Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    4 Star Lounger
    Join Date
    Jun 2001
    Location
    Sacramento, California, USA
    Posts
    491
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE - something to check!

    Amazing.

    I love this section - Much appreciated Alan.

    Thank you for the advice.

    Michael

  2. #2
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE - something to check!

    Just read this. Thanks, Alan. I've changed my settings. FWIW, Firefox & my old Netscape Communicator 4.75 did not paste the text. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: IE - something to check!

    Alan,
    Good find. I had mine set to "allow". I wonder if this is the default setting or not?
    This also applies to using, "right click-Copy". I tried this just to see if Ctrl+c was any different. Guess not.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: IE - something to check!

    I suspect that "Allow" is the default setting for "Allow paste operations via script", but it is interesting to note that on my XP Pro box Microsoft Baseline Security Analyser 2.0 reports that "Internet Explorer zones have secure settings for all users", and that "MBSA checks are based on the latest recommendations for a product or component."

    The writeup says that "on systems that have Internet Explorer Enhanced Security Configuration installed, the settings are checked against the default recommended levels for this configuration." This may mean that every single setting is not checked on Windows XP, because I note that only WIndows Server 2003 can have the "Internet Explorer Enhanced Security Configuration" update applied. The precise implications are not clear to me...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: IE - something to check!

    John,
    That does sound like a rather confusing statement in the writeup. So what IS the default setting (s)?
    I don't suppose there is a list ( God forbid ! ) of such a default group of settings? <img src=/S/confused.gif border=0 alt=confused width=15 height=20>
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: IE - something to check!

    As an example of the unintended consequences of disabling this feature, and the potential diagnostic benefits of setting the permission to Prompt, see this old post: Re: Using Outlook2K for HTML mail (2000 SR1a).

  7. #7
    3 Star Lounger
    Join Date
    Aug 2004
    Location
    Saco, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE - something to check!

    Another unintended consequence of disabling the pasting of scripts is that the Tiny URL Creator extension in Firefox gets broken. Enable it again, and the functionality comes back...

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: IE - something to check!

    A Firefox extension uses an IE feature? Wow, that's convoluted. <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

  9. #9
    3 Star Lounger
    Join Date
    Aug 2004
    Location
    Saco, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE - something to check!

    Yes, it surprised me too...

  10. #10
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE - something to check!

    Bob,
    This setting is enabled by default in all zones except Restricted Sites (medium or low, except for the high security level assigned to Restricted Sites).

    Setting Up Security Zones

    Didn't find anything new after 2001, ie XP SP2. Sometimes it's harder to find what you are looking after at MS site, than on the whole Internet. Hmm...

    Back in March 1999 there where news about a potential security issue within IE5 (in 1998 there was a clipboard issue with IE4); this clipboard/script thing (DHTML Editor Clipboard vulnerability). As I understand it MS response was that concerned users can change to "disable" or "prompt".

    For example look at:
    Fred's The LangaList 1999-03-28

    IE Security Issues 1996-2001

    How to Prevent Web Sites From Obtaining Access to the Contents of Your Windows Clipboard

    As I can not understand why a script, under any circumstances, should be allowed to access my clipboard cache I have had it disabled since I installed XP.

    Regards,
    Argus

  11. #11
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Salem, Oregon, USA
    Posts
    219
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE Security Issue - Exposing Clipboard Contents

    Ah, just as I was trying to discourage the KeyLoggers with my highlight, copy and paste ....
    Pat

  12. #12
    Silver Lounger
    Join Date
    Mar 2001
    Location
    Dallas, Texas, USA
    Posts
    1,680
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: IE Security Issue - Exposing Clipboard Contents

    Alan,

    I'm thrilled that I have followed your advice in regards to scripting security. I was looking about the Amazon site for an audio book and they attempted to steal information from my clipboard. I could not begin to imagine why. I'm just happy that I was prompted for permission...which I denied.

    Thanks so much,
    <img src=/S/cheers.gif border=0 alt=cheers width=30 height=16>
    - Ricky

  13. #13
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: IE Security Issue - Exposing Clipboard Content

    Some applications use the clipboard for icons or for their own data, so I wouldn't immediately assume it was a sign of theft. If you see the dialog again, try pasting somewhere else immediately after it pops up (e.g., into a Word document), so you can see what's there.

  14. #14
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: IE Security Issue - Exposing Clipboard Contents

    Tricky

    I'm glad your alert worked for you. Whilst I agree with Jefferson, that using the clipboard is not necessarily an indicator of malintent, I can't see why anything would actually need to use it. With a site like Amazon, clearly using some form of "generated" web pages, anything they want to include in their browser code, they could achieve through other means.

    What was the actual URL that triggered the alert? I'd be interested in seeing exactly why they are using the clipboard.

    Alan

  15. #15
    Silver Lounger
    Join Date
    Mar 2001
    Location
    Dallas, Texas, USA
    Posts
    1,680
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: IE Security Issue - Exposing Clipboard Contents

    The guilty URL is in my original screenshot but here's a shortcut that will get you right there.

    I highlighted the text in Jefferson's post and tapped Ctrl+C to copy it to the clipboard. Then went to the Amazon site noted above. Clicked once in the middle of the screen and I got the Clipboard Alert just like before. So I immediately opened MSWord and tapped CTRL+V to see what Amazon would've got...
    - Ricky

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •