Runboard.com
You're welcome.



       Use the black navigation bar to log in or create your account.

 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9598
Karma: 132 (+147/-15)
ReplyQuote
posticon Never CTRL+C sensitive data in IE!


Joshin Josh found this at toxicblogs.blogspot.com and in turn posted it at his board, Board Skins. I'm sure he won't mind me passing it along here.

This is yet another reason to ditch Explorer and use a good browser like Firefox.

From toxicblogs.blogspot.com:

We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP.

    Just try this:
    1) Copy any text by ctrl+c
    2) Click the Link:
    http://www.friendlycanadian.com/applications/clipboard.htm
    3) You will see the text you copied on the Screen which
    was accessed by this web page.

Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

IE has numerous security loopholes, and this would be a very easy one for any good programmer to exploit.

Edit to add my own discovery: I just discovered that it works if you copy a link with your mouse. In other words, copying sensitive information by any method before browsing in IE can be dangerous.

Last revised by Lesigner Girl, 7/29/2007, 1:07 am


---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
7/29/2007, 12:49 am Link to this post PM Lesigner Girl Read Blog
 
Joshin Josh Profile
Live feed
Blog
Friends
Miscellaneous info

Citizen

Registered: 11-2004
Posts: 267
Karma: 4 (+5/-1)
ReplyQuote
Re: Never CTRL+C sensitive data in IE!


Of course I wouldn't mind lol. Scared me to death when I tried that out.. I had been an IE user from 1996ish to 2005, so I'm sure I've copy and pasted simple data before.

---

7/30/2007, 4:20 am Link to this post PM Joshin Josh Read Blog
 
Lesigner Girl Profile
Live feed
Blog
Friends
Miscellaneous info

Minerva
Head of Runboard staff

Registered: 11-2005
Posts: 9598
Karma: 132 (+147/-15)
ReplyQuote
Re: Never CTRL+C sensitive data in IE!


I knew you wouldn't mind, because you like to help people, and this is helpful information! emoticon

It seems like any kind of copying, whether it's with the mouse or the keyboard, is dangerous with IE, and who knows if there are ways to exploit it with other browsers as well. So the only way to be safe with this kind of thing is to never copy passwords, pin numbers, credit card numbers, social security numbers, or any other sensitive information, period... no matter what browser you use. Better safe than sorry, eh?

Thanks for posting it at your board, btw. emoticon I've copied and pasted passwords myself, but luckily I use Firefox. emoticon

---
Runboard Knowledge Base
Runboard Support Forums
Find other message boards
7/30/2007, 11:20 pm Link to this post PM Lesigner Girl Read Blog
 


Add to this discussion




You are not logged in (login)
Back To Top

This board's time is GMT.

Board's time is GMT