Thursday, May 25, 2006

IE/Clipboard Security Risk

Have you ever wondered what information a web server can glean from you when you visit a site? You can find out on the Project IP web site. I was really surprised at some of the stuff the site found about my pc and web session. Sure, I expected it to know my IP address, browser version, whether or not cookies were enabled, etc. However, I was surprised to find a list of all the plugins I have installed in my browser and the number of pages that I have viewed in my current web session.

But here's the real kicker, the last text item you copied onto your clipboard! Only works in Internet Explorer on the Windows platform. If you aren't using FireFox by now, maybe this will sway you. It reportedly works with varied success when IE is running in an emulator such as VMWare on another OS. Have you ever copied a password or credit card number or ssn and pasted it into anywhere? Hopefully, it wasn't right before you browsed a site that took advantage of this.

Luckily there is a fix:
Go to Tools > Internet Options > Security > Select a security zone > Custom Level > Scripting > Allow paste operations via script and set it to Disabled or Prompt.

No comments: