stevesmithx

DISCLAIMER:
The following link hijacks your clipboard.However you can change the content of the clipboard by closing the page.

http://garyc.mooo.com:3232/rr/

Normally I have seen websites that are intrusive by opening popups and changing the
homepage.
But this one has gone one-level up by hijacking the clipboard.(although done to amuse the visitor).

I don't have a clue how they do this but I guess it may have something to do with "invisible" flash that loads on that page.
Imagine what would happen if the reverse is also possible?(If the contents of the clipboard can be sent to the site on visiting the site.(esp. if you have sensitive info in the clipboard))
Is the internet becoming more insecure these days?

Edit:
eeks!It does seem to be possible to do the above:
http://www.knowledgebase-script.com/...ticle-421.html

__________________
Not everything that can be counted counts, and not everything that counts can be counted
- Albert Einstein.


No programming language is perfect. There is not even a single best language; there are only languages well suited or perhaps poorly suited for particular purposes.
- Herbert Mayer

whiteflags

The preconceived notion that the internet was secure is untrue, particularly because of the people using it as always. In the beginning it was rather amazing it worked and everyone basked in it. Only download content (particularly objects, activex stuff and scripts) from sites that you trust, but misfortune can still happen.

__________________
<Niggawatts> Writing is both mechanical and organic
<Niggawatts> It's like a cyborg dragon.
<Niggawatts> Writing is like a cyborg dragon.

Salem

Firefox + flashblock + noscript

[ ] Yes, I'd like to download any piece of content-free crap which has no clear and present use.

Attached Images

 

__________________
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.

Yarin

Of course, anything that gets more complicated also gets more insecure...
Just look at Vista.

__________________
May the Source be with you.

abachler

or women <duck>...

__________________
Until you can build a working general purpose reprogrammable computer out of basic components from radio shack, you are not fit to call yourself a programmer in my presence. This is cwhizard, signing off.

Dae

It's not encrypted.

The internet's security isn't changing. This stuff has existed for years. Any major insecurities Adobe patches up immediately (the only problem with that is some people run outdated Flash players). MSIE gets tougher on phishing (I would know -wink-). Firefox gets tougher on everything (MSIE hides flash HTTP calls, Firefox doesn't). Plugins are developed to solve these problems (flashblock). We do however discover more bugs as time goes on, obviously. If you've tried to exploit Flash or AJAX, then you would now they are very secure. There's only a few exploits, one of which I'm not telling (only works well on MSIE anyway).

__________________
Warning: Have doubt in anything I post.

GCC 4.5, Boost 1.40, Code::Blocks 8.02, Ubuntu 9.10 010001000110000101100101

master5001

Only a retard uses MSIE anyway. If you would like I will write an unnecessarily long essay to back up what I just said. I don't care who gets their feelings hurt because their myspace looks bomb on IE. It is true (I also don't care who I injured with that statement either )

Dae

I doubt many programmers use MSIE (Yay!). That includes most of this forum. (Woot!) I found only 30% of my random visitors use MSIE. (Chaching!) MySpacers are definitely big offenders. (WTF!)

Edit: Vrooooooom!

__________________
Warning: Have doubt in anything I post.

GCC 4.5, Boost 1.40, Code::Blocks 8.02, Ubuntu 9.10 010001000110000101100101

master5001

I am noticing a big shift towards linux lately. That is definitely a good thing. It is good to see Microsoft's grasp on the industry letting loose.

maxorator

It doesn't hijack anything... it just copies stuff to the clipboard with an interval. It's totally safe.

__________________
The duck is irrelevant to my point.

stevesmithx

Thanks all for your replies.
@Salem
Thanks for the info about those extensions.Been using firefox for a long time with popular extensions sans the two you mentioned.

@DAE
How did you see the code?.I can't see a thing on the page source.
I thought the code was inside that flash component and NOT part of the javascript.

It does that without user's permission.And after you leave the page open you can't copy
anything else on the clipboard.I think that is intrusive and too much of a "functionality" for a web page.I totally agree that it is safe but not when done in the reverse.

__________________
Not everything that can be counted counts, and not everything that counts can be counted
- Albert Einstein.


No programming language is perfect. There is not even a single best language; there are only languages well suited or perhaps poorly suited for particular purposes.
- Herbert Mayer

Dino

IE has a setting to disallow javascript access to the Clipboard.

__________________
Mac and Windows cross platform programmer. Ruby lover.

maxorator

It's not javascript - it's Flash.

@stevesmithx
You can't possibly support removing the clipboard functionality from Flash. It is an essential feature. This problem is another one of those "drive people mad with safe little annoying things". The reality is that intrusive sites simply aren't used and lose their market share.

Didn't you know you can simply decompile Flash files? And ActionScript's syntax isn't as close to Javascript's syntax as people tend to think.

__________________
The duck is irrelevant to my point.

Dino

Well, that explains it - it certainly looked like javascript.

__________________
Mac and Windows cross platform programmer. Ruby lover.

sean

They're both based on ECMA - so it's kind of like comparing JavaScript and C#.

I agree with maxorator - in the apps we've made at work we use that feature - and it rounds out the functionality of a webapp quite well. I don't think it's inherently unsafe at all - if people are worried about it, they should by all means block it as mentioned above, but it really can't do any harm to your system. You just shouldn't visit sites if you know they're dumb - that's the only site I've heard of doing that.

Lots of websites do things without your permission - if you were to disable all of them, you wouldn't have a very useful internet experience.