Sudar Blogs: My Certification Experiences

A record of my experiences with certifications. Starting with BrainBench, moving on to Microsoft (MCP, MCDBA, MCAD) and … surely one day with Sun (SCJP), together with things I come across my day to day life.

Note: This blog has been moved to http://SudarMuthu.com/blog/

Friday, September 09, 2005

Major Security Threat in IE

Recently I came to know about a major security threat in Internet Explorer from Lifehacker tips. Any website can read the text present in your clipboard with out your knowledge and can even replace the text present in your clipboard. I went to the article present in the tip and they mentioned that you can use ASP, PHP or Perl together with Javascript to retrieve the text.

This interested me much and I tried to figure out how to do it and to my surprise I was able to retrieve the clipboard text with just two lines of javascript code alone without even using any server side script like ASP or PHP. I have written more about it and you can find it out in this url (www.clipboard.googlemyway.com).

After retrieving the text I was thinking what a website can do by knowing your clipboard text and then an idea struck me what if it is combined with AJAX. The website can get the contents of the user’s clipboard even if the user is not submitting a form or clicking a link. I have put up a practical demonstration of it here. Once you enter your email I take you clipboard text and email it to you even if you don’t click a link or submit a form. This sounds to be a very serious threat for me.

I have also put up a page, where you can find out how you can prevent it by changing your Internet Explorer settings. Luckily this seems to occur only in Internet Explorer. Firefox doesn’t seem to have this vulnerably. So one more reason for me to use Firefox. Asa, are you reading this?


2 Comments:

Post a Comment

<< Home