Security threat in Internet Explorer

September 19th, 2005

hi!! here is a major security threat in IE. Using jes a line of javascript or vbscript, u can retrieve text from clipboard. And using technology such as AJAX, it is possible to send it to the server without page refresh i.e. user willnt know that some communication has happened between his sys & the server. 1 e.g. where AJAX is used is wen u sign up for a new mail account at gmail or yahoo. It gives u a button to check whether the user id u selected is available or not & the result is almost instantaneous without the whole page refreshing.

Btw, i read abt this somewhere around 2 weeks ago, but i understood the threat & its severeness when i was reading Sudar’s blog yesterday. Thanks 2 u sudar!!

Click on the links to get more information, a demo and a possible(not fool-proof) way to get rid of this problem.

1 more thing, this problem occurs only in internet explorer and i feel its mainly because of the extensive support of activeX controls. if u have some thoughts 2 share, dont hesitate to post a comment.

Posted by Aswin Anand Filed in Casually Speaking ..., Uncategorized
8 Comments »

8 Responses to “Security threat in Internet Explorer”

  1. Sudar Says:
    September 21st, 2005 at 10:35 am

    Simple Solution. Just dump IE and start using Firefox.

    Hmm I am waiting for Yuvi to comment on this 😉

  2. Aswin Anand T.H. Says:
    September 21st, 2005 at 11:34 am

    U r right. most of the times, i prefer to use opera bcos its very fast even in dialup & for websites that dont render correctly in opera, i use firefox.

    PS: the only thing i liked about IE is the way it displays contents.

  3. Yuvi Panda Says:
    December 30th, 2005 at 6:02 pm

    Or, I fancy, Don’t keep anything soooooooooooooooooooooooooooooooooooooooooooooo important in your Clipboard;)

    And, ofcourse, ditch IE and go to Avant;)

  4. Aswin Anand T.H. Says:
    December 30th, 2005 at 9:01 pm

    hi yuvi, i use a combination of opera and IE. If opera doesn’t render things well, i switch to IE. This combination has served well for a long time. 🙂

  5. Yuvi Says:
    May 11th, 2006 at 11:11 pm

    Try to use Firefox, the best solution or else try to install internet security softwares. This might desparetly safeguard you pc.

  6. Aswin Anand T.H. Says:
    May 12th, 2006 at 11:15 am

    am using opera 😀

  7. Sriram Says:
    August 13th, 2006 at 5:08 pm

    This depends on your settings- change this in the Security tab in the Internet options.

    Out of curiosity – how is this related to ActiveX in any way?

  8. Aswin Anand T.H. Says:
    August 14th, 2006 at 12:13 am

    @sriram:
    Yup! I changed that long ago.

    IE by default supports ActiveX controls and allows the controls to access HDD and clipboard. This doesn’t happen in any other browser. I found a sample activex code that restarts your comp from the browser.