Wednesday, November 30, 2005

Security Warning for Internet Explorer Users

edit menu from Microsoft Word I just saw this on Jim Calloway's Law Practice Tips Blog. If Internet Explorer is your browser, and if you ever use Copy and Paste or Cut and Paste in any application, continue reading.

It seems that some websites are using a combination of programming languages to steal the contents of your clipboard – the last thing you Copied or Cut, even if you have already Pasted it. edit buttons from Word button bar

If you have not already Copied or Cut and Pasted something since the last time you started your computer, do so now. Then go to http://www.friendlycanadian.com/applications/clipboard.htm using Internet Explorer. You will probably see that the page is displaying the last thing you copied or cut. Yikes!

Of course a website intent on stealing information would not display it. It would secretly redirect the contents of your clipboard into a database, where it could be mined for information worth stealing.

Security Settings box for Internet ExplorerHave you ever copied and pasted a credit card number, your social security number, or any other information you should not share with scammers?

Take the following steps to protect yourself:

  • From the Tools menu in Internet Explorer, select Internet Options.
  • Click on the Security tab then on the world icon to select the Internet zone.
  • Click on the Custom Level button near the bottom.
  • Scroll almost to the bottom of the security settings window that pops up.
  • Under "Allow Paste Operations via Script" click on the Disable or Prompt radio button.
  • Click on the OK button to close the Security Settings window, then OK again to close Internet Options.

That will keep your clipboard contents private. Thank you. I feel much better now.

UPDATE: Jim Calloway recommends choosing Prompt rather than Disable, in case a web application you like uses the clipboard paste feature for legitimate purposes. "So better to be prompted for this, or something else, than to have it suddenly stop working."

No comments: