Clipboard Data Theft Now Optional With IE7 162
An anonymous reader writes "It's been known for a long time that Internet Explorer will happily allow any Web site to steal data that users have recently cut-and-pasted or copied into the Windows 'clipboard' data storage area. Well, now it looks like Microsoft has finally decided that this 'feature' was probably ill-advised, according to The Washington Post's Security Fix blog. IE7 throws up a warning asking whether users really want to let a site filch their clipboard data (Firefox, Opera and most other non-IE browsers forbid this behavior by default)."
Could anyone explain.. (Score:2, Interesting)
It's the defaults, stupid (Score:2, Interesting)
I've said it before, and I'll say it again: half of MS's security problems are stupid defaults. You've been able to disable "allow paste from script" in IE for ages now, but it's ENABLED BY DEFAULT. Stupid, STUPID, STUPID!!!
Now, if they would just unhide extensions by default, and disable ActiveX by default except for pages on the trusted list (or just get rid of ActiveX totally, but I realize that'd be asking for too much), and get rid of a few other stupid defaults that I always uncheck on a new install, and we'd all be a lot happier.
Re:Why? (Score:3, Interesting)
I still can't see a good reason to let the web page automatically get clipboard data. If you need it that badly, throw up a text box, and have the user hit paste.
Re:Features vs. Security (Score:5, Interesting)
Don't forget that that includes UNIX; from the preface to O'Reilly's "Practical Unix and Internet Security" [unix.org.ua]:
The various flavours of UNIX have come a long, long way since 1991. So have MS; but they have had farther to go, started later and have not been travelling nearly as fast. A modern Windows PC in skilled/sensible hands is safe enough, but so many are in less than optimal hands...
Only in Opera (Score:2, Interesting)
Re:Features vs. Security (Score:2, Interesting)
Re:Just curious here (Score:2, Interesting)
VMS, OS360.