In and prior to Internet Explorer 6, the browser could actually let websites silently read the data stored in the Windows Clipboard. With Internet Explorer 7, Microsoft finally addressed this security hole which allowed malicious websites to read and steal your clipboard data.
Microsoft had posted ways on how to prevent it in KB224993. But that is now water under the bridge. As mentioned earlier, things changed after the release of Internet Explorer 7. Now this theft is, in a way, “optional”.
By default, in Internet Explorer 11, if a website tries to steal your clipboard data, you will see the following Prompt.
To illustrate this issue, simply Copy any part of the text from this web page or anywhere else and visit this demo website.
Your Internet Explorer will throw up the prompt :
Do you want this webpage to access your Clipboard? You should normally, of course select
Don’t allow.
But if you do select
Allow access, you will actually see your clipboard data displayed there.
The text which you last copied for pasting, can be easily stolen by malicious websites using a combination of JavaScript and ASP or PHP or CGI, to write your possible sensitive data to a database on another server.
Clipboard Data Theft – Harden IE Security
To avoid the prompt, and directly prevent websites access to your Clipboard data, you can harden IE security as follows:
Open Internet Explorer >
Internet Options >
Security tab >
Custom Level button >
Security Settings >
Under Scripting >
Allow Programmatic clipboard access.
Select
Disable, instead of the default Prompt. Click Apply >
OK.
The default is Prompt so a Prompt is expected to be thrown at you. But if you want to be absolutely safe, you may Disable it and simply disallow clipboard access. This will ensure the safety of your clipboards contents, always, as there will be not question of your even pressing on the wrong - Allow access – button, by mistake.
twc
