Click Here
home features news forums classifieds faqs links search
6093 members 
Amiga Q&A /  Free for All /  Emulation /  Gaming / (Latest Posts)
Login

Nickname

Password

Lost Password?

Don't have an account yet?
Register now!

Support Amigaworld.net
Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
Donate

Menu
Main sections
Home
Features
News
Forums
Classifieds
Links
Downloads
Extras
OS4 Zone
IRC Network
AmigaWorld Radio
Newsfeed
Top Members
Amiga Dealers
Information
About Us
FAQs
Advertise
Polls
Terms of Service
Search

IRC Channel
Server: irc.amigaworld.net
Ports: 1024,5555, 6665-6669
SSL port: 6697
Channel: #Amigaworld
Channel Policy and Guidelines

Who's Online
18 crawler(s) on-line.
 41 guest(s) on-line.
 2 member(s) on-line.


 Seiya,  Mod3mski

You are an anonymous user.
Register Now!
 Seiya:  3 secs ago
 Mod3mski:  3 mins ago
 Karlos:  17 mins ago
 BigD:  18 mins ago
 ferrels:  20 mins ago
 kamelito:  38 mins ago
 amigakit:  39 mins ago
 amigagr:  1 hr 9 mins ago
 bhabbott:  1 hr 27 mins ago
 matthey:  1 hr 59 mins ago

/  Forum Index
   /  General Technology (No Console Threads)
      /  So websites can read my clipboard?
Register To Post

Goto page ( Previous Page 1 | 2 | 3 Next Page )
PosterThread
Stephen_Robinson 
Re: So websites can read my clipboard?
Posted on 19-Nov-2005 21:45:29
#21 ]
Super Member
Joined: 29-Apr-2005
Posts: 1991
From: UK

@wegster

It's a serious security problem with a major web Browser, heck, it's our duty to tell people about this and GET THIS GAPPING HOLE FIXED!!

And if it happens to embrasses Mircosoft, well, it's all good init?

SR

PS Aweb 3.5.07 isn't affected, now there's a suprise.

_________________
Rage quited 29th May 2011

 Status: Offline
Profile     Report this post  
Laser 
Re: So websites can read my clipboard?
Posted on 19-Nov-2005 23:37:11
#22 ]
Regular Member
Joined: 19-Jul-2003
Posts: 333
From: Norwich, UK

@DrBombcrater

Quote:
Features like this are logical enough when you consider what IE's sole purpose was for most of its life - a weapon to kill Netscape.

I'm not in the least surprised to find IE has this feature, it's simply the sheer stupidity of it.

We have ActiveX, we have the special non-sandbox Microsoft variant of a Java VM, we have email programs that will auto-open exe attachments, we have the default settings of WinXP that allow M$ to remote control your computer and, lo, we have web browsers that will tell the world all manner of information that is useless to anyone except those trying to pry their way into your computer and/or life.

Quote:
But now MS has to fix the pox-mess that is IE's code base in order to make it secure

Sure, there are hundreds of security holes in the code through mistakes and oversights. They would be forgiveable in some ways (everyone makes mistakes) if M$ weren't a multi-billion dollar company with ten times the programming resources of anyone else. But the IE clipboard thing and all the other stuff aren't accidents, they're totally idiotic features that add no value for the user and cause the sort of fundamental gaping security holes that anyone with the slightest computing competence could see a mile off.

It's nothing to do with out-doing the competition or being under heavy hacker scrutiny. It's an excruciatingly fundamental failure to either understand or care about basic security or privacy.

 Status: Offline
Profile     Report this post  
olegil 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 1:14:50
#23 ]
Elite Member
Joined: 22-Aug-2003
Posts: 5895
From: Work

@Laser

Bah, only criminals need privacy. Right?

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

 Status: Offline
Profile     Report this post  
Skunkfish 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 2:03:24
#24 ]
Regular Member
Joined: 9-Sep-2004
Posts: 295
From: Liverpool, UK

@olegil

Don't know whether its just my machine but it couldn't find anything in the clipboard with Firefox OR Internet Explorer?

Skunkfish

_________________
Currently planning to upgrade my Amstrad CPC

 Status: Offline
Profile     Report this post  
BigBentheAussie 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 2:09:13
#25 ]
Super Member
Joined: 28-Oct-2003
Posts: 1690
From: Melbourne, Australia

Quote:
var content = clipboardData.getData("Text");


And if I change the "Text" type to "File" do I get the file I just copy/pasted?

I shudder when I think about how many times I've pasted passwords, especially when they're computer generated passwords.

Ok. Going back to my happy place now.
We have soggy weiners!!! My burger gave me food poisoning.



_________________
Leo Nigro, CTO Commodore USA, LLC
Opinions expressed are my own and not those of C= USA.
Commodore/AMIGA "Beautiful, High-Performance, Home Computers for Creativity and Entertainment."

 Status: Offline
Profile     Report this post  
DrBombcrater 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 2:30:26
#26 ]
Super Member
Joined: 6-Feb-2004
Posts: 1382
From: UK

@Laser

Quote:
Sure, there are hundreds of security holes in the code through mistakes and oversights. They would be forgiveable in some ways (everyone makes mistakes) if M$ weren't a multi-billion dollar company with ten times the programming resources of anyone else. But the IE clipboard thing and all the other stuff aren't accidents, they're totally idiotic features that add no value for the user and cause the sort of fundamental gaping security holes that anyone with the slightest computing competence could see a mile off.

I'm quite certain the reason this stupid feature is still present in IE is for compatibility. Something, somewhere must use it. And Microsoft is very enthusiastic about maintaining compatibility. Windows and IE are used are the base for some very big, very expensive custom-build IT systems. If any of these systems use that clipboard function (and given the generally miserable quality of said custom software, that's very likely) then MS may not be able to remove it without very serious repercussions.

I don't think MS totally disregard privacy concerns, it just hasn't been a top priority for them. Until recently they always put functionality and compatibility above privacy and security. That worked for a long time, but of course the world has changed now and it doesn't work any longer. It doesn't really matter if they ever manage to fix IE, we've got Mozilla, Firefox, Opera, all of them better than IE.

But the same mindset is needed to fix Windows, and that does matter. Windows is going to be a fact of life for the computer industry for at least another decade, so anyone who can't get by with a niche OS (and by defenition, few people can) is going to have to live with whatever MS can produce.

_________________
Who do you serve, and who do you trust? - Galen

 Status: Offline
Profile     Report this post  
nicomen 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 10:46:03
#27 ]
Cult Member
Joined: 5-Nov-2003
Posts: 539
From: Trondheim, Norway

@all

Lol, is it for MSIE only, then who cares?

It's not like enlighted Amiga users us MSIE to try to surf the net?

In that case, I urge you to switch to a browser that is safe, fast and let's you surf Internet taking advantage of more its modern features (Opera, Firefox, Mozilla, Safari)

_________________
Nicolas Mendoza

 Status: Offline
Profile     Report this post  
Anonymous 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 10:48:49
# ]

0
0

@olegil

OK I use MS on my high end PC for banking etc. What does this really mean? is all of our info going to clipboard and can then be read? Even past firewall etc?

I know this is not an MS site but you have brought up a very worrying problem?

cheers
ace

 
     Report this post  
olegil 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 10:52:48
#29 ]
Elite Member
Joined: 22-Aug-2003
Posts: 5895
From: Work

@acefnq

All your clipboard are belong to us, yes. If you must use IE, don't EVER use the clipboard for anything that can be considered even REMOTELY sensitive.

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

 Status: Offline
Profile     Report this post  
lbking99 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 11:18:07
#30 ]
Member
Joined: 20-Apr-2004
Posts: 11
From: Unknown

Can be fixed easily.

1. In Internet Explorer, go to Tools -> Internet Options -> Security
2. Click on Custom Level
3. In the security settings, click to Disable the “Allow Paste Operations via Script.” That will keep your clipboard contents private.

 Status: Offline
Profile     Report this post  
Laser 
Re: So websites can read my clipboard?
Posted on 20-Nov-2005 11:30:03
#31 ]
Regular Member
Joined: 19-Jul-2003
Posts: 333
From: Norwich, UK

@DrBombcrater

Quote:
I'm quite certain the reason this stupid feature is still present in IE is for compatibility. Something, somewhere must use it. [...] Windows and IE are used are the base for some very big, very expensive custom-build IT systems.

You're probably right. I agree with what you say about people now having to deal with this stuff like it or not, but then see what was written by ibking99:

Quote:
3. In the security settings, click to Disable the Allow Paste Operations via Script. That will keep your clipboard contents private.

So we see again this is a "feature" that arguably has no use, yet serious repercussions, for most users. However, despite there being an option to turn it off, it is ON by default. These big corporate customers of M$ who need the compatibility could turn on the option for their application. The average Joe in the street wouldn't know what a script paste operation was if it bit them, so it should be OFF by default.

Not a clue...

 Status: Offline
Profile     Report this post  
Hammer 
Re: So websites can read my clipboard?
Posted on 21-Nov-2005 10:24:37
#32 ]
Elite Member
Joined: 9-Mar-2003
Posts: 4897
From: Australia

@olegil

Doesn’t quite work on MS Windows 2003 Server (NT5.2) i.e. (Security set to high by default ) and MS Windows XP X64 (NT5.2) edition.

Last edited by Hammer on 21-Nov-2005 at 10:39 AM.
Last edited by Hammer on 21-Nov-2005 at 10:37 AM.
Last edited by Hammer on 21-Nov-2005 at 10:29 AM.

_________________
Ryzen 9 7900X, DDR5-6000 64 GB RAM, GeForce RTX 4080 16 GB
Amiga 1200 (Rev 1D1, KS 3.2, PiStorm32lite/RPi 4B 4GB/Emu68)
Amiga 500 (Rev 6A, KS 3.2, PiStorm/RPi 3a/Emu68)

 Status: Offline
Profile     Report this post  
Hammer 
Re: So websites can read my clipboard?
Posted on 21-Nov-2005 10:33:56
#33 ]
Elite Member
Joined: 9-Mar-2003
Posts: 4897
From: Australia

@olegil

Already covered in
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q224993&

Last Review : December 3, 2004

Last edited by Hammer on 21-Nov-2005 at 10:36 AM.

_________________
Ryzen 9 7900X, DDR5-6000 64 GB RAM, GeForce RTX 4080 16 GB
Amiga 1200 (Rev 1D1, KS 3.2, PiStorm32lite/RPi 4B 4GB/Emu68)
Amiga 500 (Rev 6A, KS 3.2, PiStorm/RPi 3a/Emu68)

 Status: Offline
Profile     Report this post  
Hammer 
Re: So websites can read my clipboard?
Posted on 21-Nov-2005 10:49:11
#34 ]
Elite Member
Joined: 9-Mar-2003
Posts: 4897
From: Australia

@DrBombcrater

The clipboard function should have detected internet domain. Should be enabled within Trusted Zone and LAN by default.

_________________
Ryzen 9 7900X, DDR5-6000 64 GB RAM, GeForce RTX 4080 16 GB
Amiga 1200 (Rev 1D1, KS 3.2, PiStorm32lite/RPi 4B 4GB/Emu68)
Amiga 500 (Rev 6A, KS 3.2, PiStorm/RPi 3a/Emu68)

 Status: Offline
Profile     Report this post  
olegil 
Re: So websites can read my clipboard?
Posted on 21-Nov-2005 11:14:14
#35 ]
Elite Member
Joined: 22-Aug-2003
Posts: 5895
From: Work

@Hammer

But who on earth goes there looking for _trouble_? I might go to support.microsoft.com if I _know_ I have a problem, looking for a _solution_. But people here at work who use IE didn't know about it, and it sure as heck got their clipboard contents.

If this had been disabled by default it would have been ok. Expect me to have a hidden input box with clipboard contents on all my future projects (auto-filled on page load). This one is too good not to use

_________________
This weeks pet peeve:
Using "voltage" instead of "potential", which leads to inventing new words like "amperage" instead of "current" (I, measured in A) or possible "charge" (amperehours, Ah or Coulomb, C). Sometimes I don't even know what people mean.

 Status: Offline
Profile     Report this post  
tomazkid 
Re: So websites can read my clipboard?
Posted on 3-Dec-2006 3:29:27
#36 ]
Team Member
Joined: 31-Jul-2003
Posts: 11694
From: Kristianstad, Sweden

*BUMP*
Any IE7 users here?

Can the clipboard still be read?

_________________
Site admins are people too..pooff!

 Status: Offline
Profile     Report this post  
NomadOfNorad 
Re: So websites can read my clipboard?
Posted on 3-Dec-2006 5:24:27
#37 ]
Cult Member
Joined: 2-Jun-2003
Posts: 746
From: Jacksonville, Florida, USA, Earth, Sol system, Milky Way galaxy

@tomazkid

What's particularly interesting is that there's a sourceforge project, whos name escapes me at the moment, which has as its main purpose to let you store usernames and passwords for various sites, and works by placing the appropriate password into the clipboard, for x number of seconds, so that you can paste it into the appropriate field. It's also designed to auto-generate a very strong password (i,e, something like "GJHORH45&^rt+_*`HJKKmmwrZ") on demand for you to use on these sites. I've actually got this database proggy on my thumbdrive, but haven't used it in ages.

This steal-the-contents-of-your-clipboard exploit would eat that for lunch!

Well, only if you had bookoodle browser windows open, pointed at bookoodle different websites at the time, and were logging onto one or more secure sites while also visiting a site that was using this exploit.

_________________
"I love peacenicks, they're so easy to conquer." --Ivan J Ironfist, the Dictator

 Status: Offline
Profile     Report this post  
ikir 
Re: So websites can read my clipboard?
Posted on 3-Dec-2006 7:26:26
#38 ]
Elite Member
Joined: 18-Dec-2002
Posts: 5647
From: Italy

@olegil

Explorer sucks so hard....

_________________
ikir

 Status: Offline
Profile     Report this post  
ChrisH 
Re: So websites can read my clipboard?
Posted on 3-Dec-2006 8:12:48
#39 ]
Elite Member
Joined: 30-Jan-2005
Posts: 6679
From: Unknown

@tomazkid
I use Firefox, but have IE7 installed for security (some software uses IE functionality, e.g. Valve's Steam platform). The official IE7 does *not* reveal my clipboard, so it seems safe(r).

_________________
Author of the PortablE programming language.
It is pitch black. You are likely to be eaten by a grue...

 Status: Offline
Profile     Report this post  
Hammer 
Re: So websites can read my clipboard?
Posted on 3-Dec-2006 9:28:43
#40 ]
Elite Member
Joined: 9-Mar-2003
Posts: 4897
From: Australia


Quote:

tomazkid wrote:
*BUMP*
Any IE7 users here?

Can the clipboard still be read?



Nothing with IE 7.0.5730.11 (from MS WIndows Update).

_________________
Ryzen 9 7900X, DDR5-6000 64 GB RAM, GeForce RTX 4080 16 GB
Amiga 1200 (Rev 1D1, KS 3.2, PiStorm32lite/RPi 4B 4GB/Emu68)
Amiga 500 (Rev 6A, KS 3.2, PiStorm/RPi 3a/Emu68)

 Status: Offline
Profile     Report this post  
Goto page ( Previous Page 1 | 2 | 3 Next Page )

[ home ][ about us ][ privacy ] [ forums ][ classifieds ] [ links ][ news archive ] [ link to us ][ user account ]
Copyright (C) 2000 - 2019 Amigaworld.net.
Amigaworld.net was originally founded by David Doyle