Tuesday, May 17, 2011

Clipboard Hacking Problem via "CTRL+C" function in Internet Explorer



Category              : Windows
Operating System : Vista, Win7, XP and etc

Internet Browser  : MS Internet Explorer


I believe all of us are familiar with Ctrl+C functions in Windows platform. But recently found that the function is unwise to be used while online especially surfing via MS Internet Explorer.


Whats happened at the background is that, the date that you "CTRL+C" (it could be your banking password or Credit Card pin or online web password)  will be  stored in clipboard and it is accessible from the net by a combination of java-script and ASP. This is called Clipboard Hacking.


Just try this:
1. Copy any text by Ctrl + C
2. Click this Link: http://www.sourcecodesworld.com/special/clipboard.asp via MS Internet Explorer.
3. You will see the text you copied was accessed by this web page. 


It is true, text you last copied for pasting (copy & paste) can be stolen
when you visit web sites using a combination of java-script and ASP (or PHP,
or CGI) to write your possible sensitive data to a database on another
server.


How Clipboard Hack is done?  (for information purpose only)
The Clipboard hack is done by the following Source Code:


<script language="java-script">
var content = clipboardData.getData("Text");
alert(content);
</script>


How to safeguard yourself from Clipboard Hack Problem?
To avoid clipboard hack problem, do the following:
1. Go to internet options->security.
2. Press custom level.
3. In the security settings, select disable under Allow paste operations
via script. (Scripting sub heading)



I found it very funny whereby this hacking method does not work on Mozilla Firefox Browser and Google Chrome.


Morale of the story:
1. Do not keep sensitive data (like passwords, credit card numbers, PIN etc.) in the
      clipboard while surfing the web.
2. Never use CTRL+C to paste your security credential while online
3. Start using Google Chrome and Mozilla Firefox Browser J


                                                        !!!Cheers!!!!





No comments:

Post a Comment