Flash clipboard hijack attack hijinks

August 20, 2008

Just posted on Slashdot. I mention it because I just noticed the same phenomenom myself the past two days while doing some ActionScript 3 programming in Flash. I tried copying text onto the clipboard, and while the app was running in a Firefox tab, it had control of the clipboard as long as I kept writing text to the clipboard. However, once the tab was closed (and this is true also for the evil.com example ref’d by the Slashdot piece). Any program can do this in Windows anyway. Adobe maybe should have a setting to allow end users to disable clipboard access by Flash.

I’ve been looking at integrating Flash viz libraries into Flex UIComponents, and thus into Flex. Adobe should have made this smoother.. BTW. UIComponent > flexSprite > Sprite. Have to dig through blogs and forums to figure it out satisfactorily.

Does Silverlight 2 allow for the same kind of attack? If you have access to the clipboard, and w/o looking it up, I am sure there is.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: