TIP: Solution for Hacking Through the Clipboard

Introduction

You copy various data by using Ctrl+C or Ctrl+Insert for pasting elsewhere at a later time. This copied data is stored in the Clipboard and is accessible from the Net by a combination of JavaScripts and ASP. I want share this information because it potentially is very harmful. This information was gathered from the sourcrcodeworld forum.

Hacking Case

Just try this:

  1. Copy any text by pressing Ctrl+C.
  2. Click this link: http://www.sourcecodesworld.com/special/clipboard.asp.
  3. You will see the text you copied on the screen. It was accessed by this Web page.

  4. Do not keep sensitive data (like passwords, credit card
    numbers, PIN etc.) in the clipboard while surfing the web.
    It is extremely easy to extract the text stored in the
    clipboard to steal your sensitive information.

This works for both IE and Netscape.

Solution

To avoid the Clipboard hack problem, do the following:

  1. Go to Internet Options, Security.
  2. Press custom level.
  3. In the security settings, select disable under Allow paste operations via script.

Now, the contents of your clipboard are safe and you can continue to enjoy Web browsing.

Actual Script

The following few lines are the actual agent used to steal the Clipboard data from your machine:


<Script Language=”JavaScript”>
var content = clipboardData.getData(“Text”);
alert(content);
</Script>

More by Author

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Must Read