Clipboard Hack Problem - Beware of CTRL+C

Ctrl+C may be the most important work we do every day while we work on a computer. We cannot even recall how many times we press CTRL+C. But it is a highly unsafe operation. I will explain you why CTRL+C is so unsafe and insecure.

Have you ever wondered what happens when you press Ctrl+C while you are online. We do copy various data by Ctrl+C for pasting some information from one place to other. This copied data is stored in a computer memory called Clipboard and is accessible from the Internet by a combination of Java scripts and ASP scripts. This is called Clipboard Hack Problem.

To test the above claim, try the following:
1. Copy any text in your computer by pressing Ctrl+C
2. Click the link – http://www.sourcecodesworld.com/special/clipboard.asp
3. You will witness that the text you copied by CTRL+C was easily accessed by this web page

This test proves that how unsafe it is to work with CTRL+C while you are online. Hence, do not keep sensitive data – like passwords, credit card numbers, bank account number, PIN, ATM code, etc – in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

The text  that you last copy for pasting (copy & paste) can be stolen when you visit web sites using a combination of JavaScript and ASP (or PHP, or CGI) to write your possible sensitive data to a database on another server.

How does the Clipboard Hack Problem Work

The Clipboard hack is done by the following programming source code:

<script language=”JavaScript”>
var content = clipboardData.getData(“Text”);
alert(content);
</script>

Protect your Clipboard Information

To avoid and protect yourself from the Clipboard Hack Problem, do the following:

1. Go to Internet Options -> Security
2. Press Custom Level
3. In the Security settings, select Disable under Allow paste operations via script

Following the above steps will make the contents of your clipboard are safe.

Note: Interestingly, this hack works only on Internet Explorer, and not on Mozilla Firefox browser.