On Thu, Mar 15, 2007 at 12:30:48PM -0500, Shaun wrote: > I took a quick look and it appears that they aren't trying to read the > clipboard, they're trying to write the generated tinyurl to it for the > folks who are too lazy to control-c it out of the page. Annoying to have > your clipboard contents clobbered, but not really a threat. > > It didn't do anything in FF2. Since I only use Windows, let alone IE, at Work (where I'm invariably issued a Windows laptop whether I like it or not), and I'm too lazy to dig out the work laptop at the moment, I'm not checking this now, but I recall pretty clearly that this is a behavior that tinyurl.com OPENLY ADVERTISES as being a "feature" of using that site with IE under Windows (and nowhere else, because no other browser and OS security model permits such silliness). It's a security problem, but it's not indicative of any particular threat on their part. (Really, if the original poster wanted to bitch about evil intentions at tinyurl.com, the obfuscation of affiliate links is a much better target...) -- gabriel rosenkoetter gr@xxxxxxxxxxxx
Attachment:
pgpVev1IS9hYE.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/