Ctrl+C - How safe are you????

I got the following mail from one of my friends at TAPMI.

We do copy various data by ctrl+c for pasting elsewhere. This copied data is stored in clipboard and is accessible from the net by a combination of Java scripts and ASP.

Just try this:
1) Copy any text by Ctrl+C
2) Click the Link:
http://www.friendlycanadian.com/applications/clipboard.htm
3) You will see the text you copied is displayed on the web page.

Do not keep sensitive data (like passwords, creditcard numbers, PIN etc.) in the clipboard while surfing the web. It is extremely easy to extract the text stored in the clipboard to steal your sensitive information.

I use Firefox, and using Firefox, when I did as told in the forward, I was unable to view any text – looks like Firefox has already taken this threat into consideration. So I repeated the above steps in IE, this time I was able to see the text that I had recently copied in clipboard. When I viewed the source of the webpage, I saw that the contents of the clipboard were accessed by a simple command - clipboardData.getData("Text").

This can be a serious threat, since many of the malicious codes are hidden inside innocuous websites. The information that you copied before accessing the website could be confidential and private, and since many of us are not aware of this threat, we would not know if someone would have accessed the information or not.

I searched the net and found a simple way to plug this problem. You need to follow the following steps –

1. Start IE.
2. From the Tools menu, select Internet Options.
3. Select the Security tab.
4. Select Internet, then click Custom Level.
5. Scroll down to the Scripting section.
6. Under "Allow paste operations via script," set to Disable or Prompt, then click OK.
7. Close all dialog boxes.

Now perform the same set of steps as mentioned earlier, and see the difference.

Rather than doing all this there is always a simple way out – USE FIREFOX!!