By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,712 Members | 2,174 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,712 IT Pros & Developers. It's quick & easy.

Security Flaw: Any website can read your clipboard text

P: n/a
Web sites you visit can retrieve data from your clipboard depending on
your security settings. Go to this page (www.clipboard.googlemyway.com)
and see if anything shows up in the box. If you are using Firefox or
Opera you probably won't see anything. However, if you are using
Internet Explorer then chances are that whatever you last copied into
your clipboard will be displayed.

Sep 18 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
Lee
Sudar said:

Web sites you visit can retrieve data from your clipboard depending on
your security settings. Go to this page (www.clipboard.googlemyway.com)
and see if anything shows up in the box. If you are using Firefox or
Opera you probably won't see anything. However, if you are using
Internet Explorer then chances are that whatever you last copied into
your clipboard will be displayed.


That's a pretty misleading subject line.
It should probably read, "If you use Internet Explorer and aren't
careful about your security settings, your data is not secure",
and that shouldn't really be news to anybody.

Sep 18 '05 #2

P: n/a
Sudar wrote:
Web sites you visit can retrieve data from your clipboard depending on
your security settings.


1) This is way, way, way old news.
2) It only affects IE, and only if you have your security settings setup to
allow it
3) It's stupid (IMO) for IE to allow this by default

I once setup a hidden iframe on a page of mine to capture clipboard contents
and save them to my server, without the user ever knowing. I was amazed at
how much conidential information I obtained, including personal emails, urls
(some with embedded logins and passwords), chat transcripts, etc.

I stopped after a while (the 'experiment' got old) but it was enlightening.

--
Matt Kruse
http://www.JavascriptToolbox.com
http://www.AjaxToolbox.com
Sep 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.