We all have bad habits - like copying sensitive information such as passwords, credit card numbers etc. and pasting it in the required location in browser window. If you are an Internet Explorer user, with default security settings, IT IS VERY RISKY. The text in clipboard can be stolen easily when you visit web sites, using JavaScript. It can be stored easily in a database or used for some other purpose. To see the real issue, try the following steps.
1. Copy some text to the clipboard (select text somewhere and press CTRL + C).
2. Visit the web site http://www.sourcecodesworld.com/special/clipboard.asp
The text that is copied should be displayed in the web page. If not, you are safe. Let us see how it is done. JavaScript allows access to the clipboard using the function window.clipboardData.getData(). The returned value can be easily stored in a database or used for some malicious purpose.
Now how to avoid this clipboard hack problem? First of all, the above function works in Internet Explorer only. If you are a FireFox user, you are safe because FF does not allow access to clipboard due to security reasons. Personally, I found that FireFox is much better in many situations, and there are millions of people with the same opinion. In the case of IE, this problem can be solved by altering the security settings. The steps are given below.
1. In IE, Go to Tools -> Internet Options -> Security tab
2. Click on the Custom Level button.
3. Under settings for Scripting, select Disable for Allow paste operations via script. Check the screenshot that is given below.
Click OK and you should be safe now. Visit the same same web site again to verify the results.
No comments:
Post a Comment