Sigh, Even Copy And Paste Is Out To Get You
CTRL+Vulnerability
The fact that we can’t have nice things is not new, it’s just that there are more types of devices and components on the market to find flaws with. As Hackaday reminds us, the only reason that Windows NT was able to get the US Government’s Orange Book C2 security certification was by removing the floppy drive and never installing networking components! That doesn’t make it any less upsetting when new vulnerabilities are discovered by white hat security wonks such as Michal Benkowki.
He has posted a number of the vulnerabilities he has discovered and reported including a rather disturbing one involving how copy and paste now works. It seems that it is happy to copy more than just the text you were trying to grab, up to and including properly formatted JavaScript which could run after you paste it. Interestingly, a simply copy and paste can contain plain text, some HTML, and a special proprietary format if a site is set to feed that into a clipboard when you copy.
Web browsers do their best to prevent this, but are not always successful. If you are interested in how well your browser of choice does you can follow the link to the Copy and Paste Playground and find out for yourself.
The rest of the post covers fixed bugs in several major browsers and editor systems, including GMail and Google Docs. There is also some discussion of a few systems that remain nameless since the bugs have not yet been fixed.
More Tech News From Around The Web
- Get a free copy of The Witcher 3 on GOG if you own it elsewhere @ Rock, Paper, SHOTGUN
- Why one email app went to war with Apple—and why neither one is right @ Ars Technica
- Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode @ The Register
- Massive Spying on Users of Google’s Chrome Shows New Security Weakness @ Slashdot
- Zoom will offer proper end-to-end encryption to free vid-chat accounts – not just paid-up bods – once you verify your phone number… @ The Registe
- Dropbox is a Total Mess @ Slashdot
- A Medical Device Maker Threatens iFixit Over Ventilator Repair Project @ Slashdot
