Clipboard hijack

This is a discussion on Clipboard hijack within the A Brief History of Cprogramming.com forums, part of the Community Boards category; DISCLAIMER: The following link hijacks your clipboard.However you can change the content of the clipboard by closing the page. http://garyc.mooo.com:3232/rr/ ...

  1. #1
    and the hat of copycat stevesmithx's Avatar
    Join Date
    Sep 2007
    Posts
    494

    Clipboard hijack

    DISCLAIMER:
    The following link hijacks your clipboard.However you can change the content of the clipboard by closing the page.

    http://garyc.mooo.com:3232/rr/

    Normally I have seen websites that are intrusive by opening popups and changing the
    homepage.
    But this one has gone one-level up by hijacking the clipboard.(although done to amuse the visitor).

    I don't have a clue how they do this but I guess it may have something to do with "invisible" flash that loads on that page.
    Imagine what would happen if the reverse is also possible?(If the contents of the clipboard can be sent to the site on visiting the site.(esp. if you have sensitive info in the clipboard))
    Is the internet becoming more insecure these days?

    Edit:
    eeks!It does seem to be possible to do the above:
    http://www.knowledgebase-script.com/...ticle-421.html
    Last edited by stevesmithx; 11-03-2008 at 07:22 AM.
    Not everything that can be counted counts, and not everything that counts can be counted
    - Albert Einstein.


    No programming language is perfect. There is not even a single best language; there are only languages well suited or perhaps poorly suited for particular purposes.
    - Herbert Mayer

  2. #2
    Registered User whiteflags's Avatar
    Join Date
    Apr 2006
    Location
    United States
    Posts
    7,657
    The preconceived notion that the internet was secure is untrue, particularly because of the people using it as always. In the beginning it was rather amazing it worked and everyone basked in it. Only download content (particularly objects, activex stuff and scripts) from sites that you trust, but misfortune can still happen.

  3. #3
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,484
    Firefox + flashblock + noscript

    [ ] Yes, I'd like to download any piece of content-free crap which has no clear and present use.
    Attached Images Attached Images  
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  4. #4
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    1,605
    Quote Originally Posted by stevesmithx View Post
    Is the internet becoming more insecure these days?
    Of course, anything that gets more complicated also gets more insecure...
    Just look at Vista.
    A class that doesn't overload all operators just isn't finished yet. -- SmugCeePlusPlusWeenie
    A year spent in artificial intelligence is enough to make one believe in God. -- Alan J. Perlis

  5. #5
    Malum in se abachler's Avatar
    Join Date
    Apr 2007
    Posts
    3,189
    Quote Originally Posted by Yarin View Post
    Of course, anything that gets more complicated also gets more insecure...
    Just look at Vista.
    or women <duck>...
    Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

  6. #6
    Dae
    Dae is offline
    Deprecated Dae's Avatar
    Join Date
    Oct 2004
    Location
    Canada
    Posts
    1,034
    It's not encrypted.

    Code:
    function onEnterFrame()
    {
        System.setClipboard(strings.join("\r\n") + "\r" + "\n" + "\r" + "\n");
    } // End of the function
    
    var strings = ["We\'re no strangers to love", 
    "You know the rules and so do I", 
    "A full commitment\'s what I\'m thinking of", 
    "You wouldn\'t get this from any other guy", 
    "I just wanna tell you how I\'m feeling", 
    "Gotta make you understand", 
    "Never gonna give you up", 
    "Never gonna let you down", 
    "Never gonna run around and desert you", 
    "Never gonna make you cry", 
    "Never gonna say goodbye", 
    "Never gonna tell a lie and hurt you"];
    
    var pointer = 0;
    Quote Originally Posted by stevesmithx View Post
    Is the internet becoming more insecure these days?
    The internet's security isn't changing. This stuff has existed for years. Any major insecurities Adobe patches up immediately (the only problem with that is some people run outdated Flash players). MSIE gets tougher on phishing (I would know -wink-). Firefox gets tougher on everything (MSIE hides flash HTTP calls, Firefox doesn't). Plugins are developed to solve these problems (flashblock). We do however discover more bugs as time goes on, obviously. If you've tried to exploit Flash or AJAX, then you would now they are very secure. There's only a few exploits, one of which I'm not telling (only works well on MSIE anyway).
    Last edited by Dae; 11-04-2008 at 04:38 PM.
    Warning: Have doubt in anything I post.

    GCC 4.5, Boost 1.40, Code::Blocks 8.02, Ubuntu 9.10 010001000110000101100101

  7. #7
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    Only a retard uses MSIE anyway. If you would like I will write an unnecessarily long essay to back up what I just said. I don't care who gets their feelings hurt because their myspace looks bomb on IE. It is true (I also don't care who I injured with that statement either )

  8. #8
    Dae
    Dae is offline
    Deprecated Dae's Avatar
    Join Date
    Oct 2004
    Location
    Canada
    Posts
    1,034
    I doubt many programmers use MSIE (Yay!). That includes most of this forum. (Woot!) I found only 30&#37; of my random visitors use MSIE. (Chaching!) MySpacers are definitely big offenders. (WTF!)

    Edit: Vrooooooom!
    Last edited by Dae; 11-04-2008 at 06:00 PM.
    Warning: Have doubt in anything I post.

    GCC 4.5, Boost 1.40, Code::Blocks 8.02, Ubuntu 9.10 010001000110000101100101

  9. #9
    Banned master5001's Avatar
    Join Date
    Aug 2001
    Location
    Visalia, CA, USA
    Posts
    3,685
    I am noticing a big shift towards linux lately. That is definitely a good thing. It is good to see Microsoft's grasp on the industry letting loose.

  10. #10
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    It doesn't hijack anything... it just copies stuff to the clipboard with an interval. It's totally safe.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  11. #11
    and the hat of copycat stevesmithx's Avatar
    Join Date
    Sep 2007
    Posts
    494
    Thanks all for your replies.
    @Salem
    Thanks for the info about those extensions.Been using firefox for a long time with popular extensions sans the two you mentioned.

    @DAE
    It's not encrypted.

    Code:
    Code:
    function onEnterFrame()
    {
        System.setClipboard(strings.join("\r\n") + "\r" + "\n" + "\r" + "\n");
    } // End of the function
    
    var strings = ["We\'re no strangers to love", 
    "You know the rules and so do I", 
    "A full commitment\'s what I\'m thinking of", 
    "You wouldn\'t get this from any other guy", 
    "I just wanna tell you how I\'m feeling", 
    "Gotta make you understand", 
    "Never gonna give you up", 
    "Never gonna let you down", 
    "Never gonna run around and desert you", 
    "Never gonna make you cry", 
    "Never gonna say goodbye", 
    "Never gonna tell a lie and hurt you"];
    
    var pointer = 0;
    How did you see the code?.I can't see a thing on the page source.
    I thought the code was inside that flash component and NOT part of the javascript.

    It doesn't hijack anything... it just copies stuff to the clipboard with an interval. It's totally safe.
    It does that without user's permission.And after you leave the page open you can't copy
    anything else on the clipboard.I think that is intrusive and too much of a "functionality" for a web page.I totally agree that it is safe but not when done in the reverse.
    Not everything that can be counted counts, and not everything that counts can be counted
    - Albert Einstein.


    No programming language is perfect. There is not even a single best language; there are only languages well suited or perhaps poorly suited for particular purposes.
    - Herbert Mayer

  12. #12
    Jack of many languages Dino's Avatar
    Join Date
    Nov 2007
    Location
    Katy, Texas
    Posts
    2,309
    IE has a setting to disallow javascript access to the Clipboard.
    Mac and Windows cross platform programmer. Ruby lover.

    Quote of the Day
    12/20: Mario F.:I never was, am not, and never will be, one to shut up in the face of something I think is fundamentally wrong.

    Amen brother!

  13. #13
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Quote Originally Posted by Dino View Post
    IE has a setting to disallow javascript access to the Clipboard.
    It's not javascript - it's Flash.

    @stevesmithx
    You can't possibly support removing the clipboard functionality from Flash. It is an essential feature. This problem is another one of those "drive people mad with safe little annoying things". The reality is that intrusive sites simply aren't used and lose their market share.

    Didn't you know you can simply decompile Flash files? And ActionScript's syntax isn't as close to Javascript's syntax as people tend to think.
    "The Internet treats censorship as damage and routes around it." - John Gilmore

  14. #14
    Jack of many languages Dino's Avatar
    Join Date
    Nov 2007
    Location
    Katy, Texas
    Posts
    2,309
    Well, that explains it - it certainly looked like javascript.
    Mac and Windows cross platform programmer. Ruby lover.

    Quote of the Day
    12/20: Mario F.:I never was, am not, and never will be, one to shut up in the face of something I think is fundamentally wrong.

    Amen brother!

  15. #15
    Super Moderator
    Join Date
    Sep 2001
    Posts
    4,913
    And ActionScript's syntax isn't as close to Javascript's syntax as people tend to think.
    They're both based on ECMA - so it's kind of like comparing JavaScript and C#.

    I agree with maxorator - in the apps we've made at work we use that feature - and it rounds out the functionality of a webapp quite well. I don't think it's inherently unsafe at all - if people are worried about it, they should by all means block it as mentioned above, but it really can't do any harm to your system. You just shouldn't visit sites if you know they're dumb - that's the only site I've heard of doing that.

    Lots of websites do things without your permission - if you were to disable all of them, you wouldn't have a very useful internet experience.

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. copying to clipboard
    By bballzone in forum Windows Programming
    Replies: 24
    Last Post: 09-30-2004, 03:24 PM
  2. Clipboard and Custom Types
    By McClamm in forum C# Programming
    Replies: 1
    Last Post: 09-16-2004, 04:43 PM
  3. Clipboard Modifier
    By Korhedron in forum Windows Programming
    Replies: 2
    Last Post: 01-03-2004, 01:32 PM
  4. Manipulating the Windows Clipboard
    By Johno in forum Windows Programming
    Replies: 2
    Last Post: 10-01-2002, 09:37 AM
  5. OLE Clipboard :: Win32 API vs. MFC
    By kuphryn in forum Windows Programming
    Replies: 3
    Last Post: 08-11-2002, 05:57 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21