP.

You don't trust me :) then just try the below steps:

1) Copy any text by Ctrl+c or Edit >> Copy or anyother method which you are comfortable with!

2) After that just visit this Link: http://www.friendlycanadian.com/applications/clipboard.htm

3) You will see the text you copied on the screen right there in that page.

Hope you would realise the seriousness now. The thumb rule is do not keep sensitive data (like passwords, creditcard numbers, etc.,) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Its always advisable to either copy useless piece of information onto the clipboard before leaving a shared computer OR logoff / restart the machine so that clipboard content would be erased.

8 comments:

Rameesh Ramachandran said...

Hi Vadivel,

Thanks for sharing this good piece of info. We may use this technique for data transfer in difficult situvations.

Regards
Rameesh

Anonymous said...

Thats wonderful man. At the same time, it so dangerous.

Rosi

Santhi.M said...

Hi anna..Its amazing..Thanks for the information..I have to be careful as i always leave sensitive information in the clipboard..

Marimuthu said...

Hi all,
We can secure our clipboard data from web scriptings :
In the security, Custom level settings choose Disable in the Allow Paste operations via script & u'll not face such problems..

Regards,
Marimuthu

Vadivel said...

That work-around is for IE 5.0 users. What about users who work with other browsers or earlier versions of IE :)

That is, A work-around for users using IE 5.0, is to disable or set-to-prompt the option of "Allow paste operation via script", which is accessible through Tools >> Internet Options >> Security >> Internet >> security zone >> Custom Level >> Scripting >> Allow paste operations via script

khaqsar said...

Good news is that IE7 fixed this issue … and it gives a nice warning for all such sites which try to access the clipboard. But that doesn’t make us fully secure as there are lots of other moles as well which can access our clipboard with/without clipboard …. May be Vineet Gupta or others can throw some light on this…

Hemendra Singh Shaktawat said...

Hey,

Thanks for the cool information. It will save me as an user and help has developer as well :)

Hemendra Singh Shaktawat

Mindfire Solutions
www.mindfiresolutions.com

Gaurav said...

It is not working in Firefox but working in IE
Same is here also
http://www.sourcecodesworld.com/special/clipboard.asp
Thanks

Gaurav Sharma