this post was submitted on 14 Sep 2024
1623 points (99.1% liked)

Technology

58138 readers
6085 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
1623
Be careful. (feddit.org)
submitted 5 days ago by 101@feddit.org to c/technology@lemmy.world
178 comments fedilink hide all child comments
 

Source.

you are viewing a single comment's thread
view the rest of the comments
[–] SkaveRat@discuss.tchncs.de 174 points 5 days ago (11 children)

not when there was a user intent like clicking a button.

For example in this screenshot, it's likely that there's only the "verify I'm human" button first, you click it, the steps pop up, and at the same time the command ist copied into your clipboard

[–] lando55@lemmy.world 21 points 5 days ago* (last edited 5 days ago) (8 children)

Why isn't the default behavior for browsers to not allow access to the clipboard? Similar to how it prompts you for access to camera/microphone

Edit: On a per-site basis, like if you use the Zoom website it asks you for access to the webcam, would something like this work for clipboard as well or would it break stuff?

[–] schnurrito@discuss.tchncs.de 27 points 5 days ago* (last edited 5 days ago) (1 children)

There is no inherent security problem with changing the content of the clipboard. That doesn't do anything until the user pastes it somewhere; of course if that "somewhere" is a command prompt, then that is a security problem, but users really ought to check what they're pasting there before they execute it (yeah, I know, "ought to").

It would be possible to do it the way you say, but that would mean that the user would need to allow that for many websites; I don't think copying from apps like Google Docs would work anymore, and "here's your access token, click here to copy it to the clipboard" features certainly wouldn't.

The screenshot in the OP would then probably be changed to include a step "click: allow clipboard access"; I think most people who fall for the screenshot in the OP would also fall for that.

[–] MeatsOfRage@lemmy.world 6 points 5 days ago

Exactly. Furthermore they'd probably just include it in those instructions "Step 1: when the box pops up with clipboard press allow"

load more comments (6 replies)
load more comments (8 replies)