Full Disclosure mailing list archives
Re: tinyurl.com - Local Clipboard
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Fri, 16 Mar 2007 19:14:25 -0400
On Thu, Mar 15, 2007 at 12:30:48PM -0500, Shaun wrote:
I took a quick look and it appears that they aren't trying to read the clipboard, they're trying to write the generated tinyurl to it for the folks who are too lazy to control-c it out of the page. Annoying to have your clipboard contents clobbered, but not really a threat. It didn't do anything in FF2.
Since I only use Windows, let alone IE, at Work (where I'm invariably issued a Windows laptop whether I like it or not), and I'm too lazy to dig out the work laptop at the moment, I'm not checking this now, but I recall pretty clearly that this is a behavior that tinyurl.com OPENLY ADVERTISES as being a "feature" of using that site with IE under Windows (and nowhere else, because no other browser and OS security model permits such silliness). It's a security problem, but it's not indicative of any particular threat on their part. (Really, if the original poster wanted to bitch about evil intentions at tinyurl.com, the obfuscation of affiliate links is a much better target...) -- gabriel rosenkoetter gr () eclipsed net
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- tinyurl.com - Local Clipboard jay.tomas (Mar 15)
- Re: tinyurl.com - Local Clipboard Shaun (Mar 15)
- Re: tinyurl.com - Local Clipboard gabriel rosenkoetter (Mar 16)
- <Possible follow-ups>
- Re: tinyurl.com - Local Clipboard jay.tomas (Mar 15)
- Re: tinyurl.com - Local Clipboard Debasis Mohanty (Mar 15)
- Re: tinyurl.com - Local Clipboard Rod Trent (Mar 15)
- Re: tinyurl.com - Local Clipboard Debasis Mohanty (Mar 15)
- Re: tinyurl.com - Local Clipboard Debasis Mohanty (Mar 15)
- Re: tinyurl.com - Local Clipboard Shaun (Mar 15)