Clipboard Data Theft – Harden security setting in Internet Explorer

In and before Internet Explorer 6, the browser could actually let websites silently read the data stored in the Windows Clipboard. With Internet Explorer 7, Microsoft finally addressed this security hole which allowed malicious websites to read and steal your clipboard data.

Microsoft had posted ways on how to prevent it in KB224993. But that is now water under the bridge. As mentioned earlier, things changed after the release of Internet Explorer 7. Now, this theft is, in a way, “optional”.

By default, in Internet Explorer 11, if a website tries to steal your clipboard data, you will see the following Prompt.

Clipboard Data Theft

Do you want this webpage to access your Clipboard

To illustrate this issue, simply Copy any part of the text from this web page or anywhere else and visit this demo website.

Your Internet Explorer will throw up the prompt: Do you want this webpage to access your Clipboard? You should normally, of course, select Don’t allow.

But if you do select Allow access, you will see your clipboard data displayed there.

The text which you last copied for pasting can be easily stolen by malicious websites using a combination of JavaScript and ASP or PHP or CGI, to write your possible sensitive data to a database on another server.

Clipboard Data Theft – Harden IE Security

To avoid the prompt, and directly prevent websites access to your Clipboard data, you can harden IE security as follows:

Open Internet Explorer > Internet Options > Security tab > Custom Level button > Security Settings > Under Scripting > Allow Programmatic clipboard access.

clipboard-access-ie

Select Disable, instead of the default Prompt. Click Apply > OK.

The default is Prompt, so a Prompt is expected to be thrown at you. But if you want to be absolutely safe, you may Disable it and simply disallow clipboard access. This will ensure the safety of your clipboards contents, always, as there will be a not question of your even pressing on the wrong – Allow access – button, by mistake.

You may also like to check out some good free password manager like freeware KeePass. Keepass provides an option to clear the clipboard after a user-specified number of seconds, as well as an enhanced mode that allows copy pasting only one time. Else you can clear clipboard memory manually, as and when you need to.

Now readWhat is Pastejacking.

Posted by on , in Category General with Tags
Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP Awardee in Windows (2006-16) & a Windows Insider MVP. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Leave a Reply

Your email address will not be published. Required fields are marked *


5 + 1 =