wow ... i didnt know that copying my text to to clipboard with ctrl+c will render my computer insecure .... thanks for the information man ... i will try not to copy my passwaord anymore ... I will pass this message to my friends ... thanks again ...

Reply

hi mendezgarcia,

thanks for ur analysis and points. I myself have not worked much on Javascript. For one thing it may not just be password, but even Credit card information or n number of things.

Agree that the hacker must know the website the password is for and the username, but I know a few of my friends who store all this login info ie., website, username and password in a file on their system(since they do not remember all the passwords).

Anything might happen by accident.

Favoring ur point:
Yeah but the chances that a site might just keep on trying to guess are less than 1 in a million.
Moreover IE is not the browser that everyone uses.

I believe in being careful than regretting later... Since the solution of just switching off the option will not effect the browsing experince of the user in any way. Even if not as a security measure.. this info wud be useful just for awareness.

Cheers.

Reply

Thank you very much for the tip...I have just protected myself

Greetz

Reply

Now for me, I only know bits of javascript like



and



but what you posted above looks very scary. I hate to think if something was logging my clipboard.....

Reply

me uses firefox. so no ctrl+C probs.. i uses a lot. i mean alot of ctrl + c... thanks to firefox.. great security..

Reply

Sometimes, the control C javascript is very usefull, for example, when you press "highlight this" or maybe using the clipboard for something like replacing "variables" etc.

Reply

The quoted text above was sent by Sunny using PM, but I thought it would be interesting to talk about it.
Well, yes it IS possible to "transfer" selected text to JS and then send it to an "evil site" or whatever. But this would be a little more complicated thing to do. I'll post a method; there may be others, but they would follow the same structure.

The "exploiter" would have to create a site and trick you to visit it. This site would have 2 frames or iframes; one of them showing the site he wants to "steal" and the other (invisible) actually logging, using setTimeout to regularly copy and send the content.

But I think most of you know about phishing sites (what could be used as well, and it's even simpler) and wouldn't do something like this. Would you?

About capturing personal data, I don't know what you consider "personal data", but Javascript can't touch any files in your computer , except the infamous cookies. But
usually the browsers are disallow JS to access cookies from other sites.

 

 

 

Reply

My main purpose for me with this little bit of code (sorry if my last post mislead any of you, hope not) in my opinion, is to display that info on my site for my visitors, with an explanation of what it is, and how to prevent it.. I am personally not too concerned about the exploit for many reasons, many of which have already been discussed, but the main reason it doesn't bother me, is because I don't use CCs on my computer and passwords are only half of the key into any site..

Anyway, my interest is in displaying this info to users, similar to how many sites display the users IP address.. I may even add this handy little code bit to my Dynamic Signature!!

Again, thx for posting it! Ima have fun with it!! lol

Reply

LoL Nice idea to make some sites .... damn dude never knew this was possible thx !!!!!!!! I am adjusting it at this moment hile !!!!!

Reply

i need to learn that code

Reply