Re: tinyurl.com - Local Clipboard

[gabriel rosenkoetter <gr () eclipsed net>]

On Thu, Mar 15, 2007 at 12:30:48PM -0500, Shaun wrote:
> I took a quick look and it appears that they aren't trying to read the
> clipboard, they're trying to write the generated tinyurl to it for the
> folks who are too lazy to control-c it out of the page. Annoying to have
> your clipboard contents clobbered, but not really a threat.
>
> It didn't do anything in FF2.

Since I only use Windows, let alone IE, at Work (where I'm
invariably issued a Windows laptop whether I like it or not), and
I'm too lazy to dig out the work laptop at the moment, I'm not
checking this now, but I recall pretty clearly that this is a
behavior that tinyurl.com OPENLY ADVERTISES as being a "feature" of
using that site with IE under Windows (and nowhere else, because
no other browser and OS security model permits such silliness).

It's a security problem, but it's not indicative of any particular
threat on their part.

(Really, if the original poster wanted to bitch about evil intentions
at tinyurl.com, the obfuscation of affiliate links is a much better
target...)

-- 
gabriel rosenkoetter
gr () eclipsed net

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/