TIP: Solution for Hacking Through the Clipboard
Posted
by Abdul shakoor Saqib
on August 1st, 2006
Introduction
You copy various data by using Ctrl+C or Ctrl+Insert for pasting elsewhere at a later time. This copied data is stored in the Clipboard and is accessible from the Net by a combination of JavaScripts and ASP. I want share this information because it potentially is very harmful. This information was gathered from the sourcrcodeworld forum.
Hacking Case
Just try this:
- Copy any text by pressing Ctrl+C.
- Click this link: http://www.sourcecodesworld.com/special/clipboard.asp.
- You will see the text you copied on the screen. It was accessed by this Web page.
Do not keep sensitive data (like passwords, credit card numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.
Solution
To avoid the Clipboard hack problem, do the following:
- Go to Internet Options, Security.
- Press custom level.
- In the security settings, select disable under Allow paste operations via script.
Now, the contents of your clipboard are safe and you can continue to enjoy Web browsing.
Actual Script
The following few lines are the actual agent used to steal the Clipboard data from your machine:
<Script Language="JavaScript"> var content = clipboardData.getData("Text"); alert(content); </Script>