The Windows Club

Clipboard Data Theft – Harden security setting in Internet Explorer

In and prior to Internet Explorer 6, the browser could actually let websites silently read the data stored in the Windows Clipboard. With Internet Explorer 7, Microsoft finally addressed this security hole which allowed malicious websites to read and steal your clipboard data.

Microsoft had posted ways on how to prevent it in KB224993. But that is now water under the bridge. As mentioned earlier, things changed after the release of Internet Explorer 7. Now this theft is, in a way, “optional”.

By default, in Internet Explorer 11, if a website tries to steal your clipboard data, you will see the following Prompt.

To illustrate this issue, simply Copy any part of the text from this web page or anywhere else and visit this demo website.

Your Internet Explorer will throw up the prompt: Do you want this webpage to access your Clipboard? You should normally, of course, select Don’t allow.

But if you do select Allow access, you will actually see your clipboard data displayed there.

The text which you last copied for pasting can be easily stolen by malicious websites using a combination of JavaScript and ASP or PHP or CGI, to write your possible sensitive data to a database on another server.

Clipboard Data Theft – Harden IE Security

To avoid the prompt, and directly prevent websites access to your Clipboard data, you can harden IE security as follows:

Open Internet Explorer > Internet Options > Security tab > Custom Level button > Security Settings > Under Scripting > Allow Programmatic clipboard access.

Select Disable, instead of the default Prompt. Click Apply > OK.

The default is Prompt so a Prompt is expected to be thrown at you. But if you want to be absolutely safe, you may Disable it and simply disallow clipboard access. This will ensure the safety of your clipboards contents, always, as there will be a not question of your even pressing on the wrong – Allow access – button, by mistake.

You may also like to check out some good free password manager like freeware KeepPass. KeepPass provides an option to clear the clipboard after a user-specified number of seconds, as well as an enhanced mode that allows copy pasting only one time. Else you can clear clipboard memory manually, as and when you need to.

Now readWhat is Pastejacking.