Re: Clipboard insecurity

Fiji (jfay@STETSON.EDU)
Tue, 31 Mar 1998 00:27:35 -0500

It is also possible to paste passwd info on NT and Novell clients.

There have been a few occasions where users have typed in their passwd and
before hitting enter have decided to highlight and erase their passwd. I
can come along after these unscrupolous users and right click then paste
their passwd back again.

-Fiji
CIT Stetson University
Unix System Administrator

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a

mQCNAzOSFEwAAAEEAJ/dkb5cymjDsl51GVBiugJW263udNqxQr6R40tJGNF3yTZ2
idP4K9Pxw/1D2LQ/tOdSLJYGX6x9Y5KqJ4ZtdRVnh4pbaYVcbCwLDyWg+iy/mCpj
J2R5WMrVTsTdxA4g1nzYPg30IQhy7Ll4R3JhXa9lUm4j0pdM9RTsR6Z4DLQNAAUR
tBBmYXlqQHN0ZXRzb24uZWR1iQCVAwUQM5IUTBTsR6Z4DLQNAQHsMAP9F8kHBgc6
jrB0XJ4qUn1ihdigQjF0S3PqOOu1uk1kMWI7obB54ORT4b1Dw7BqUirBohJPn+ka
R89Ny0U95nZFX2WoQXDtRlqdVXAC9ZAoTpljiZpM7EtDWB4SXhsoXcb+1M7Lw5Un
14aq2b9YAUGryQy1ivkz8V9du4nUB/YkNLI=
=q7uq
-----END PGP PUBLIC KEY BLOCK-----

On Mon, 30 Mar 1998, Jim Credland wrote:

> Date: Mon, 30 Mar 1998 17:31:54 +0100
> From: Jim Credland <jim@DEMON.NET>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Clipboard insecurity
>
> I don't know if this has been mentioned before, it was certainly new to
> Microsoft when I mentioned it too them.
>
> If you lock your workstation it's still possible to paste the contents of the
> clipboard buffer into the "User name" prompt. Not terribly clever for hiding
> what you've been doing.
>
> Microsoft acknowledge the problem but made no promises about fixing it.
> Obvious workaround.
>
> --
> jim credland network security
> who can you trust? demon internet ltd
>