Lesigner Girl
Minerva
Worldly Traveler (premium)
Runboard staff member
Registered: 11-2005
Province: SW MI, USA
Posts: 5133
Karma: 89 (+103/-14)
|
|
Reply | Quote
|
|
 Never CTRL+C sensitive data in IE!
Joshin Josh found this at toxicblogs.blogspot.com and in turn posted it at his board, Board Skins. I'm sure he won't mind me passing it along here.
This is yet another reason to ditch Explorer and use a good browser like Firefox.
From toxicblogs.blogspot.com:
We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP.
Just try this:
1) Copy any text by ctrl+c
2) Click the Link:
http://www.friendlycanadian.com/applications/clipboard.htm
3) You will see the text you copied on the Screen which
was accessed by this web page.
Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.
IE has numerous security loopholes, and this would be a very easy one for any good programmer to exploit.
Edit to add my own discovery: I just discovered that it works if you copy a link with your mouse. In other words, copying sensitive information by any method before browsing in IE can be dangerous.
Last revised by Lesigner Girl, 7/28/2007, 8:07 pm
|
|
7/28/2007, 7:49 pm
|
PM Lesigner Girl
Read Blog
|
Joshin Josh
Citizen
Worldly Traveler (premium)
Registered: 11-2004
Province: State of Change
Posts: 239
Karma: 3 (+4/-1)
|
|
Reply | Quote
|
|
Re: Never CTRL+C sensitive data in IE!
Of course I wouldn't mind lol. Scared me to death when I tried that out.. I had been an IE user from 1996ish to 2005, so I'm sure I've copy and pasted simple data before.
--- 
Club Pandemonium has Started a board hop, Join today! |
|
7/29/2007, 11:20 pm
|
PM Joshin Josh
|
Lesigner Girl
Minerva
Worldly Traveler (premium)
Runboard staff member
Registered: 11-2005
Province: SW MI, USA
Posts: 5133
Karma: 89 (+103/-14)
|
|
Reply | Quote
|
|
Re: Never CTRL+C sensitive data in IE!
I knew you wouldn't mind, because you like to help people, and this is helpful information! 
It seems like any kind of copying, whether it's with the mouse or the keyboard, is dangerous with IE, and who knows if there are ways to exploit it with other browsers as well. So the only way to be safe with this kind of thing is to never copy passwords, pin numbers, credit card numbers, social security numbers, or any other sensitive information, period... no matter what browser you use. Better safe than sorry, eh?
Thanks for posting it at your board, btw.  I've copied and pasted passwords myself, but luckily I use Firefox. 
|
|
7/30/2007, 6:20 pm
|
PM Lesigner Girl
Read Blog
|
