The short version is that if you’re using IE, any website can read the data from your clipboard and do whatever it likes with it. Check out the demo here. IE 7 lets you turn this feature off, and non-IE browsers don’t even support it. IE 6…well, if you’re still using IE 6, now’s a great time to consider your other options. In the meantime, be careful about what you copy and paste.
Wow. Thanks for the heads up.
Jesus, why do people even use Microsoft products anymore? It’s like they engineer security flaws into the software just to get the free publicity.
“I have four words for you. I…hate…this…company!”
Stranger
I like Microsoft. I love Vista.
I’ll upgrade the second it’s out.
…and then get a virus that will not only wipe out every computer, it’ll kill every fifth person and make bill gates’ cock grow 34532435435 inches
To be fair, they’re not the only ones to have security flaws in their software. Further down the OP’s linked page is a link to an article about a patch to fix 8 security holes in Mozilla - given that the patch applies to a range of different versions, it implies that these security flaws have been there a while also.
Don’t get me wrong, I love Firefox, and I distrust Microsoft a little more every day, and admittedly, this clipboard thing is totally fucking stupid, but let’s keep things in perspective.
Sure, but I can’t think of any third party commerical software, much less open-source based OSs, past the early 'Nineties that have the kind of profligate security breaches that Microsoft routinely displays in its allegedly extensively tested, high-priced code. There’s bad software, worse software, and Microsoft, which aspires to rock bottom and then starts scraping away at the bedrock. Color me totally unimpressed with Vista, too.
Stranger
Lucky I don’t ever C&P passwords or save them in one of those password saver things.
They want a copy of my post or an address I put into a map program and I’m silly enough to go to a site that will be trying that, prolly serves me right.
I use FireFox, IE. Opera, and AOHell depending on what the web site works best on. So 99% of my work is with Firefox. I don’t think the US weather service is going to steal from me which is 99% of what I use IE for.
Mostly what is on my clipboard are parts of jpg’s I’m working with while I have no browser open.
But I do agree that we should get everyone in the world off MS and run BG into the poor house. He is such an evil force in the world. Why I bet he kills spiders and cockroaches when they get in his way and all that terrible stuff…
MS is obviously the most evil and corrupt and worst place to work and only hires people who have made a pack with the devil to harm as many computers as they can possibly can and I know that we can run that orginazatioin so much better and we would but out a much better product, and I know we are about to go public with our perfect corporation any day now…
It’s there is other software, too. But people aren’t trying as diligently to find the security holes in Firefox. It gives hackers great satisfaction to find problems with Microsoft software, and they have no interest in trying to find the same problems in Firefox (which they like).
They’re in Firefox (and Netscape and Safari and any browser you name). But those aren’t targets, so they are overlooked.
Security problems exist in any software, but they’re isolated problems in those other apps. All of Microsoft’s security holes are symptoms of the deeper underlying problems in their design philosophy.
Take the one in the OP, for example. This is not a hole that could have been left open by accident–IE was intentionally designed to allow websites to read the content of your clipboard. No one with any sense of good security is going to allow that.
Sorry, not buying this. Firefox has consistantly held 20-30% of the market share since soon after its introduction, and the fact that it accepts a wide variety of plug-ins, scripts, and interfaces should, in theory, make it potentially more vulnerable than IE. Microsoft has some fundamental philosophical flaws in the way they approach security and testing that are endemic throughout their whole product line. This doesn’t make them evil, but it does make them institutionally incompetent. They’re hardly alone in this–I’d make the same argument regarding pre-OSX MacOS and Apple (as a software company) in general–but given that they control, via questionable business practices, the bulk of the market, it’s frustrating that there’s really no impetus for them to improve the way that design and code software and operating systems.
Stranger