Clipboard Data Theft Now Optional With IE7

← Back to Stories (view on slashdot.org)

Clipboard Data Theft Now Optional With IE7

Posted by Zonk on Thursday December 21, 2006 @08:08AM from the options-are-good dept.

An anonymous reader writes "It's been known for a long time that Internet Explorer will happily allow any Web site to steal data that users have recently cut-and-pasted or copied into the Windows 'clipboard' data storage area. Well, now it looks like Microsoft has finally decided that this 'feature' was probably ill-advised, according to The Washington Post's Security Fix blog. IE7 throws up a warning asking whether users really want to let a site filch their clipboard data (Firefox, Opera and most other non-IE browsers forbid this behavior by default)."

6 of 162 comments (clear)

Min score:

Reason:

Sort:

not quite by pchan- · 2006-12-21 08:10 · Score: 5, Insightful

Firefox, Opera and most other non-IE browsers forbid this behavior by default

No, they don't forbid. They DON'T IMPLEMENT such a stupid idea. Microsoft had to go out of their way to ADD this "feature".
1. Re:not quite by uncommonlygood · 2006-12-21 08:37 · Score: 5, Informative
  
  Don't know about the others, but firefox definitely does implement it, it's just off by default.
2. Re:not quite by AchiIIe · 2006-12-21 08:45 · Score: 5, Insightful
  
  Not so fast. Have you tried using google spreadsheets? Try -- then try selecing something, right click and select "Copy", or "Paste"
  - Whoah, you can't copy paste unless you manually do CTRL-V, or CTRL-X/C
  
  I gave up on using word/openoffice I simply use writely for all my documents. I've had documents being edited with up to 50 people just fine.
  Think twice before blindly bashing microsoft. There are some of us that want that "feature"
  
  --
  Nature journal lied in Britannica vs Wikipedia Ask to retrac
Probably? by ifrag · 2006-12-21 08:12 · Score: 5, Insightful

How is something like this only "probably ill-advised".
This is beyond complete stupidity. I probably can't even count the number of times I've had security sensitive stuff in the clipboard.

--
Fear is the mind killer.
Features vs. Security by Kelson · 2006-12-21 08:30 · Score: 5, Insightful

Microsoft designed IE with features, not features specifically for secure browsing

Microsoft (and other software companies, but MS gets the most attention for it) spent years working under the paradigm where making things more convenient and/or more powerful for the user was the most important thing you could do to get people to use and buy your product. (Not saying they succeeded at making things convenient, just that it was the goal.) Security was only rarely a concern, because for the most part an attacker (barring the occasional virus-infected floppy) needed physical access to a personal computer to mess with it.

Two things changed: personal computers are now vastly interconnected. Lots more people have them. Result? Bad guys can attack random machines on the other side of the planet using automated tools. Security is now a major priority.

Bolting security onto insecure-by-design products has had spotty success. In the last couple of years Microsoft has also tried to make more security-conscious designs...and they've paid for it in complaints when customers lose the convenience of, for example, always running with admin rights.
It seemed like a good idea at the time by Somatic · 2006-12-21 08:52 · Score: 5, Funny

Public: What on earth would motivate you to implement such a thing?
MS: It seemed like a good idea at the time.
Public: In what way did it seem like a good idea?
MS: Well, maybe not a good idea, but an idea.
Public: So thinking was involved.
MS: Well, it was more like inspiration.
Public: ...
MS: They throw chairs at us. Help. Please.

--
My script don't crash! She crashes, you crashed her!