.

projectip.com

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Sep 07, 2006 3:43 pm

projectip.com

There are plenty of sites out there that show you what it knows about you by simply browsing to that site. But did you also know that it can pick up the contents of your clipboard? Just click on the link below to find out:

http://projectip.com/

From the site describing what can be captured:

The last text item you copied onto your clipboard! Only works in Internet Explorer on the Windows platform. It reportedly works with varied success when IE is running in an emulator such as VMWare on another OS. If you have to use Windows, at least dump IE and use Firefox.

Rogue, evil websites can use this to steal potentially sensitive data from your Windows clipboard. I have done this in Javascript within the browser and the contents of your clipboard is not sent to this server. If someone wanted to snoop they would do what I have done, except the text area where it's displayed would be invisible (using CSS display:none;) and they would use an XMLHttpRequest object to send it back to the webserver, all without your knowledge.

Fix: Go to Tools > Internet Options > Security > Select a security zone > Custom Level > Scripting > Allow paste operations via script and set it to Disabled or Prompt.


Don't copy your password!

Just more useful stuff you can find on the net,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Thu Sep 07, 2006 5:25 pm

Re: projectip.com

I like using About You from the dnsstuff.com web site. It doesn't go into as much detail, nor does it show you what's on your clipboard, but it's still very informative.

I've been doing lots of experiments there using Tor, Privoxy and a Firefox user agent switcher extension - interesting results.  :o
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

dbrookes

Post Fri Sep 08, 2006 7:12 am

Re: projectip.com

Don,

As interesting as it is that the site captures your clipboard, it is only the last entry.  Even if you were to copy a password, it would be rather useless since the password could be for just about anything.  There is not enough information captured about me to determine what my username is or for what that password is for.  Now if a malicious forum host was to embed that code on a page displayed after a login, then yes, that password would come in handy because as most people know, people are lazy when it comes to re-using usernames and passwords.

Doug
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Sun Oct 01, 2006 11:31 am

Re: projectip.com

Clipboard Hack - How to protect yourself.

The Clipboard hack is generally done by the following Source Code:

  Code:
<Script Language="JavaScript">
var content = clipboardData.getData("Text");
alert(content);
</Script>


Clipboard Hack - How to protect yourself.
To avoid Clipboard Hack Problem, do the following:

  1. Go to internet options->security
  2. Press custom level
  3. In the security settings, select disable under Allow paste operations via script.

Now the contents of your clipboard are safe. :)

Regards,

Morpheus
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

LSOChris

Post Sun Oct 01, 2006 2:43 pm

Re: projectip.com

sweet, always worried about someone getting my private cut/paste info...


oh wait, i am on linux and dont have to worry about the windows bug of the day...
Last edited by LSOChris on Sun Oct 01, 2006 2:45 pm, edited 1 time in total.

Return to Links to cool sites.

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software