Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Users warned over IE clipboard exploit

Microsoft Users warned over IE clipboard exploit

by Nikola Strahija on December 24th, 2002 Windows users were warned over the weekend of an exploit in Microsoft's Internet Explorer browser that lets any website copy the contents of the Windows clipboard without the user knowing. Popular Windows site NTFS highlighted the exploit, which has been known about for some time, but which is still not widely known amongst users.


"I often copy and paste passwords," said one reader on finding out about it. As the number of passwords that people have to keep track of increases, many resort to quick and easy methods of remembering and entering them, and cutting and pasting from a document is not uncommon. A recent survey found that the average IT user now has 21 passwords, with some heavy users having to keep track of as many as 70. Forty-nine percent write their passwords down, or store them in a file on their PC.

A web page with a simple piece of code can use the Internet Explorer exploit to monitor the contents of the clipboard, and send them to a remote server-side script for processing. The remote script is then able save the clipboard text in a database, or email it to an arbitrary address. "The biggest threat is if you copy your internet banking security code or password to your clipboard, then go surfing," said NTFS. "You may even copy your credit card number when buying online, so it is easier to fill in the details, (and then) you may then go to a site that harvests your clipboard information." This latest warning comes hot on the heels of several new IE security bugs, and as Microsoft's browser continues to increase in poularity, now commanding more than 52 per cent of the market.

Users can protect themselves from the exploit by clicking on Tools in the Internet Explorer toolbar, then selecting Internet Options / Security / Custom Level, scrolling to Scripting and disabling "Allow past operations via script".


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »