Thursday, August 25, 2005

Beware of Copy-Paste (Ctrl-C)

GOD! Just returned from a 3 days vacation (yes, 3 days here at Nevis at this time is REALLY a vacation) & already got lots to post in the bag!

We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Javascript and ASP.
Just try this:
1) Copy any text by ctrl+c
2) Click the Link to open in IE
http://www.friendlycanadian.com/applications/clipboard.htm
3) You will see the text you copied on the Screen which was accessed by this web page.

What if you happened to have Ctrl-C'ed your credit card number!!!

I didn't investigate why it doesn't work with Opera & Firefox. Wait a minute... does this give me another reason to claim that IE SUCKS!!!

1 comment:

The Shaolin said...

There's a way to avoid IE being exploited this way:
1. Go to
Tools -> Options

2. Select 'Security' tab

3. Under 'Scripting' select 'Disable' on 'Allow paste operations via script'.

But remember buddies, IE sucks B.I.G. time!