1. Join Now

    AVForums.com uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exposed Clipboard security test

Discussion in 'Desktop & Laptop Computers Forum' started by Pack Dude, Nov 8, 2003.

  1. Pack Dude

    Pack Dude
    Member

    Joined:
    Feb 6, 2002
    Messages:
    870
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    31
    Location:
    Lost In Space
    Ratings:
    +98
  2. Gary Lightfoot

    Gary Lightfoot
    Well-known Member

    Joined:
    Apr 6, 2001
    Messages:
    12,152
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    136
    Location:
    Surrey. UK.
    Ratings:
    +1,956
    Interesting....

    The fix seems to work, but like you say, I've no idea what other effects it may have.

    If you find out, maybe you could post it here? If I find anything, I'll post it.

    Cheers.

    Gary.
     
  3. CodeThief

    CodeThief
    Active Member

    Joined:
    May 25, 2002
    Messages:
    660
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    21
    Location:
    UK
    Ratings:
    +5
    Or you just use another browser (I use Mozilla) and it won't work :)

    Dave
     
  4. MikeTV

    MikeTV
    Well-known Member

    Joined:
    Feb 1, 2003
    Messages:
    7,781
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Ealing, London
    Ratings:
    +843
    That's quite bad. I think MS should issue a patch.

    Interesting.
     
  5. Beastie Boy

    Beastie Boy
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    Are we all just making assumptions that because the text is displayed on the screen, then it must be available across the internet.
    Remember that when you open a web page, you download info from the remote end onto your computer, not the other way around, so in order for it to be displayed on the screen, it isnt actually being sent anywhere but remains local to your machine.

    I don't know a great deal about how browsers work so I could be wrong here.

    Cheers, Beastie.
     
  6. Tomfoolery

    Tomfoolery
    Active Member

    Joined:
    May 16, 2003
    Messages:
    148
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    UK
    Ratings:
    +10
    I'd say this is probably similar to when sites can display what is on your hard drive. The site itself can't actually view it, it's added for your machine only.

    I may be wrong but I think if sites could access your clipboard, MS would provide a fix very quickly.
     
  7. Beastie Boy

    Beastie Boy
    Guest

    Products Owned:
    0
    Products Wanted:
    0
    Ratings:
    +0
    If this is the case then it is a pretty underhand way of trying to sell security software. :thumbsdow
     
  8. Gary Lightfoot

    Gary Lightfoot
    Well-known Member

    Joined:
    Apr 6, 2001
    Messages:
    12,152
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    136
    Location:
    Surrey. UK.
    Ratings:
    +1,956
    What Tomfoolery said is quite possible - I've seen the hard drive being displayed in a brouser, so the texy could be a similar thing.

    Gary
     
  9. cskates

    cskates
    Standard Member

    Joined:
    Jul 5, 2001
    Messages:
    151
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    18
    Location:
    Belfast, UK
    Ratings:
    +1
    I'm not so sure that it's harmless. I imagine that the frame containing that form could be shrunk to be invisible and the form could be automatically submitted once the clipboard was pasted. The MSFN.org fix only disables scripts from using the paste function, this shouldn't affect normal scripts. Or you could just use Mozilla/Firebird/Opera/etc... ;)
     
  10. Gary Lightfoot

    Gary Lightfoot
    Well-known Member

    Joined:
    Apr 6, 2001
    Messages:
    12,152
    Products Owned:
    0
    Products Wanted:
    1
    Trophy Points:
    136
    Location:
    Surrey. UK.
    Ratings:
    +1,956
    But what if you love Micro$?

    ;)

    Gary.
     
  11. MikeTV

    MikeTV
    Well-known Member

    Joined:
    Feb 1, 2003
    Messages:
    7,781
    Products Owned:
    0
    Products Wanted:
    0
    Trophy Points:
    136
    Location:
    Ealing, London
    Ratings:
    +843
    Like a fool, I failed to check the second link. But since there's a security setting in IE to disable it, I don't see this as being a security problem needing a fix. Sorry for adding to any alarm.

    Nevertheless, you could argue that the setting should be disabled by default. But it is also a difficult vulnerability to exploit successfully - given the random nature of a clipboard.
     

Share This Page

Loading...