emoticons wrote on January 4, 2022 at 2:20 PM

It isn't unusual for novice and skilled developers alike to copy commonly used commands from a webpage (ahem, StackOverflow) and paste them into their applications, a Windows command prompt or a Linux terminal.

yay plagiarism~

What happens afterward is a JavaScript 'event listener' capturing the copy event and replacing the clipboard data with Friedlander's malicious test code:

idk is There is way for disabled the copy event on JavaScript with fire fox?

A Reddit user also presented an alternative example of this trick that requires no JavaScript: invisible text made with HTML and CSS styling that gets copied onto your clipboard when you copy the visible portions of text:

"The problem is not just that the website can change your clipboard contents using JavaScript," explains the user, SwallowYourDreams.

"It could also just hide commands in the HTML that are invisible to the human eye, but will be copied by the computer."

This is cool, can also do it in no JavaScript :3

Zerush OP wrote on January 4, 2022 at 3:28 PM

Anything you copy can carry anything, even if it's just a simple photo. Easy to check if you open the browser's dev panel and look at what is actually selected to copy. This possibility is used by various means, not to introduce malware, but to protect copyrighted content. It is not the first time that I copy a paragraph of an article to cite it in a post and when I paste it, not only this paragraph appears, but also the author and a link to the page where it was copied. In the same way it could also have been some malicious code. You always have to be careful on the net.

TheNerdyAnarchist wrote on January 4, 2022 at 6:02 PM

This is why I use text only browsers (w3m) and web-to-gemini proxies when I can, and locked down Firefox forks (Librewolf & Tor Browser) when I can't

Zerush OP wrote on January 4, 2022 at 6:16 PM

Nor with this, apart this only restrikt yourself like going on vacation to another country on foot, because going by car or bicycle is too risky.. Is simply taking care of this. Tdext browser like Lynx and others are great for some tasks, but for a normal use are only for masoquists.

TheNerdyAnarchist wrote on January 4, 2022 at 6:35 PM

That's where the web-to-gemini proxies end up being so handy. It's really good for reading news articles, etc...

Example: I use newsboat for my RSS feeds - for the few feeds that don't display the full article, I copy the URL, and paste it into a proxy in Lagrange or Amfora (gemini browsers) and get a nice, neat, text only article with no images, ads, javascript, etc.

Zerush OP wrote on January 4, 2022 at 7:44 PM

Agree, (I use the Vivaldi feed reader). I think that the best security app is the common sense of the user, software only can help. I use the Internet massively (more than 1000-1200 pages/month) almost since the beginning of the Internet and only one time, long time ago as newbee I had problems with ad/malware, but i learn fast from the errors. Everyone has his systems to stay on the safe side, it is important to be aware of the risk and act accordingly. In the network it is convenient not to trust even your own shadow.

Dont copy-paste commands from webpages, you can get hacked

Comments