Everyone knows that the Password input field(login field) also accepts copy+paste and this is the biggest security failure since the internet era. If you think, you are smart enough and can’t be hacked by a hacker you should probably give it a second thought. Sometimes little mistakes can be highly devastating and there is no shame in admitting that we all do make mistakes and careless at times.
You will never hear any security personnel or any website saying they are hack-proof because the truth is, there is nothing called hack-proof, but the noobs just don’t admit it. The hackers have been successfully phishing bulks of credit card data, social security numbers and off course your online identity with very simple tricks.
Do you know every big and small company has a hacking history? Yes and these companies includes twitter, Google, Microsoft and also NASA. of course you can check that for more information if you want. And remember No one is safe here, if you think you are smart enough, buddy you are at big RiSk.
Now lets get back to our topic. almost everyone of us do copy-paste work..Right? isn’t it so simple just press Ctrl+C (copy in windows) to copy and Ctrl+V (paste in windows) to paste?. we all are so used to it that we even copy-paste our password in the login fields. some are so lazy that they cant even type their 8-char password. and that’s where comes the biggest Risk. believe me it’s not at all safe. and Actually, it doesn’t really matter how complex or large your password is, if you use copy and paste option to enter password using any browser such as Internet Explorer then you are at a Big Risk my dear.
Most of us are active on many websites including social networks and for good reasons we setup different passwords (which is a good thing), But gradually it becomes tedious to remember so many passwords and we end up creating an excel sheet or text document of our passwords and later we just copy and paste whenever required. So we finally make that small mistake which is enough for the Cyber Criminals.
How is This Possible?
Try it yourself!
Works only on Internet Explorer
- Copy any random text from this page or from your PC.
- Open your Internet Explorer 6 and go to http://www.hacker9.com/your-clipboard-data
You will see your last clipboard data on the message box, Surprised?,. you shouldn’t be..
If you are using Internet Explorer 8, you will be asked to choose whether you want to allow the webpage to access your clipboard data or not.
The clipboard hacking Java Script for IE
var content = clipboardData.getDataundefined”Text”);>
This script works only on internet explorer, and not on Mozilla Firefox browser or any other but this doesn’t mean that you are safe. there are scripts for that too. for security purpose i have not listed other scripts.
As you saw it successfully displayed your last copied text, its also possible to save that data on the database on another server and later on hacker can easily access that that. This test proves that how unsafe it is to work with CTRL+C while you are online. Hence, do not keep sensitive data – like passwords, credit card numbers, bank account number, PIN, ATM code, etc – in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.
Protection for IE users:
To avoid clipboard hijacking, do the following:
- Go to internet options and security.
- Press custom level.
- In the security settings, select disable under Allow paste operations via script.
Now the contents of your clipboard are safe.
Please forward this article to as many friends as you can to make them aware of this issue.
Thanks to Amol Bharti-Security Researcher. visit him at amudee.com