ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Industry watch Toolkit

Users warned over IE clipboard exploit

Matt Loney ZDNet.co.uk

Published: 23 Dec 2002 12:32 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Windows users were warned over the weekend of an exploit in Microsoft's Internet Explorer browser that lets any Web site copy the contents of the Windows clipboard without the user knowing.

Popular Windows site NTFS highlighted the exploit, which has been known about for some time, but which is still not widely known amongst users. "I often copy and paste passwords," said one ZDNet UK reader on finding out about it.

As the number of passwords that people have to keep track of increases, many resort to quick and easy methods of remembering and entering them, and cutting and pasting from a document is not uncommon. A recent survey found that the average IT user now has 21 passwords, with some heavy users having to keep track of as many as 70. Forty-nine percent write their passwords down, or store them in a file on their PC.

A Web page with a simple piece of code can use the Internet Explorer exploit to monitor the contents of the clipboard, and send them to a remote server-side script for processing. The remote script is then able save the clipboard text in a database, or email it to an arbitrary address.

"The biggest threat is if you copy your Internet banking security code or password to your clipboard, then go surfing," said NTFS. "You may even copy your credit card number when buying online, so it is easier to fill in the details, (and then) you may then go to a site that harvests your clipboard information."

The SecurityFocus Web site points to an older example, which creates a popup window that hides out of view with an innocent-looking taskbar entry. This window, which could monitor every piece of text copied into the clipboard, respawns itself when a user tries to close it.

Users can protect themselves from the exploit by clicking on Tools in the Internet Explorer toolbar, then selecting Internet Options / Security / Custom Level, scrolling to Scripting and disabling "Allow past operations via script".

This latest warning comes hot on the heels of several new IE security bugs, and as Microsoft's browser continues to increase in poularity, now commanding more than 52 percent of the market.

Microsoft was not immediately available for comment.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Let the editors know what you think in the Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
30 out of 58 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Industry watch



Company/Topic Alerts

Create a new alert from the list below:




Discussions

0xyGen 0xyGen

Please help me in choosing web hosting

Sunday 20 July 2008, 10:32 AM

1 post
1000030281 1000030281

Facebook Bans Firefox 3

Sunday 20 July 2008, 2:33 AM

1 comment
David Long David Long

The App store spells death to Jailbrea...

Saturday 19 July 2008, 11:06 PM

6 comments
roger andre roger andre

The App store spells death to Jailbrea...

Saturday 19 July 2008, 10:36 PM

6 comments

View All

Featured Talkback

When all is said, if Microsoft produce the best product people will buy it and thats a good thing. If people have to buy their product because no one else can produce an alternative, only because interoperability protocols are kept secret, then thats a bad thing.

By: pround

Read full story:
EU court crushes Microsoft's antitrust appeal