Clipboard

There isn't a security forum (perhaps one could be added, lots of topic there?) so I posted this here.

I've found a very nasty piece of code that logs peoples clipboard text when viewing a website.

It can insert something in your clipboard or get the contents of your clipboard (and log it).

So potentially a malicious webmaster could be spying on you.

(Example here http://tinyurl.com/alkbz) WARNING: The page will overwrite your clipboard text with "Digitalpoint rocks!"

Only works with internet explorer.

Now I found this code, and it scared me. So I hunted for a patch. Internet explorer service pack 1 is supposed to fix it. But i've downloaded it and I get a error "Current version is higher, aborting" (or something similiar)

I tried uninstalling internet explorer....no joy....

No matter what I do I cannot close this lookhole in my browser.

Any ideas (apart from not using internet explorer).

 

Just out of curiousity do you keep secure information in your clipboard?

 

Install SP2...

My clipboard data remained the same...

 

Use FireFox!

On a serious note, it indeed somehow got rolled back in the security updates.

How often do you browse while having sensitive stuff in your clipboard though?

Sort of related: http://news.techwhack.com/1181/it-is-googlecom-not-googklecom/

 

Yes, unintentionally....you know you cut paste passwords, your email address, many things go in my clipboard without me thinking.....I use it everday all the time...

 

SP2 is installed!

 

Meh...

I have all the latest updates installed and clicked that link while using ie (You really should switch to FF) and my clipboard data remained the same...

Maybe my firewall settings are tighter???

 

IS javascript enabled....Help > about in internet explorer...version (please)?

 

I've been to windows update, ran every update it threw at me (even optional ones) and it still works! If it helps im running version 6.0.2900.2180.xpsp_sp2_gdr.050301-1519

 

Yeah, I always have JS enabled...

Rinning ie version 6.0.2900.2180.xpsp_sp2.050301-1519 (Same as you)...

 

What the hell......

hmmm, must be something else. So it doesn't intert any test to your clipboard?

 

Nope none...

Like I say, the network here is pretty tight, so that may be it (I doubt it though)...

FYI I'm running no other security programs on this machine other than Win SP2.

 

Got it > tools > internet options > security > custom security >allow paste operations via script

this also stops the clipboard stealing naughtyness

woohoo

 

Thanks for the info...

 

Anyone with the above ticked I would urge to untick it!