Friday, August 26, 2005

Be careful while using Internet banking on IE.

Do u use Internet Explorer ?

Do u use interbet banking ?

Do u use some time Ctrl+C on ur banking account ?

Stop take a look and think .

We copy various data by Ctrl+C for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Javascripts and ASP. So Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

Not ready to belive :- (Yes I know)
Here is POC (Proof of Concept)
Just try this:

1) Copy any text by Ctrl+C
2) Click the Link : Show POC
3) You will see the text you copied on the Screen which was
accessed by this web page.

Worried thinking what to do ?

One Solution for this problem is here. Forgot past, past is past. Or use FireFox. No No its not a Firefox advertisiment its just a suggesation. I know nothing is 100% secure but hidden flaws are not considered as flaws. Remember who got caugth is theif (simple). Some thing we have to trust. Or leave every thing write ur own browser. :)

Do the following . Dont be cynic on me , I am just helping U.

1. Go to internet options (of Internet Explorer) -> security
2. Press custom level
3. In the security settings, select disable under scripting head "Allow paste operations via script" If not able to find it out scroll down till end and go slowly to up.

Now the contents of your clipboard are safe. U can check it . How ?
Just click Show POC again simple.



Emily Santiago said...

Very nice blog you guys! Please check out this
page too!

Long Island Guide said...


I am looking around many blogs to see how and what to write about. I like what you have here and was wondering if you can help me out. I know that this is not on the subject you are talking about, but any help would be appreciated.

I was thinking of writing about long island ice tea What do you think? Check the site and let me know.

Best regards,