HOW-TO: Plug the Clipboard Security Hole

Do you find copy and paste to be a very handy tool? If yes, I share the same exact sentiment. But what if the clipboard (the limbo where the copied text goes to) is compromised by your browser? That very handy tool now becomes an annoyance rather than a useful utility, isnt it?

It is a very true fact that the text you stored in the clipboard (for copy and paste) can be stolen. Some experts call this the "clipboard hack". Websites can use a combination of javascript and ASP to send possibly sensitive data in the clipboard to another site or via email. The question then is: Is there a workaround to this? How is it done?

The answer to the question above is a definite "YES!". Read on as this post will discuss one of the many ways to safeguard yourself and plug the clipboard security hole.

Luckily the security hole exists only in the Internet Explorer (IE) browser (the hole also exists in Netscape but the browser seems to have been discontinued). However, IE happens to be used more than any other browser, and worse, the hole exists by default.

Plug the hole. In order to plug the hole, open a new instance of IE. From the menu bar, click on "Tools" and select "Internet Options"..

Doing so will open another window similar to the one below..

Open the Security tab..

Click on Custom Level and scroll down to "Scripting". Modify settings for "Allow paste operation via script" from Enable to Disable.

A warning pop-up window will immediately open after changing the security settings for this zone. Accept by clicking on the "Yes" button.

It is imperative to the same for the "Restricted Sites" zone. Nevertheless, if paranoia tells you to modify the other zones, do so.

IE needs to be restarted for the security change to take effect. The clipboard is now safe after the change.

You might also be interested in:


We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This