How sensetive data can be stolen from clipboard ?

By Ashish Mohta

Clipboard is one of the features in windows which can store information when you do a ctrl + C. Have you though somebody easily can steal it ? Yes, It’s possible if any site is containing a particular script which allows it to find whats on your clipboard and store it on their side. If you are in habit of doing copy paste things like Credit card number, passwords and others , its not safe.

Text from Clipboard explains how it does. This is the script which can be placed in any web page and when you visit the site, using IE Browser, it can easily retrieve what was in your copy paste/ Clipboard

The Clipboard hack is done by the following Source Code:

This vulnerability is found in Only IE . Firfox is safe !!! It Rocks

<Script Language="JavaScript">
var content = clipboardData.getData("Text");
alert(content);
</Script>

This is the output of the script in the image, I copied some text and It showed up.

Image Example of Clipboard hack

How to avoid data getting stolen from clipboard ?

To avoid clipboard hack, do the following:

  1. Go to internet options->security
  2. Press custom level
  3. In the security settings, select disable under Allow paste operations via script.

Clipboard Hack

Now your clipboard is safe.

This settings are for IE. I was not able to find similar settings for Firefox.

Source : Sourcecodesworld

 

About The Author of this article:
Ashish is one of the co-author of this blog and writes on various interesting softwares, PC tips and more. You can read more of his articles here.

Enjoyed this article? Download our Toolbar and read us more quickly or Subscribe to the Full RSS Feed or Get Post like this in your Inbox Click to get via Email ( You will have to confirm by checking you Inbox)


Readers Play Ground


13 Comments and Link-Backs to “How sensetive data can be stolen from clipboard ?

Click Me and Jump to Add your Comment :)

11 Comments from Friends and Readers

  • ReviewSaurus, July 27, 2007:

    Hmm..it can be a bit dangerous but not completely. there can be some sensitive information copied in clipboard but not all for e.g. in case of username & pwd., if just one thing is copied on clipboard then its of no use to anyone.

    Even if both the things are there i.e. UN & PWD then also you may wonder that where exactly you’ll use them.

    I agree that it can be dangerous but only in few situations.

  • Ashish Mohta, July 27, 2007:

    I would agree with you. The most sensitive is credit card number which some people have habit of copying from one web page to other as they are lazy to type. Credit Card numbers are easily identifiable.

  • dEEPAK, July 27, 2007:

    wooh.. didn’t know any such thing could happen.. Will have to find an alternative to stop this on linux..

  • Mr.Byte, July 27, 2007:

    Nice Tip…Usually if I copy any significant data, after I use it, I used to copy some junk value so that nobody can use Ctrl + V to find it….Does the script retrieve only the last copied data or whatever copied for the last couple of times?

  • Ashish Mohta, July 27, 2007:

    @Byte: As far this code concerns, It can reviel only last copied. So only data like credit card can be stolen easily and they are easy to identifiy

  • vaze, July 27, 2007:

    This is an IE only problem.
    Mac and Linux users are safe as are Firefox, opera etc users on Windows.

  • Ashish Mohta, July 27, 2007:

    @Vaze: If its only IE problem then its all good. I tried using in firefox it didn’t work and didn’t find anything in settings. I am not 100% confirm though. If somebody can validate it more will be cool

  • Zyphix, July 27, 2007:

    I read an article last week somewhere on the same topic. They said it’s an IE problem only.

  • evilelement, July 28, 2007:

    lets look at this from a positive aspect, maybe people will stop using IE!

  • franchise opportunity, July 29, 2007:

    Great information here. I never had any idea that data from a clipboard could be compromised like that. I’ll definitely have to be more vigilant in the future.

  • Vijay, July 29, 2007:

    Great article, Ashish. Usually it is just random data that is collected. One may never know when the important data is on the clipboard/

2 Trackbacks/Pingbacks - Other blogs referencing this article

Leave a comment Share your thoughts with the world

Scroll Down and Check footer for more details

Search








  • Recent Comments:

    • Fx15: is it free?
    • Lida: 20k usd for 300 MB :)) i am not older in PC, my first hdd is 1 GB and i paid about $300
    • Jasmine: Seems it can capture in various shape. Great! What I currently use only in square.
    • PT: I saw customized fonts in this site’s adsense - a serif “Ads by Google” and Century Gothic/Avant Garde...
    • lucky: Its really good software For Pc
    • Anand: Uncyclopedia is about Unicycles!! You must be kidding..
    • eyad: thxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    • Xjs: If you still got an invitation, please send me one – you got my e-mail address.
    • ANURAG: I submit my query for battery BL 5C last Aug 2007 no .0670400363563N141722812632, Till date i hav not recived...
    • Ashfame: Even I knew about this a long time ago but hey it might be new for many people. Thanks for sharing and...

Technology Blogs - Blog Top Sites