Monday, October 09, 2006
Clipboard Security Hole in Internet Explorer: Attackers Can Steal Copied Text
It is true, text you last copied for pasting (copy & paste) can be stolen when you visit web sites using a combination of JavaScript and ASP (or PHP, or CGI) to write your possible sensitive data to a database on another server. Hopefully you haven't copied a credit card number recently before surfing!Check here first to see if you have a clipboard vulnerability (watch out for the pop up ad). If something shows up, you have a problem.
This is a vulnerability I first heard about a while back, and it came back to me recently since I've been using clipboard extensively when doing screen captures. While images aren't vulnerable, text certainly is. Firefox is apparently immune to this flaw, but even if you don't normally use Internet Explorer, it's still a good idea to close this security hole in IE that allows sites to access your clipboard.
To fix the clipboard security flaw:
Open up IE, and go to Tools -> Internet Options -> Security -> Select a security zone.
Choose Custom Level -> Scripting -> Allow paste operations via script and set this to disable.
It looks like IE 7 won't be affected by this problem. A prompt will pop up if a site tries to access your clipboard.
Technorati Tags:
Labels: Technology