hi!! here is a major security threat in IE. Using jes a line of javascript or vbscript, u can retrieve text from clipboard. And using technology such as AJAX, it is possible to send it to the server without page refresh i.e. user willnt know that some communication has happened between his sys & the server. 1 e.g. where AJAX is used is wen u sign up for a new mail account at gmail or yahoo. It gives u a button to check whether the user id u selected is available or not & the result is almost instantaneous without the whole page refreshing.

Btw, i read abt this somewhere around 2 weeks ago, but i understood the threat & its severeness when i was reading Sudar’s blog yesterday. Thanks 2 u sudar!!

Click on the links to get more information, a demo and a possible(not fool-proof) way to get rid of this problem.

1 more thing, this problem occurs only in internet explorer and i feel its mainly because of the extensive support of activeX controls. if u have some thoughts 2 share, dont hesitate to post a comment.

8 Responses to “Security threat in Internet Explorer”

  1. Sudar Says:

    Simple Solution. Just dump IE and start using Firefox.

    Hmm I am waiting for Yuvi to comment on this 😉

  2. Aswin Anand T.H. Says:

    U r right. most of the times, i prefer to use opera bcos its very fast even in dialup & for websites that dont render correctly in opera, i use firefox.

    PS: the only thing i liked about IE is the way it displays contents.

  3. Yuvi Panda Says:

    Or, I fancy, Don’t keep anything soooooooooooooooooooooooooooooooooooooooooooooo important in your Clipboard;)

    And, ofcourse, ditch IE and go to Avant;)

  4. Aswin Anand T.H. Says:

    hi yuvi, i use a combination of opera and IE. If opera doesn’t render things well, i switch to IE. This combination has served well for a long time. :-)

  5. Yuvi Says:

    Try to use Firefox, the best solution or else try to install internet security softwares. This might desparetly safeguard you pc.

  6. Aswin Anand T.H. Says:

    am using opera 😀

  7. Sriram Says:

    This depends on your settings- change this in the Security tab in the Internet options.

    Out of curiosity – how is this related to ActiveX in any way?

  8. Aswin Anand T.H. Says:

    @sriram:
    Yup! I changed that long ago.

    IE by default supports ActiveX controls and allows the controls to access HDD and clipboard. This doesn’t happen in any other browser. I found a sample activex code that restarts your comp from the browser.