Be careful with Ctrl-C

[From a mail thread]

Data stored in clipboard can be accessed by a malicious website through a combination of Javascripts and server side code (like ASP, ASP.NET, PHP, CGI, …).

Just try this:

  1. Copy any text by ctrl+c
  2. Click the Link:
  3. You will see the text you copied on the Screen which was accessed by this web page.

A malicious websites can easily steal sensitive data (like passwords, creditcard numbers, PIN etc.) stored in your clipboard while surfing the web. To prevent this you should change the security setting Allow paste operations via script for at least the Internet Zone in Internet Explorer to Prompt. Per default this setting is set to Enabled.

1 Comment

  1. This is an IE only exploit…


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.