Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: tinyurl.com - Local Clipboard
From: gabriel rosenkoetter <gr () eclipsed net>
Date: Fri, 16 Mar 2007 19:14:25 -0400

On Thu, Mar 15, 2007 at 12:30:48PM -0500, Shaun wrote:
I took a quick look and it appears that they aren't trying to read the
clipboard, they're trying to write the generated tinyurl to it for the
folks who are too lazy to control-c it out of the page. Annoying to have
your clipboard contents clobbered, but not really a threat.

It didn't do anything in FF2.

Since I only use Windows, let alone IE, at Work (where I'm
invariably issued a Windows laptop whether I like it or not), and
I'm too lazy to dig out the work laptop at the moment, I'm not
checking this now, but I recall pretty clearly that this is a
behavior that tinyurl.com OPENLY ADVERTISES as being a "feature" of
using that site with IE under Windows (and nowhere else, because
no other browser and OS security model permits such silliness).

It's a security problem, but it's not indicative of any particular
threat on their part.

(Really, if the original poster wanted to bitch about evil intentions
at tinyurl.com, the obfuscation of affiliate links is a much better

gabriel rosenkoetter
gr () eclipsed net

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]