





Clipboard Data Theft Now Optional With IE7 162
An anonymous reader writes "It's been known for a long time that Internet Explorer will happily allow any Web site to steal data that users have recently cut-and-pasted or copied into the Windows 'clipboard' data storage area. Well, now it looks like Microsoft has finally decided that this 'feature' was probably ill-advised, according to The Washington Post's Security Fix blog. IE7 throws up a warning asking whether users really want to let a site filch their clipboard data (Firefox, Opera and most other non-IE browsers forbid this behavior by default)."
Re:not quite (Score:3, Informative)
Comment removed (Score:3, Informative)
Re:not quite (Score:3, Informative)
Only a matter of time... (Score:2, Informative)
Yes, it's possible to disable it completely through Internet Security Settings with a setting called "Programatic Clipboard Access".
Re:not quite (Score:3, Informative)
signed.applets.codebase_principal_support Gives scripts using codebase principals access advanced scripting capabilities. Basically, it allows signed applets out of the sandbox because they've promised to play nice. One of the main uses of this (according to the help page) is to allow IRC applications access to your clipboard.
http://kb.mozillazine.org/Firefox_:_FAQs_:_About:
Re:not quite (Score:5, Informative)
Don't know about the others, but firefox definitely does implement it [mozillazine.org], it's just off by default.
example (Score:2, Informative)
Re:Are both ways fixed? (Score:5, Informative)
Workaround for IE6 (Score:2, Informative)
This has an interesting side effect on the "harmless" exploit page mentioned in the article, though. The script on that page apparently loops continuously, so every time you answer (whether yes or no) the dialog is presented again. The dialog takes precedence over other IE controls, and as near as I can tell there's no way out short of terminating the browser.
Re:Probably? (Score:3, Informative)
You're worried that if someone steals your laptop, they might be able to find your email address and spam you?
First of all, I said email PASSWORD, not address. Somebody could steal my laptop and read my email and send email from my account. That would require them to be able to discern the password in all the millions of bytes of swap data, but I can imagine writing a program that could scan for candidates.
If my email password happened to be equal to my main account password (as can happen due to certain policies, but thankfully not in this case), that's quite a bit more serious. It makes me wonder what else might be lurking in the swap partition. When you type a password (like say, the root password for your main file server) into an application, you're really placing all your faith in that application to dispose of that data appropriately. So yeah, I'd be worried, especially in the context of a company, where it's easy to get your hands on a laptop that doesn't belong to you.
My IE7... (Score:2, Informative)
Re:Features vs. Security (Score:3, Informative)
I think it's more acurate to say "appear convenient and powerful". There's nothing convient or powerful about data lost or computers infected with worms and trojans.
Re:not quite (Score:2, Informative)
Re:not quite (Score:4, Informative)
Re:example (Score:3, Informative)
Re:Features vs. Security (Score:3, Informative)
Re:not quite (Score:3, Informative)
Being able to highlight something, then middle click to paste it somewhere is huge.
You still have a separate ctrl-c and ctrl-v functionality with a separate clipboard for your manual copy/paste, so you're not losing any functionality.
It's a *very* useful feature, and far from useless, I keep looking for something similiar for windows but can't find anything that works for me.