FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


IE users read this very important





vignesh_natraj
Internet Explorer/Maxthon Alert!!!, websites can easily get information from your clipboard. Firefox users are safe

Have you ever copied information to your clipboard, then later went online?

If the info you copied was of a sensitive nature, then this is gonna scare you like hell

Did you know that a website can easily snatch the info on your clipboard with about one line of Javascript?

it's true. Not all browsers are susceptible to this, but Internet Explorer is. Copy any line of this post and head to the page below:

Code:
http://www.worldstart.com/clipboardtest/clipboard-test


If it shows up on that page, then you're probably feeling a little anxious right about now.

I mean, just imagine if that info had been a password, credit card number, or bank account info!


Want to know how to disable this "feature"? It's easy as fallin' off a digital log:

Quote:

1. Open Internet Explorer and click the Tools menu, Internet Options.

2. Click the Security tab, then press the "Custom Level" button.

3. OK, grab your shovel, it's time to do some digging. Under the "Scripting" section, hunt for an entry called "Allow paste operations via script". Set to disable (or at least prompt).

4. Hit OK until you're back to Explorer.

5. That's it. Now try the page above and see what happens. With any luck, you should find that your clipboard is no longer accessible.
benjad
That is scary, that is just downright scary!

Makes me glad I've got the fox... Firefox!


[btw... is there a valid reason for this feature to be on? Anyone ever used it for a legitimate purpose?]
afracsass
sounds like this is really critical security problem. so far i didn't know that the contents in the clipboard can be easily snatched by a javascript.i knew that a javascript can copy somthing into ur clipboard. it's just curious how come MS made it possible by default though
Daniel15
I guess it's another hole in the Internet Explorer default security settings...

The code used on that page looks like this:
Code:

<script language="JavaScript">
var content = clipboardData.getData("Text");
if (content!=null) {
document.write("<center><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size=3 color=red>Here Is The Text We Grabbed From Your Clipboard:</font> <br><br><span style='background-color: #FFFF00'>");
document.write(content);
document.write("</span><p></p>")
document.write ("<center><font face='Arial,Helvetica,Geneva,Swiss,SunSans-Regular' size=2 color=black>Wanna protect yourself? - Read on:</font>");}
else {document.write('<center>Good news - no text was found on your clipboard. You can skip the info below - but still be careful out there!<br><br>');}
</script>

This only works with Internet Explorer (and Internet Explorer-based browsers like AOL, Maxthon or Avant). Users of Opera, Firefox, etc. are safe.
vignesh_natraj
change your security settings as recommended in the website or use Firefox
lukeropro
Yeah, it is a serious problem. Microsoft should solve this problem quickly. Maybe they should add this update in their windows update...
izcool
I used to own and operate a huge gaming website where JavaScript codes that would steal cookie information got to be a really big problem with IE users. I eventually found out that a person (not to be genderist) on my site was stealing accounts and didn't know the cause of it. When upon visiting his profile, I found out that his profile on my website directed me to a page he made off-site, where it downloaded my cookie information on my website to his webhost. Later, he checked his website to see what cookies he snagged and tried them on HIS computer. What he did was he copied MY cookie information into HIS cookie information and got into my account in a matter of a few seconds. I took action immediately and blocked out redirectors or any cookie-snagging codes from my website in response to this. Some people are sons of a gun and are very clever with finding out stuff like this and exploting it. Sure, it does happen. Imagine the same thing happening with BANK account cookies and such. Mine was quite minor as it was just a roleplaying game website.

- Mike.
Related topics
Microsoft Confirms 'Highly Critical' IE Hole!!
Design Tips
Make New Users Read Sticky's before creating new topics
Image Magick on vacation?
linux question...
Need someone to edit my CSS to make site viewable in IE
Code that only displays in IE!
Site redesign
Anything wrong with this design?
frih$ cash-in to loosen 45 Points limit
CSS Question Aid Please
Ok so im wanting to make money from my site please help me
why Firefox isn't answer 4 every webpage displayed?
Throwing IE Overboard
Reply to topic    Frihost Forum Index -> Computers -> Computer Problems and Support

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.