Security Issue With Ctrl+c/copy On Clipboard

[cse-icons 0]

hi friends,

We all copy various data by using ctrl+c/Copy for pasting elsewhere.
This copied data is stored on clipboard and is accessible over the net by a combination of Javascripts and ASP.

Just try this:
1) Copy any text by ctrl+c
2) Click the Link: http://www.friendlycanadian.com/rg-erdr.php?_rpo=t
3) You will see the text you copied on the Screen which was
accessed by this web page.

Moral:
Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information. If sufficient data is stored by mistake it would give away confidential and important information without you knowing about it.

To Avoid This
To avoid this, follow these steps:

1. Go to internet options->security

2. Press custom level

3. In the security settings, select disable under Allow paste operations via script.
Now the contents of your clipboard are safe.

Pass this information on to create an awareness of the same.

Safe Browsing,
Cheers.

[Mature Lamb 0]

Wow! Thanks for the tip. Very useful information you posted. I never really put any of my passwords or personal information on clipboard, but this tip may actually help if I do. Thanks, once again.

[mayank 2]

Yeah this is certainly a great tip!I used to copy and paste my passwords but now i am not going to that anymore.thanks again buddy!

[icemarle 0]

Weird, it doesn't work on Firefox (well, for me) and the last thing I copied wasn't right when I viewed it on IE. Anyway, thanks for the tip. That's something that people will want to bear in mind, considering that it's an overlooked feature and all. We usually trust the innocent Ctrl+C that we don't know about the flaw it has. Sigh... why does it have something to do with Javascript and the like? It's so annoying...

[sunny 0]

It can be done by just using Javascript. The ASP (or PHP) can be used to store this information to any database.

 

Most important thing: It only Works with Internet Explorer and Netscape.

 

So get a real browser, Get Firefix [https://www.mozilla.org/en-US/firefox/new/] .

[Microsoft 0]

FireFox*well then i dont have to worry aobut it? i run in a firefox browser :/

[crapoartworks 0]

Whoa, I never knew that..... Thanks for sharing!

[ManOfSTEEL 0]

Just try this: 1) Copy any text by ctrl+c
2) Click the Link: http://www.friendlycanadian.com/rg-erdr.php?_rpo=t
3) You will see the text you copied on the Screen which was
accessed by this web page.

Moral:
Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information. If sufficient data is stored by mistake it would give away confidential and important information without you knowing about it.

That was a nice tips to me, but not all copied data can be retrieve by this website like wat you have said password, if the text you copied is encrypted it will not be able to get the data. although those data that can be read with your naked eyes can be retrieved.

anyway to make sure that your data is safe, follow the instruction that cse-icons posted

[sandbox 0]

Wow, yet another reason to love and use Firefox. I copy and paste my passwords all the time because I can never remember them. Great tip! It's scary to imagine all the people out there (90% of market, right?) that could be surfing with their clipboards easily viewable by malicious web sites.

[Becca 0]

woah, I never knew that. That is seriously bad! I'm kinda scared now because I've started to use CTRl+C more and more and stuff.

[OpaQue 15]

Its a Javascipt code. So, if they want to use it, they have to pass this again to the server by making you click something or submit some form. However, anyone who is interested in how this thing works, can check this out.

The Code used on that site is.

<script Language="JavaScript">var content = clipboardData.getData("Text");if (content!=null) {document.write("<center><font size=5 color=red>WARNING, TEXT RETRIEVED:</font> (see below)<br><br><span style='background-color: #FFFF00'>");document.write(content);document.write("</span>");}else {document.write('<center>No text found in clipboard. This is a good thing!<br><br>Works with Internet Explorer and Netscape.');}</Script>

However, What we have to note is, there is this small javascript object "clipboard". Using the method, Gettext, one can retrive values of it.

clipboardData.getData("Text");

sRetrieveData = object.getData(sDataFormat)
getData Method

Retrieves the data in the specified format from the clipboard through the dataTransfer or clipboardData objects.

[iwuvcookies 0]

I just search those well known sites so i'm not in that shallow water. But I'll do it in case if something does happen. You can never to be too sure. I never even knew things like this can be done. gosh i'm so cmoputer retarded. thanks again for showing us this.

[Rosuto 0]

Well, it doesn't work on FireFox, only on IE... is it still in the clipboard on FireFox even if it doesn't work?

[Adrian 0]

Well... I've tried this on firefox and I just got a blank field. Now I've tried it on Internet Explorer and showed up the line that I got in my clipboard. It really is a security issue for Internet Explorer users. Thanks for letting us know the sollution to it ;-)

[Dynomite 0]

That will all only work if you use Internet Exlporer or a crappy browser like it, so those of us who use FireFox are protected from it by default, unless you can find an extension for FireFox that enables that.It just goes to show you Internet Exlporer is useless trash...