Browsing the internet with Internet Explorer can expose your Windows clipboard if the appropriate IE setting is not disabled or set to force a prompt before allowing paste operations via script.
This had originally been reported and demonstrated on but it seems to be offline or delisted now. Here is the news article about it:
In case you didn't know, the IE viewer does expose his Windows clipboard to the worldwideweb when he goes browsing if his setting for that in Internet Explorer is enabled. It defaults to "Enable" for all security levels except High in which it is disabled. There is a thrid setting "Prompt" but in all cases this must be set manually by the computer user. All who browse the Internet ought to make sure to set it to "Prompt" if they have a lower security level set.
Here is an example of someone who is reading and/or changing the clipboard via IE without any upfront notification to the viewer of the page. First, before going there, be sure to set your IE Tools, Internet Options, Security tab, Custom Level button, Scripting, Allow paste operations via script, to "Prompt" or your clipboard contents may be read and changed without your knowledge. This link is to eBay where you can look at any of this seller's auctions and get the prompt "Do you want to allow this page to paste information from your clipboard? [Yes][No]". Strangely, this is apparently not a new user, as this seller seems to have over 7000 "satisfied" customers. If so, then he must have had literally tens of thousands viewing his auction pages. I tried looking at eBay's rules about proper conduct, but it was so confusing to read that I'm not sure if they prohibit this behavior or not.
What happens if I click on "Yes"? My clipboard is cleared and changed to a space! Was my clipboard read? Probably so, but since the user blocks the mouse' right-click, I cannot see the page's source code. I know there are ways to get around that, but I couldn't.
(Read entire post before clicking here!)
This behavior is as described up through today 7/27, but if it really is a no-no on eBay, then you may find it removed or fixed later on if eBay takes action or the seller stops.
Microsoft made this option with 3 settings, Disabled, Prompt and Enabled. If you set it to the highest security setting, it is Disabled, but in all other security settings it is Enabled. Why didn't MS set the medium or intermediate level security profiles to Prompt?
Let the browser beware...
This had originally been reported and demonstrated on but it seems to be offline or delisted now. Here is the news article about it:
In case you didn't know, the IE viewer does expose his Windows clipboard to the worldwideweb when he goes browsing if his setting for that in Internet Explorer is enabled. It defaults to "Enable" for all security levels except High in which it is disabled. There is a thrid setting "Prompt" but in all cases this must be set manually by the computer user. All who browse the Internet ought to make sure to set it to "Prompt" if they have a lower security level set.
Here is an example of someone who is reading and/or changing the clipboard via IE without any upfront notification to the viewer of the page. First, before going there, be sure to set your IE Tools, Internet Options, Security tab, Custom Level button, Scripting, Allow paste operations via script, to "Prompt" or your clipboard contents may be read and changed without your knowledge. This link is to eBay where you can look at any of this seller's auctions and get the prompt "Do you want to allow this page to paste information from your clipboard? [Yes][No]". Strangely, this is apparently not a new user, as this seller seems to have over 7000 "satisfied" customers. If so, then he must have had literally tens of thousands viewing his auction pages. I tried looking at eBay's rules about proper conduct, but it was so confusing to read that I'm not sure if they prohibit this behavior or not.
What happens if I click on "Yes"? My clipboard is cleared and changed to a space! Was my clipboard read? Probably so, but since the user blocks the mouse' right-click, I cannot see the page's source code. I know there are ways to get around that, but I couldn't.
(Read entire post before clicking here!)
This behavior is as described up through today 7/27, but if it really is a no-no on eBay, then you may find it removed or fixed later on if eBay takes action or the seller stops.
Microsoft made this option with 3 settings, Disabled, Prompt and Enabled. If you set it to the highest security setting, it is Disabled, but in all other security settings it is Enabled. Why didn't MS set the medium or intermediate level security profiles to Prompt?
Let the browser beware...